Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![What Is Sensitive Data & Why You Need To Protect It](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_1033113025_1.jpg.webp?itok=MWSw8lrO)
As a security professional navigating the new challenges 2020 is bringing to cybersecurity, it’s critical to understand the ways your organization’s data could be exposed. Sensitive data is critical, safeguarded information. Different information can be considered sensitive depending on the industry, but in general it can be anything your organization, your employees, your customers, or your third parties would expect to be private and protected.Below, we’ve outlined five examples of sensitive data your organization likely handles—and a few key ways to protect it from evolving cyber threats.
![Global State of Exposure BIG IP CVE 2022-1388 Blog Header](/sites/default/files/styles/4_3_small/public/2022/10/13/Global-State-of-Exposure-BIG-IP-CVE-2022-1388.jpg.webp?itok=bUQlssM8)
Bitsight evaluated the current global state of exposure to CVE-2022-1388. Our findings indicate that many organizations remain vulnerable to this critical vulnerability, presenting risk not only to these organizations but also to their customer bases. See the findings.
![PseudoManuscrypt Sinkholing](/sites/default/files/styles/4_3_small/public/2022/10/05/PseudoManuscrypt-Sinkholing.jpg.webp?itok=KZGbxrUT)
In late 2021 we started registering some DGA-like domains that not only did not belong to any known domain generation algorithm (DGA), but were also being classified as different types of malware. Read the analysis.
![SystemBC malware banner](/sites/default/files/styles/4_3_small/public/2022/09/19/SystemBC-malware-banner-min.jpg.webp?itok=duCZ_7ia)
SystemBC is a malware written in C that turns infected computers into SOCKS5 proxies.
![BitSight Finds Critical Vulnerabilities in Popular GPS Tracker](/sites/default/files/styles/4_3_small/public/2022/07/15/BitSight%20Finds%20Critical%20Vulnerabilities%20in%20Popular%20GPS%20Tracker_New.jpg.webp?itok=AADpgFSJ)
Bitsight has discovered six severe vulnerabilities in a popular vehicle GPS tracker (MiCODUS MV720) potentially allowing hackers to track individuals without their knowledge, remotely disable fleets of corporate supply and emergency vehicles, abruptly stop civilian vehicles on dangerous highways, and more.
![What is a botnet, image shows a representation of a botnet](/sites/default/files/styles/4_3_small/public/2022/06/24/What%20is%20a%20Botnet%2C%20SIZED.jpg.webp?itok=iWqqujCC)
What is a botnet? A botnet is a collection of networked devices that are infected by malware and hijacked to carry out scams and data breaches.
![Vulnerability alert](/sites/default/files/styles/4_3_small/public/2023/04/26/Vulnerability%20alert-min.jpg.webp?itok=PREnq-Uj)
Atlassian Confluence has been impacted by vulnerability CVE-2022-26134 allowing for ransomware deployment, data theft, & more. See Bitsight's findings & analysis.
![Global distribution of Emotet infected systems](/sites/default/files/styles/4_3_small/public/2022/05/19/Global%20distribution%20of%20infected%20systems-min.png.webp?itok=uiwqItNT)
In November 2021, a new version of the Emotet botnet emerged. How did this happen? What is the botnet doing today? And how can organizations avoid becoming victims? Get the answers and more.
![The state of cyber incident disclosure](/sites/default/files/styles/4_3_small/public/2022/03/28/From%20Months%20to%20Minutes%2C%20Sized.jpg.webp?itok=u2Oihzlw)
Are organizations prepared to meet new cyber incident disclosure requirements? The latest report from Bitsight's data analysts shows it might be easier said than done.
![global vendor breach](/sites/default/files/styles/4_3_small/public/2022/03/23/shutterstock_639700315.jpg.webp?itok=_y4NYmtx)
Organizations remain concerned about the potential implications to their own security posture as a result of the Okta cyber attack. It's important to identify where risks are present throughout your third parties landscape.
![UK cyber resilience cyber security strategy webpage](/sites/default/files/styles/4_3_small/public/2022/02/28/UK%20Cyber%20Resilience%2C%20Sized.jpg.webp?itok=EZJ1xllP)
The UK Cyber Resilience 2022 strategy is a remarkable blueprint for any organization looking to improve cyber resilience. What lessons can be learned?
![Global supply chain risk](/sites/default/files/styles/4_3_small/public/2022/02/24/shutterstock_507719209.jpg.webp?itok=wZTdR-DH)
The situation between Russia and Ukraine has been escalating since the start of January, when Russia stationed more than 100,000 troops along the Ukrainian Border. Although cyber security is not the primary concern in the current situation, there is a cyber security component that absolutely should not be overlooked.
We believe a war in the region would have a direct impact on the cyber threat landscape. Both Poland and Lithuania have recently raised their countries' alert level, just hours after Ukraine reported its defense ministry and two banks had been hacked. In the US, CISA has issued a recommendation for all organizations, regardless of size, to adopt a heightened posture when it comes to cybersecurity. Meanwhile, Russia launched a full scale attack on Ukraine territory, which is still developing, and its full reach still remains to be seen.
We believe a war in the region would have a direct impact on the cyber threat landscape. Both Poland and Lithuania have recently raised their countries' alert level, just hours after Ukraine reported its defense ministry and two banks had been hacked. In the US, CISA has issued a recommendation for all organizations, regardless of size, to adopt a heightened posture when it comes to cybersecurity. Meanwhile, Russia launched a full scale attack on Ukraine territory, which is still developing, and its full reach still remains to be seen.
![Enhance Vulnerability Mitigation With Security Performance Management](/sites/default/files/styles/4_3_small/public/migration/images/shutterstock_546191650_1.jpg.webp?itok=UtrMRyeZ)
From the start, it was clear that the Log4j vulnerability, also referred to as Log4Shell, would be widespread and present major challenges for organizations. But, why is addressing Log4j so challenging?
![Cyber intrusion, hacker looking at your network](/sites/default/files/styles/4_3_small/public/2022/02/07/Cyber%20Intrusion%2C%20Sized.jpg.webp?itok=_H7TnpQw)
Learn how to reduce the threat of cyber intrusion with a detection and prevention approach grounded in continuous monitoring.
![count_ip vs country](/sites/default/files/styles/4_3_small/public/2022/02/04/count_ip%20vs.%20country.png.webp?itok=Zs9j0V9Y)
Bitsight has been collecting FluBot infection telemetry data since March 2021. In total, we have identified 1.3 million IPs used by infected Android devices. Of them, over half (61%) are in Germany and Spain. Additionally, we are tracking an increase in IPs over time, which likely indicates an increase in infected devices.