Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Critical Vulnerabilities Discovered in Automated Tank Gauge Systems
Bitsight TRACE explores several critical vulnerabilities discovered in ATG systems and their inherent risk when exposed to the Internet.
Bitsight published research identifying exposed webcams. In light of that, Orgs must develop an understanding of how to handle the expanding attack surface.
Bitsight has identified thousands of organizations around the world using Internet-facing webcams and similar devices, finding many video and audio feeds susceptible to eavesdropping.
Mylobot is a malware that targets Windows systems, it first appeared in 2017. In this article, we'll focus on its main capability, which is transforming the infected system into a proxy.
Bitsight found that 25% of the S&P 500 and half of the top 20 most valuable public U.S companies have had at least one SSO credential for sale on the dark web in 2022. Read the full analysis.
Bitsight has discovered two previously undocumented malware families named Cova and Nosu. They have different purposes and capabilities, although we found some similarities during our research.
New Bitsight research finds that many organizations are still affected by the OpenSSL vulnerabilities, tracked as CVE-2022-3786 and CVE-2022-3602. This blog identifies the most affected sectors and nations around the world.
In this research, we present how to manually “unpack” a sample from a recent ColibriLoader malware campaign being distributed by PrivateLoader.
New research by the Marsh McLennan Cyber Risk Analytics Center (Marsh McLennan) finds 14 Bitsight analytics have statistically significant correlation with cybersecurity incidents.
Bitsight evaluated the current global state of exposure to CVE-2022-1388. Our findings indicate that many organizations remain vulnerable to this critical vulnerability, presenting risk not only to these organizations but also to their customer bases. See the findings.
In late 2021 we started registering some DGA-like domains that not only did not belong to any known domain generation algorithm (DGA), but were also being classified as different types of malware. Read the analysis.
Moody’s Investor Services published new research indicating worldwide cyber risk is rising, particularly among critical infrastructure entities.
SystemBC is a malware written in C that turns infected computers into SOCKS5 proxies.
Emotet is back in business, and Bitsight's Threat Research team is continuously monitoring the evolution of this dangerous malware. See our latest findings.
Bitsight has discovered six severe vulnerabilities in a popular vehicle GPS tracker (MiCODUS MV720) potentially allowing hackers to track individuals without their knowledge, remotely disable fleets of corporate supply and emergency vehicles, abruptly stop civilian vehicles on dangerous highways, and more.
Atlassian Confluence has been impacted by vulnerability CVE-2022-26134 allowing for ransomware deployment, data theft, & more. See Bitsight's findings & analysis.