In The News

Bitsight observed that "nearly 5% of utilities are still exposed" to the BlueKeep vulnerability, noting that "This vulnerability, if exploited by an external attacker, will lead to full system compromise, without requiring any form of authentication or user interaction. According to Bitsight research, the electric utilities sector is the fourth worst performing sector when it comes to patching this critical vulnerability."

 

In a survey conducted this year by Bitsight and the Center for Financial Professionals, 97% of financial services companies said third-party risk were becoming a major concern. Nearly eight in 10 companies said they had already terminated a business relationship, or had ratcheted it down, over cybersecurity issues. Barely 22% said they were continuously monitoring third-party cyber-risk.

 

Federal agencies fail to follow basic computer security standards including relying on a 48-year-old system for critical work, leaving the government vulnerable to hackers, according to Congressional report published on Tuesday.

The report, Federal Cybersecurity: America’s Data at Risk, is the result of a 10-month review by the Permanent Subcommittee on Investigations of the Senate Homeland Security Committee that examined a decade’s worth of inspector general reports.

Boston is a Hub of a lot of businesses, including cyber and cloud security.

It's such a hub that Amazon chose Boston to host its first conference dedicated to cloud security now going on the Boston Convention and Exhibition Center.

But what exactly is cloud security and why is Boston a leader in it?

Risk management vendor Bitsight, which posted new research last Thursday, incorporated Graham's tool in its own scanning platform and initially found 972,829 vulnerable Windows systems on May 31, one day after the first Microsoft warning. Since that time, the company has conducted additional scans on a regular basis, according to Dan Dahlberg, head of security research at Bitsight. Dahlberg said more recent scanning data indicated that "some vulnerable systems" have been patch, but he couldn't provide exact figures.

"It's tough to say right now whether the warnings have had any real effect on a day-to-day basis for the number of unpatched systems out there," Dahlberg said.

Bitsight ran an internet scan in mid-June for systems vulnerable to BlueKeep. It too found about a million vulnerable machines, but the exposure to BlueKeep is greatest in China, where less than 50 percent of machines have been patched. 

“It’s become widely accepted policy and practice that the private sector is on their own when it comes to defending against cyberattacks,” said Stephen Boyer, chief technology officer at Bitsight, a security ratings firm.

Boyer said he was surprised that even 38% of those surveyed were “somewhat confident” in whether the government could help protect them against cyberattacks. “Given the government’s current relationship with the private sector, they really shouldn’t be,” he said.

More than 970,000 systems, mostly in the U.S. and China, still are vulnerable to BlueKeep, according to numbers published by security vendor Bitsight, which incorporates previous findings by researcher Robert Graham. Nearly 1.6 million systems have been patched, and the status of another 1.3 million is unclear.

According to data from Bitsight, the highest number of vulnerable devices is in China, followed by the United States. The telecommunications, education, and tech sectors are the most impacted.

Even so, new research by Bitsight earlier this month showed that nearly 1 million Internet-exposed systems remain unpatched against BlueKeep and therefore vulnerable to attack. Another report from Check Point Research noted a recent increase in Internet scans for vulnerable systems that the security vendor interpreted as a sign threat actors are preparing for attacks targeting the flaw.

The BlueKeep RDP vulnerability continues to be a ticking time bomb one month after Microsoft publicly disclosed the flaw. New research from security vendor Bitsight shows that close to 1 million systems with RDP exposed to the Internet remain unpatched and vulnerable to attacks.

The hacking method is changing recently. Hackers do not hack directly to the target company, but hack the partner company and then detour to get information from the target company.

However, there is a breakthrough service that can prevent this. Bitsight service. Secureletter, which has signed exclusive distributorship of Bitsight Korea, held 'Bitsight Launch Seminar' at Lotte Hotel in Seoul on 12th, and announced the launch of Bitsight service.

Jake Olcott, a vice president at Bitsight, advised that while other sectors like finance and utilities maintain a laser-focus on measuring and monitoring third-party cyber-risk, the hospitality sector does not face the same regulatory pressures. “These incidents should serve as a wakeup call to the industry. They’re going to have to take a closer look at these issues or face reputational and economic damage.

As the biggest task of business IT, 'security' is being talked about, the service that can check the current security status of the company is officially introduced in Korea. Bitsight, an IT security rating company held a press conference at Lotte Hotel in Seoul, and announced the formal release of its IT security rating service in Korea.

Earlier this week, The Washington Post reported that US Customs and Border Protection (CBP) suffered a data breach involving hackers gaining access to photos of people’s faces and license plates at a border entry port. The attackers targeted a third-party subcontractor, which had been storing the sensitive files over its own network. The subcontractor’s network was subsequently compromised by a malicious cyber-attack. I was not surprised to read this as all government agencies are at high risk of data breach through their third party contractors, writes Jake Olcott, VP Government Affairs at Bitsight.