Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Critical Vulnerabilities Discovered in Automated Tank Gauge Systems
Bitsight TRACE explores several critical vulnerabilities discovered in ATG systems and their inherent risk when exposed to the Internet.
We’re back again with a monthly-ish blog reflecting on major goings on in the security world.
Read the latest Bitsight research on PrivateLoader including important updates recently, including a new string encryption algorithm, a new alternative communication protocol and more.
Explore recent Ivanti Secure vulnerabilities affecting SSL VPN and Network Access Control solutions. Understand the criticality, patch delays, and ongoing exploitation.
Enterprises tend to take their time with remediation efforts, despite software vulnerabilities being a top threat to organizations’ cybersecurity performance. The key to quicker fixes? Timely briefings.
AgentTesla (also known as OriginLogger) remains a prevalent commodity stealer, being daily distributed, mainly via email attachments
This blog discusses the state of DMARC, the role that DMARC plays in email authentication, and why it should be a key component of your email security solution.
We build on our previous work and look into how threat actors are abusing SLP to launch reflection/amplification DDoS attacks, their evolution, and what targets are they focused on at the moment.
Bitsight and Google have collaborated to study global organizational performance across cybersecurity controls in the Minimum Viable Secure Product (MVSP) framework.
Bitsight dissects SmokeLoader's plugins received by an infected computer from the botnet "0020". We explore their inner workings, capabilities, and threat vectors.
Recently, our Threat Research team discovered a new malware sample, distributed by the PrivateLoader and Amadey loaders. Learn more.
In 2014, Bitsight acquired AnubisNetworks, a real-time data threat provider based in Portugal. The integration of AnubisNetworks extends Bitsight’s position as the leading provider of cybersecurity ratings for organizations around the world because it fuels Bitsight Security Ratings’ compromised systems risk vectors and gives Bitsight unparalleled visibility into global threat activity. Anubis’ powerful analytics technology was essential in adding to the scope of Bitsight’s solution that provides daily, continuous security ratings on over 110,000 organizations worldwide.
Bitsight has identified nearly 100,000 exposed industrial control systems (ICS) potentially allowing an attacker to access and control physical infrastructure.
PrivateLoader is a loader from a pay-per-install malware distribution service that has been utilized to distribute info stealers, banking trojans, loaders, spambots, and ransomware on Windows machines.
Discover the methodology, at a technical level, the Bitsight Security Research team used to evaluate the three critical vulnerabilities affecting MOVEit Transfer.
Cloud computing is not new to the cyber world; it’s here to stay. Web services are common in our everyday lives and workplaces, with things like Facebook, Salesforce, JIRA, Adobe, and GSuite all falling into the cloud-based category. But who is responsible for breaches in the cloud data, the service provider or the organization using their services?