Don’t Use Production Data In Your Test Environment: The Impact Of Leaked Test Credentials

To deliver technology products and services, companies use multiple technology environments so that changes, updates, and testing can be completed in a controlled way without interrupting customer experience. This is a best practice ...

Read more →

The Pitfalls Of Leaked Administrative Passwords

The most well-known type of system credential is the administrative, or root password. These types of accounts are “administrators,” meaning they usually have total access to whatever system they are for. Administrator accounts are used by ...

Read more →

Vendor Risk: The Impact Of Data Breaches By Your Third-Party Vendors

UpGuard’s researchers regularly uncover and report on corporate data breaches. We often find that the breach is not directly caused by the company, but by one of their third-party vendors. This series of posts is about a less-understood ...

Read more →

What is Fourth Party Risk?

Every company outsources parts of its operations to multiple suppliers. Those suppliers, in turn, outsource their operations to other suppliers. This is fourth party risk. The risk to your company posed by suppliers' suppliers. Confusing, ...

Read more →

Inside the Security Ratings for the Riskiest Government Contractors

The government of the Unites States of America is perhaps the largest target on Earth for cyber attacks. The US has plenty of enemies, a track record of perpetrating cyber warfare and espionage (even upon its allies), numerous recent ...

Read more →

How Trade Secrets Can Be Abused By An Attacker After A Data Breach

Read more →

Data Exposure Types: System Information

There are many different kinds of sensitive data that can be exposed, each with its own particular exploits and consequences. This article will focus on what we have categorized as “systems information,” data that describes digital ...

Read more →

The Dangers of Publicly Writable Storage

During the course of UpGuard’s cyber risk research, we uncover many assets that are publicly readable: cloud storage, file synchronization services, code repositories, and more. Most data exposures occur because of publicly readable ...

Read more →

DevOps and Integrity at FinDEVr San Francisco

Technology conference season is in full swing, with so many events going on that even large ones like PuppetConf and Amazon Re:Invent have been forced to overlap. While part of the UpGuard team traveled to Las Vegas, two of us stayed in ...

Read more →

Why Do Cloud Leaks Matter?

Introduction Previously we introduced the concept of cloud leaks, and then examined how they happen. Now we’ll take a look at why they matter. To understand the consequences of cloud leaks for the organizations involved, we should first ...

Read more →

Can Fast Food be Bad For Cybersecurity?

No, we aren't talking about your burger-inhaling operator passing out on the job, leaving your precious IT assets unattended. You've probably guessed that we're referring to the latest Wendy's data breach announcement: on June 9th, ...

Read more →

Systema Systems' Data Exposure and Cloud Security For The Insurance Industry

The insurance industry has been consistently targeted for cyber attacks as of late, for good reason: sensitive data is at the heart of every process—from handling health insurance claims to archiving medical histories. And because medical ...

Read more →

UpGuard Tasks: a Lightweight Tracking System for Ops

It's not pleasant to think about, but the fact is that when we go to work we are expected to do things. But what are the things that need doing? If we can answer that question without hours of meetings or dozens of emails we can finish our ...

Read more →

BitSight Alternative for Managing Cyber Risk

If you’re involved in IT risk or security, you’ve probably encountered BitSight. It is one of a wave of promised solutions to a growing problem: how to manage the risks posed by your IT vendors in the cloud.

Read more →

Cyber Risk Product Update: May 2018

It's been a busy month for the CyberRisk product team! We're proud of this release, and can't wait to share the details with you. All these new features are immediately available to CyberRisk customers.

Read more →

BreachSight: an Engine for Securing Data Leaks

When we began building a Cyber Risk Research team at UpGuard, we knew there were unavoidable risks. We would be finding and publishing reports on sensitive, exposed data in order to stanch the flow of such private information onto the ...

Read more →

Vendor Risk: The Hidden Challenge of GDPR Compliance

The European Union’s GDPR regulations go into effect in May of this year. In essence, GDPR is a strict data privacy code that holds companies responsible for securing the data they store and process. Although GDPR was approved in April ...

Read more →

Vendor Risk Management With Portfolios

One of the challenges of managing third-party risk is effectively managing large portfolios of vendors. Your business may have hundreds, even thousands of vendors, each used differently and presenting different kinds of information ...

Read more →

The Best Way to Measure Cyber Risk

Information technology has changed the way people do business. For better, it has brought speed, scale, and functionality to all aspects of commerce and communication. For worse, it has brought the risks of data exposure, breach, and ...

Read more →

How UpGuard Monitors Linux Systems for Meltdown and Spectre

Meltdown/Spectre Overview Meltdown and Spectre are critical vulnerabilities affecting a large swathe of processors: “effectively every [Intel] processor since 1995 (except Intel Itanium and Intel Atom before 2013),” as meltdownattack.com ...

Read more →