Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
![Blog Image KEV Research Announcement](/sites/default/files/styles/cta/public/2024/05/01/Blog%20Image%20KEV%20Research%20Announcement.png?itok=dUMFV8Tg)
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
![AI image of a duck on the porch of a farmhouse with a man in black lurking in the shaddows](/sites/default/files/styles/4_3_small/public/2024/05/15/xz_header.png.webp?itok=v8LKPUub)
Dive into a significant cybersecurity scare that could have led to widespread chaos, highlighting the vulnerabilities that were exposed and the swift actions taken to prevent disaster.
![email security with DMARC](/sites/default/files/styles/4_3_small/public/2024/04/29/Enabling%20More%20Precise%20Evaluation%20of%20Email%20Security%20with%20DMARC-min.jpg.webp?itok=CH6N2R84)
Email is a well-known and widely used attack vector for malware distribution, phishing, and many other types of threats.
![Outdated mobile apps - a ticking time bomb](/sites/default/files/styles/4_3_small/public/2024/03/29/Outdated%20mobile%20apps%20-%20a%20ticking%20time%20bomb.jpg.webp?itok=_YLz0Cn8)
Discover why millions of smartphones worldwide are at risk due to cluttered and outdated apps. Dive into our research to learn more about this critical issue.
![2024 Ivanti Vulnerability hero](/sites/default/files/styles/4_3_small/public/2024/02/06/2024-Ivanti-Vulnerability-hero.jpg.webp?itok=CAH4aWVm)
Explore recent Ivanti Secure vulnerabilities affecting SSL VPN and Network Access Control solutions. Understand the criticality, patch delays, and ongoing exploitation.
![Data Insights on AgentTesla and OriginLogger Victims hero banner](/sites/default/files/styles/4_3_small/public/2024/01/04/Data%20Insights%20on%20AgentTesla%20and%20OriginLogger%20Victims%20hero%20banner.jpg.webp?itok=bZXS5XQq)
AgentTesla (also known as OriginLogger) remains a prevalent commodity stealer, being daily distributed, mainly via email attachments
![SmokeLoader Malware banner](/sites/default/files/styles/4_3_small/public/2023/09/15/SmokeLoader-Malware-banner-min.jpeg.webp?itok=ACqh3Ajo)
Bitsight dissects SmokeLoader's plugins received by an infected computer from the botnet "0020". We explore their inner workings, capabilities, and threat vectors.
![CISO Education Requirements: Degrees, Training Courses, and Certifications](/sites/default/files/styles/4_3_small/public/2022/06/08/AdobeStock_232968888_1.jpg.webp?itok=BinrDNl-)
About 25 years ago, the evolution of the overall digital ecosystem necessitated the creation of the first CISO role. Now, 61% of companies have a CISO.
![Tracking PrivateLoader- Malware Distribution Service](/sites/default/files/styles/4_3_small/public/2024/03/27/Tracking%20PrivateLoader-%20Malware%20Distribution%20Service%20_0.jpg.webp?itok=BpXUBR04)
PrivateLoader is a loader from a pay-per-install malware distribution service that has been utilized to distribute info stealers, banking trojans, loaders, spambots, and ransomware on Windows machines.
![MOVEit Transfer vulnerability-Bitsight research findings](/sites/default/files/styles/4_3_small/public/2023/07/18/MOVEit%20Transfer%20vulnerability-Bitsight%20research%20findings.jpg.webp?itok=TUtYrcl5)
Discover the methodology, at a technical level, the Bitsight Security Research team used to evaluate the three critical vulnerabilities affecting MOVEit Transfer.
![4 Things You Should Include In Your Data Breach Response Plan](/sites/default/files/styles/4_3_small/public/migration/images/Data%2520Breach%2520Response%2520Plan%2520-%2520thumb_1.jpg.webp?itok=BpM0ztOY)
If you’re working on organizational cybersecurity, one of your top goals is likely putting a system in place that will help identify data breach incidents as quickly as possible, whether that data is inside your organization or with one of your vendors. Of course, simply knowing about a data breach incident isn’t enough—you have to take action immediately, or you could risk major data implications.
![what is a zero day - zero day exploit](/sites/default/files/styles/4_3_small/public/2023/03/10/what%20is%20a%20zero%20day.jpg.webp?itok=FotfSweF)
Dealing with unpredictable vulnerabilities is one of today's greatest challenges. What is a zero day and why is it relevant for TPRM?
![Data Breach Blog](/sites/default/files/styles/4_3_small/public/2023/08/04/Data%20Breach%20Blog.jpg.webp?itok=hz-W8Ea5)
Read Bitsight breach research by looking at the evolution of reported incidents over the past years to identify trends and global patterns.
![what is malware](/sites/default/files/styles/4_3_small/public/2022/06/13/shutterstock_1326113375.jpg.webp?itok=1HZUZvHB)
Malware can gain entry to your network in many ways. Once malware has penetrated a network, threat actors can use it to steal information, encrypt systems, spy on users, and remove files. Learn how to prevent dangerous malware.
![what is vulnerability management](/sites/default/files/styles/4_3_small/public/2023/03/08/what%20is%20vulnerability%20management.jpg.webp?itok=-1gUWtzs)
As the attack surface expands, vulnerability management offers a strategic approach to manage exposure and remediate on time. Here's what you need to know.
![what is vulnerability monitoring](/sites/default/files/styles/4_3_small/public/2023/04/05/what%20is%20vulnerability%20monitoring.jpg.webp?itok=ARmLJ1nk)
In today’s ever changing cyber risk landscape, your organization must adopt a vulnerability management framework to control exposure and remediate risks in a timely manner.