Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![How To Combat Security Risks In Cyber Insurance](/sites/default/files/styles/4_3_small/public/migration/images/risk_cyber_insurance_1.jpg.webp?itok=GQPgWJH0)
As an underwriter in the cyber insurance industry, you know that insurance is all about information. You’re responsible for making decisions about your applicants based on the details given to you—but you’re also aware of the potential for asymmetry in this information.
![bitsight-blog](/sites/default/files/styles/4_3_small/public/2024/05/24/bitsight-blog.jpg.webp?itok=-q3o2lKI)
Fortune 1000 organizations are acknowledged for generating significant amounts of revenue. Yet beyond bringing in a considerable amount of money, these companies are also integral to the supply chains of many organizations around the world. Recognizing this, Bitsight researchers set out to understand the security strengths and weaknesses found in Fortune 1000 companies. Companies that share data and network access with these organizations should be cognizant of common cyber risks found within these organizations, and use this insight to better inform their third party risk management programs.
![A Breakdown Of Recent OCC-Issued Examination Procedures For Third-Party Risk Management](/sites/default/files/styles/4_3_small/public/migration/images/full_occexam_1.jpg.webp?itok=UyY6cANX)
Financial regulators have long been concerned about the cyber risk associated with third-party- supplied products or services in financial institutions. For example, in 2013, federal financial regulators put out an issuance to financial institutions regarding how to manage third-party cyber risk. Over the last few years since this 2013 bulletin was published, the attention on third-party risk has continued to increase and the topic has been included on several examination priorities published by the Office of the Comptroller of the Currency (OCC), the Securities and Exchange Commission (SEC), and the Federal Reserve.
![BitSight’s Response to “Cloudbleed” and a Framework for Addressing Third Party Vulnerabilities](/sites/default/files/styles/4_3_small/public/migration/images/Cloudflare-blog-thumb_1.jpg.webp?itok=nErM5WtT)
As we discussed in a previous blog post, Cloudflare suffered a serious bug that caused private information from any Cloudflare customer and their users to be publicly leaked onto websites that had corrupted web content. Any person with knowledge of those websites was able to scrape the sensitive information left there.
![Cloudbleed: Breakdown of Cloudflare's Memory Leak](/sites/default/files/styles/4_3_small/public/migration/images/cloudbleed-blog-full_1.jpg.webp?itok=--qM0Gli)
On Thursday, February 23rd, Cloudflare announced a serious bug in its caching infrastructure that caused uninitialized memory to be printed on a number of its customers’ websites. This information included sensitive data such as passwords, cookies, tokens, private messages, and while it believes the bug was limited to roughly a thousand websites, it caused sensitive data to be dumped from potentially any Cloudflare reverse proxy customer. Some observers have stated this issue has similarities with “Heartbleed” and have thus referred to it as “Cloudbleed.”
![bitsight-blog](/sites/default/files/styles/4_3_small/public/2024/05/24/bitsight-blog.jpg.webp?itok=-q3o2lKI)
Necurs is a malware that is mainly known for sending large spam campaigns, most notably the Locky ransomware. However, Necurs is not only a spambot, it is a modular piece of malware that is composed of a main bot module, a userland rootkit and it can dynamically load additional modules.
![4 Reasons Traditional Vendor Risk Management Strategies Fall Short](/sites/default/files/styles/4_3_small/public/migration/images/4%2520Reasons%2520Traditional%2520Vendor%2520Risk%2520Management%2520Strategies%2520Fall%2520Short_1.jpg.webp?itok=_cmWbfbU)
Vendor risk management (VRM) is the practice of evaluating business partners, associates, or third-party vendors both before a business relationship is established and during the duration of your business contract. This is a difficult—albeit necessary—process all companies should go through when they enter into a third-party relationship.
![bitsight-blog](/sites/default/files/styles/4_3_small/public/2024/05/24/bitsight-blog.jpg.webp?itok=-q3o2lKI)
Dridex is a banking trojan that uses an affiliate system for its botnets. We have documented the Dridex communication and P2P protocols in the past. In this post we want to shed some light about all the known botnets, their respective geographic targets, and how they are organized.
