Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SecurityScorecard

Security Insights on the Low-Code / No-Code Attack Vector

Sep 7, 2022 By Mike Wilkes In SecurityScorecard

The August 4th compromise of Twilio via a targeted smishing attack has been a topic of wide concern and discussion on social media. My first thoughts on hearing of the attack were to virtually “pat myself down” with regard to exposure risk. Kind of like that feeling when you’re not sure if your car keys or wallet are in your pocket a few blocks after walking away from your parking space. Is my company affected by the breach? Did we receive a notification email from them?

Read Post
SecurityScorecard

TTPs Associated With a New Version of the BlackCat Ransomware

Sep 6, 2022 By Vlad Pasca In SecurityScorecard

The BlackCat/ALPHV ransomware is a complex threat written in Rust that appeared in November 2021. In this post, we describe a real engagement that we recently handled by giving details about the tools, techniques, and procedures (TTPs) used by this threat actor. Firstly, the attacker targeted an unpatched Microsoft Exchange server and successfully dropped webshells on the machine.

Read Post

Should You Worry About Ransomware Attacks?

Aug 29, 2022 By SecurityScorecard In SecurityScorecard
Over $800,000 - that’s the cost of the average ransomware payout last year. 66% of mid-sized organizations and about 37% of global organizations got hit. (Sources cited below) Attackers have developed new techniques that a lot of companies aren’t aware of or prepared for. For example, the demand for ransomware as a service has hugely increased, resulting in many more organizations being hacked every day.
View Video

CISOs Need to Speak the Language of Board Members

Aug 17, 2022 By SecurityScorecard In SecurityScorecard
"I understand the pitfalls of cyber security, but my boss just won't support me with the budget I need.” Does this sound familiar to you as a CISO? I have 3 pieces of advice for you: Speak their language I like to say that CISOs are from Mars, while CEOs and board members are from Venus. It’s because they don't speak the same language. You might go to your board and say, “I installed Akamai Prolexic.1.4.4.3.1./24 subnet to mitigate an SYN flood attack.”
View Video

Managing Work-Life Balance as a Founder

Aug 15, 2022 By SecurityScorecard In SecurityScorecard
Here are 3 tips for founders and CEOs to have a work-life balance: As a founder/CEO, there are always 500 more things you could do at the end of the day, the next day, and the day thereafter. So you’ve to ask questions like:“What can I do that will deliver 10x results?”“What can I do to move the needle the most?”“What areas will the results be the same unless I get involved?” Before each day starts, I ask myself, “What are the top few things I need to accomplish?”
View Video
SecurityScorecard

4 Ways Using SecurityScorecard Can Help You Monitor Vendor Risk

Aug 12, 2022 By SecurityScorecard In SecurityScorecard

According to a Gartner report, 60 percent of organizations work with more than 1,000 third parties that connect to their internal systems, and nearly 58 percent of organizations believe they have incurred a vendor-related breach. Many third parties require more access to organization data assets and are increasingly working with their own third parties, further multiplying the size and complexity of the third-party network.

Read Post
SecurityScorecard

The Increase in Ransomware Attacks on Local Governments - What Makes Public Sector Organizations Vulnerable to Ransomware?

Aug 10, 2022 By Dr. Robert Ames In SecurityScorecard

In Spring 2022, Lincoln College announced that it would permanently close on May 13 and noted that a December 2021 ransomware attack had contributed to its closure.

Read Post

Assessing Cybersecurity in M&A Diligence

Aug 10, 2022 By SecurityScorecard In SecurityScorecard
Here’s why you should check a company’s overall cyber security health before acquiring it: You could be doing a great job protecting your company. But then, if you merge with a business with holes and attackers are already inside it, their problem becomes your problem. So you need to build a rigorous methodology and a playbook to assess the security of your target during the M&A diligence. Here’s how you can do it.
View Video
SecurityScorecard

Don't Hack the Computer - Hack the Person! Recently Observed Social Engineering Attacks

Aug 8, 2022 By Alexander Heid In SecurityScorecard

When most people think about the origin of a cyberattack, the image is that of a hacker using some kind of exploit against software or hardware in order to gain unauthorized access to systems. The hacker is seeking data to exfiltrate and monetize, either through re-sale on the darknet or extortion through ransomware.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.