Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![Vulnerability, Vulnerability Scanner, Cybersecurity threats](/sites/default/files/styles/4_3_small/public/2022/07/01/Vulnerability%20Scanner%20sized.jpg.webp?itok=zZYmpyTs)
A vulnerability scanner evaluates security weaknesses and gaps in your digital infrastructure. Learn what to look for in a robust solution.
![what is a backdoor attack-bitsight](/sites/default/files/styles/4_3_small/public/2023/07/27/what%20is%20a%20backdoor%20attack-bitsight.jpeg.webp?itok=zs1W7yh8)
What is a backdoor attack and how can you protect your organization from becoming a victim? Let’s explore this stealthy threat.
![New research reveals rapid remediation of MOVEit Transfer vulnerabilities](/sites/default/files/styles/4_3_small/public/2024/03/27/New%20research%20reveals%20rapid%20remediation%20of%20MOVEit%20Transfer%20vulnerabilities_0.jpg.webp?itok=3HH1Rrk6)
CVE-2023-35036 & CVE-2023-35708 — were identified on June 9th and June 15th in the latest series of high-profile software supply chain vulnerabilities.
![zero day remediation](/sites/default/files/styles/4_3_small/public/2023/04/27/zero%20day%20remediation_0.jpeg.webp?itok=udgJtvZA)
Software vulnerabilities are inevitable, but you can reduce their impact by acting fast. Follow these zero day remediation tips.
![Vulnerability alert](/sites/default/files/styles/4_3_small/public/2023/04/26/Vulnerability%20alert-min.jpg.webp?itok=PREnq-Uj)
Researchers from Bitsight and Curesec have jointly discovered a high-severity vulnerability — tracked as CVE-2023-29552 — in the Service Location Protocol (SLP).
![Practical advice to secure your expanding attack surface](/sites/default/files/styles/4_3_small/public/2023/03/21/Practical%20advice%20to%20secure%20your%20expanding%20attack%20surface.png.webp?itok=orBunXpe)
Bitsight published research identifying exposed webcams. In light of that, Orgs must develop an understanding of how to handle the expanding attack surface.
![Silicon Valley Bank Crisis - How Security and Financial Leaders Can Collaborate to Protect their Organizations](/sites/default/files/styles/4_3_small/public/2023/03/15/Silicon%20Valley%20Bank%20Crisis%20-%20How%20Security%20and%20Financial%20Leaders%20Can%20Collaborate%20to%20Protect%20their%20Organizations.png.webp?itok=1yHqkd3u)
How financial and security leaders can work together to protect their organizations in the wake of the recent crisis affecting Silicon Valley Bank (SVB).
![BitSight identifies thousands of organizations using Internet-facing and exposed webcams blog hero image](/sites/default/files/styles/4_3_small/public/2023/02/16/BitSight%20identifies%20thousands%20of%20organizations%20using%20Internet-facing%20and%20exposed%20webcams.jpg.webp?itok=R6D_uHcs)
Bitsight has identified thousands of organizations around the world using Internet-facing webcams and similar devices, finding many video and audio feeds susceptible to eavesdropping.
![Tea leaves in a cup, representing that you need to interpret information](/sites/default/files/styles/4_3_small/public/2023/01/27/Reading%20Tea%20Leaves%2C%20SIZED.jpg.webp?itok=IuJ3gyex)
On the surface, the Bitsight Rating and associated Risk Vectors look self-explanatory, but there's an artistic element as well. In the case of Bitsight, that means having a thorough understanding of cybersecurity and drawing inferences from the data.
![Mylobot- Investigating a proxy botnet](/sites/default/files/styles/4_3_small/public/2024/03/27/Mylobot-%20Investigating%20a%20proxy%20botnet_0.jpg.webp?itok=RbLR15m8)
Mylobot is a malware that targets Windows systems, it first appeared in 2017. In this article, we'll focus on its main capability, which is transforming the infected system into a proxy.
![system hacked](/sites/default/files/styles/4_3_small/public/2022/11/18/Shutterstock_1916985977%20%281%29.jpg.webp?itok=HLYjHJLd)
A study reveals the correlation between these security flaws and the likelihood of cybersecurity incidents. Learn more.
![Analyzing Exposed SSO Credentials of Public Companies](/sites/default/files/styles/4_3_small/public/2022/09/14/Analyzing-Exposed-SSO-Credentials-of-Public-Companies-new.jpg.webp?itok=WuV2vgtg)
Bitsight found that 25% of the S&P 500 and half of the top 20 most valuable public U.S companies have had at least one SSO credential for sale on the dark web in 2022. Read the full analysis.
![Cova and Nosu malware](/sites/default/files/styles/4_3_small/public/2022/12/06/cova-and-nosu-blog-banner-min.jpg.webp?itok=aPWGVYL4)
Bitsight has discovered two previously undocumented malware families named Cova and Nosu. They have different purposes and capabilities, although we found some similarities during our research.
![cost of a data breach](/sites/default/files/styles/4_3_small/public/2022/11/24/cost%20of%20a%20data%20breach.jpg.webp?itok=z8lukRAb)
A data breach can have financial, operational, and reputational impact, but how much does a data breach actually cost? Find out today.
![Global State of Exposure OpenSSL Vulnerabilities Hero Image](/sites/default/files/styles/4_3_small/public/2022/11/30/Global%20State%20of%20Exposure%20OpenSSL%20Vulnerabilities%20Hero.png.webp?itok=Yb70cTvv)
New Bitsight research finds that many organizations are still affected by the OpenSSL vulnerabilities, tracked as CVE-2022-3786 and CVE-2022-3602. This blog identifies the most affected sectors and nations around the world.