![Using Security Ratings & the NIST Framework for Cybersecurity Maturity](/sites/default/files/styles/4_3_small/public/migration/images/NIST-blog_post_large_4.jpg.webp?itok=x30Jnf4H)
Over the past couple of weeks, a major issue has surfaced affecting numerous companies that use MongoDB to store their data. Those who install MongoDB on a server and use default settings are exposing their data to the internet and allowing anybody to browse the databases, download information, and erase them entirely. Many companies are unaware of the vulnerability and that their information may be exposed to hackers. Criminals are reacting quickly and opportunistically by stealing data, then asking for a ransom. To make matters worse, some criminals asking for a ransom don’t actually have the data, so when the ransom is paid, companies are still left without answers. In addition to MongoDB, it was reported that clusters of Elasticsearch, an enterprise search engine has also been hit with ransomware.
![4 Cybersecurity Trends You'll See In 2017](/sites/default/files/styles/4_3_small/public/migration/images/4%2520Cybersecurity%2520Trends%2520Youll%2520See%2520In%25202017%2520-%2520thumb_1.jpg.webp?itok=S52BjFoQ)
During 2016, a lot happened in the realm of cybersecurity, and we witnessed a number of noteworthy events and trends:
![bitsight-blog](/sites/default/files/styles/4_3_small/public/2024/05/24/bitsight-blog.jpg.webp?itok=-q3o2lKI)
Vendor security is becoming a focal point of risk management for many organizations. In many ways, this trend started with the Target breach from 2013, which highlighted the extensive financial and reputational impact of a third party security breach. Gartner estimates that by 2019, the need for transparency into operational and security activities within a vendor's value network will drive demand for vendor security by 30%.
![The Top 7 CIO Challenges In 2017](/sites/default/files/styles/4_3_small/public/migration/images/The%2520Top%25207%2520CIO%2520Challenges%2520In%25202017%2520-%2520thumb_1.jpg.webp?itok=WwdsqVp4)
In today’s security landscape, the CIO has a large and important role to fill. They must be aware of and compliant with regulations in their industry, focus on ensuring that the right security controls are in place for the organization and its vendors, and be able to consider the risks and benefits of new business processes.
![Portfolio Remediation Strategy Screenshot](/sites/default/files/styles/4_3_small/public/2022/11/29/Portfolio-Quality-ScreenShot-1_1.png.webp?itok=R0qDcA0W)
With third parties becoming a major attack vector into organizations, Bitsight is focused on enabling security and vendor risk professionals to better prioritize their efforts when it comes to identifying and monitoring cyber security risks across their vendor ecosystem. Bitsight Security Ratings customers can now prioritize issues and receive customized alerts when the aggregate performance of multiple companies change.
![How To Approach IT & Cybersecurity Benchmarking As A CIO](/sites/default/files/styles/4_3_small/public/migration/images/benchmarking_full_1.jpg.webp?itok=u57h21fO)
To a chief information officer (CIO), cybersecurity is a multifaceted concern. Not only could a breach that results in a loss of sensitive data or information be a legal or reputational nightmare for their organization, but it could also cost them (and others in the C-suite) their job.
![bitsight-blog](/sites/default/files/styles/4_3_small/public/2024/05/24/bitsight-blog.jpg.webp?itok=-q3o2lKI)
In this article, we will be detailing an issue we discovered affecting a number of low-cost devices. It allowed for adversaries to remotely execute commands on the devices as a privileged user if they were in a position to conduct a Man-in-the-Middle attack. The binary responsible appears to be an insecure implementation of an OTA (Over-the-air) mechanism for device updates associated to the software company, Ragentek Group, in China. All transactions from the binary to the third-party endpoint occur over an unencrypted channel, which not only exposes user-specific information during these communications, but would allow an adversary to issue commands supported by the protocol. One of these commands allows for the execution of system commands. This issue affected devices out of the box.