Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SecurityScorecard is actively engaged to ensure our Security ratings align with the Principles for Fair & Accurate Security Ratings, published by the US Chamber of Commerce. As part of this effort we strive to educate the cybersecurity community on how our products align with these important principles. This article is a continuation of a series of articles that describe how SecurityScorecard meets specific security rating principles as recommended by the US Chamber of Commerce.

North Korea’s Lazarus Group is evolving its tactics again. The latest campaign, dubbed Operation Marstech Mayhem, introduces an advanced implant named “Marstech1.” This malware is designed to compromise software developers and cryptocurrency wallets through manipulated open-source repositories. Unlike previous Lazarus operations, this campaign employs obfuscation techniques that make detection significantly harder. Read the full report here.

Supply chain security is no longer just an IT issue, it’s a critical business concern. As recent high-profile breaches like the MOVEit vulnerability have shown, a single vulnerability in a vendor’s system can have a cascading effect, disrupting operations and damaging reputations across the entire supply chain. This shift in the threat landscape demands a new approach to cybersecurity that prioritizes collaboration, resilience, and a proactive defense strategy.

When you work with third parties, their risk is your risk. Common risks associated with vendors include everything from compliance risk to operational risk to financial and reputational loss. Vendor risk assessments can help your organization narrow down who to trust, and help you identify the level of risk you are taking on with your vendors.

In a hyper-connected world, security breaches continue to increase in size and scope. Cybersecurity threats come in various forms, from social engineering to database vulnerability exploitation. With that in mind, potential damages caused by these data breaches are more likely than ever, regardless of an organization’s size. To bolster your cybersecurity posture, you should put together a data breach response plan as a way to prepare your organization.

DeepSeek’s rapid ascent in the AI space has made it impossible to ignore. Its sophisticated models and AI assistant have captured global attention. And, while headlines focus on DeepSeek’s capabilities, STRIKE research exposes critical security flaws, hidden data flows, and unanswered questions about who has access to the data and why.

In December 2024, a routine software update concealed a global threat. Attackers from the Lazarus Group, based in North Korea, infiltrated trusted development tools, compromising hundreds of victims worldwide. This sophisticated campaign, code-named “Phantom Circuit,” targeted cryptocurrency and technology developers, employing advanced obfuscation techniques through proxy servers in Hasan, Russia.

Organizations rely heavily on external vendors and suppliers, creating complex supply chains vital for operations. However, this introduces a new dimension of risk: supply chain attacks.

In the realm of cybersecurity, ensuring the authenticity and integrity of transactions or communications is paramount. Non-repudiation, a principle that prevents individuals or entities from denying their actions, is a cornerstone of this assurance. This blog post delves into the best practices and techniques for integrating non-repudiation into your security strategy, safeguarding your digital interactions against disputes and fraud.

The threat landscape refers to the evolving environment of cyber threats, attack methods, and attack vectors targeting organizations, governments, and individuals. Shaped by threat actors like hackers, nation-states, and criminal groups, it has grown increasingly complex with the rise of cloud computing, IoT devices, and interconnected supply chains. These changes have expanded attack surfaces, offering adversaries more opportunities to exploit vulnerabilities.