What is Incidents & News?

UpGuard can help you stay on top of important security trends and news related your vendors with our security news feed.

Greg Pollock avatar
Written by Greg Pollock
Updated over a week ago

As you evaluate your cybersecurity risks, you'll want to stay up-to-date with news and trends for your industry. With UpGuard's Incidents & News feed, you can evaluate your risk related to publicly disclosed security incidents like data breaches, ransomware attacks, and data exposures. The Incidents & News feed is a chronological feed that you can filter and search for news that is most relevant to your organization's security needs.

There are four options for accessing information in Incidents & News:

  • Showing all provides all updates in one feed.

  • Incidents filters the feed to only posts within the incidents category, which includes security incidents like publicly reported data breaches and ransomware attacks, outages due to adversarial actions, and natural disasters that impact service availability.

  • News filters the feed to only posts within the news category, such as mergers, acquisitions, divestitures, and regulatory actions.

  • You and your vendors filters the feed to only posts that impact your organization and vendors that you are monitoring in UpGuard.

Screencapture of the Incident and News header with the tabs for each of the four ways to view the feed.

Reading the Incidents & News feed

Individual items within the feed include a date of publication, severity, the impacted company, a brief summary, and tags to categorize the items. Where applicable, the summary may identify other companies involved. Clicking on an update will open an article with additional information, such as the date of the incident, what kind of data was exposed, the number of records impacted, threat actors, and sources for each incident.

When multiple companies are impacted by a breach, they will be linked as related companies. These relationships are used to model cases like the Solarwinds or MOVEit breaches, where intrusion at one company is known to have resulted in data loss for other companies. You can click through to view any company's summary page in Vendor Risk to start monitoring that vendor. Incidents that impact multiple companies may be relevant to future security assessments due to regulatory enforcement actions that an organization will take after being impacted.

Screencapture of a post for the MOVEit breach in 2023

Severity is assessed relative to the impact for the company and entities that may have shared data with it, which will inform a vendor risk management program. For example, a complete breach of data at a small law firm that your company uses would be of major concern to you, while its significance to other organizations may be minimal. Alternatively, a massive collection of data scraped from Facebook would be considered headline news but likely requires no incident response from your company, so it would be considered a lower severity incident relative to your organization.

You can access all of these details within the Incidents & News feed and find additional information within individual updates.

Filtering the Incidents & News feed

You can filter your feed from any of the tabs with the Filtered option.

Screencapture of the Incidents and News heading with the filter option circled

Clicking the Filtered button will load a panel where you can provide your filtering options. You can search by companies impacted, known threat actors, what kind of data was exposed, and what tags UpGuard has applied to categorize incidents. By default, the feed will load updates from the last year, but you can set custom time parameters for your feed as well.

Note: Setting these filters will persist while you are using the UpGuard platform. If you close the app, the filters will reset to their default state.

What are "Dark Web" posts in Incidents & News?

Posts within Incidents & News are classified as Incidents or News. Posts are further classified by severity and tagged with additional context. Posts that are classified with the Dark Web tag and severity type include information that has been collected from sites affiliated with malicious actors.

Posts regarding dark web disclosures are presented in Incidents & News for informational purposes. These posts include the company involved and a summary of relevant information about the announcement. The original text of these posts may be edited to omit language not relevant to analysis of the potential impact.

While UpGuard does consider these disclosures a legitimate source, there may be information that has not been confirmed, that may be misleading, and that may be false. Because the sources in the dark web category are inherently untrustworthy, the scope is limited to ransomware groups that have demonstrated they pose a credible threat. While past performance is not indicative of future results, these are threat actors whose breach announcements provide salient information widely used by information security practitioners. Links to the original posts are included so that security professionals can conduct their own analysis and independently determine the credibility of the information. These links require no credentials or transactions to access the information.

Pairing Incidents & News with Identity Breaches

You can use Incidents & News to complement BreachSight Identity Breaches. Publicly disclosed breaches provide important context for risk assessments with vendors, such as actions that organizations may take after being impacted by a breach.

Not every breach impacts your organization, nor does UpGuard have access to the details of every breach. If your organization is not impacted or exposed credentials for your organization have not been identified in a breach, then information for those breaches will be accessible via Incidents & News rather than Identity Breaches.

When your organization's users are impacted by a third-party data breach, UpGuard will notify you within the Identity Breaches module. Breach data includes when it happened, which employees were impacted, and what kind of data was exposed. You can notify employees about their leaked data directly from the Identity Breaches module.

Using Data Leaks to avoid incidents

UpGuard documents publicized breaches in the Incidents & News feed. We also offer separate, managed service Data Leaks to detect exposed information proactively so that your organization can prevent a leak from becoming a breach.

Further reading

To continue learning about the Identity Breaches module, read these articles next:

For more information on our Data Leaks offering, read these articles next:

To continue learning about exposures that can lead to breaches, read these articles:

You can also find more information on specific breaches, like the 2023 MOVEit Zero-Day Vulnerability, and how cybersecurity impacts your organization with our blog posts on cybersecurity.

Did this answer your question?