Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Critical Vulnerabilities Discovered in Automated Tank Gauge Systems
Bitsight TRACE explores several critical vulnerabilities discovered in ATG systems and their inherent risk when exposed to the Internet.
Bitsight and Google have collaborated to study global organizational performance across cybersecurity controls in the Minimum Viable Secure Product (MVSP) framework.
Bitsight dissects SmokeLoader's plugins received by an infected computer from the botnet "0020". We explore their inner workings, capabilities, and threat vectors.
Recently, our Threat Research team discovered a new malware sample, distributed by the PrivateLoader and Amadey loaders. Learn more.
In 2014, Bitsight acquired AnubisNetworks, a real-time data threat provider based in Portugal. The integration of AnubisNetworks extends Bitsight’s position as the leading provider of cybersecurity ratings for organizations around the world because it fuels Bitsight Security Ratings’ compromised systems risk vectors and gives Bitsight unparalleled visibility into global threat activity. Anubis’ powerful analytics technology was essential in adding to the scope of Bitsight’s solution that provides daily, continuous security ratings on over 110,000 organizations worldwide.
Bitsight has identified nearly 100,000 exposed industrial control systems (ICS) potentially allowing an attacker to access and control physical infrastructure.
PrivateLoader is a loader from a pay-per-install malware distribution service that has been utilized to distribute info stealers, banking trojans, loaders, spambots, and ransomware on Windows machines.
Discover the methodology, at a technical level, the Bitsight Security Research team used to evaluate the three critical vulnerabilities affecting MOVEit Transfer.
Cloud computing is not new to the cyber world; it’s here to stay. Web services are common in our everyday lives and workplaces, with things like Facebook, Salesforce, JIRA, Adobe, and GSuite all falling into the cloud-based category. But who is responsible for breaches in the cloud data, the service provider or the organization using their services?
Read Bitsight breach research by looking at the evolution of reported incidents over the past years to identify trends and global patterns.
CVE-2023-35036 & CVE-2023-35708 — were identified on June 9th and June 15th in the latest series of high-profile software supply chain vulnerabilities.
Data is something that impacts so many different touch points of your business, which is why Data Ops makes life easier for everyone.
The other week, Bitsight released a piece of high-profile research alerting the public to a high-severity vulnerability. Here’s a summary of what happened and why it matters.
Researchers from Bitsight and Curesec have jointly discovered a high-severity vulnerability — tracked as CVE-2023-29552 — in the Service Location Protocol (SLP).
We have made several adjustment to continue to provide Bitsight users with the best external indicator of the performance of cybersecurity controls.
Bitsight has recently observed a 15-year-old modular spambot called Tofsee being distributed by PrivateLoader (ruzki), a notorious malware distribution service we also closely monitor.