Critical Vulnerabilities Discovered in Automated Tank Gauge Systems
Bitsight TRACE explores several critical vulnerabilities discovered in ATG systems and their inherent risk when exposed to the Internet.
Featured Research
Bitsight Security Research
Brandon Smith discusses some of the challenges an Automation Engineer face, Bitsight's partnership with Schneider Electric, and what manufacturers in general are doing to tackle ICS security.
Bitsight Security Research
Bitsight’s visibility over infostealer malware which exfiltrates over Telegram suggests that the most infected countries are the USA, Turkey, and Russia, followed by India and Germany.
Bitsight Security Research
Recent investigation by Bitsight TRACE has discovered multiple critical 0-day vulnerabilities across six ATG systems from five different vendors.
Bitsight TRACE: New Security Research
A Global View of the CISA KEV Catalog: Prevalence and Remediation
Bitsight TRACE research analyzing trends and insights of the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) Catalog. In this comprehensive report, Ben explores:
- Prevalence of KEVs across organizations, geographies, and verticals
- Average KEV remediation times and compliance with CISA deadlines
- Differences in KEVs known to be part of ransomware vs other CVEs
All Research
Bitsight Security Research
Bitsight’s visibility over infostealer malware which exfiltrates over Telegram suggests that the most infected countries are the USA, Turkey, and Russia, followed by India and Germany.
Bitsight Security Research
Recent investigation by Bitsight TRACE has discovered multiple critical 0-day vulnerabilities across six ATG systems from five different vendors.
Bitsight Security Research
I’ve had a number of requests to examine the finance sector in more detail including breakdowns of exactly what kind of financial organizations are experiencing greater risk and who is remediating more quickly. Here's some answers.
Bitsight Security Research
Want to know about Yet Another Vulnerability Scoring System (YASS)? Ben Edwards breaks down Stakeholder Specific Vulnerability Categorization and how to make it work.
Bitsight Security Research
An in-depth look into Web Application Security, and Bitsight's approach to related security metrics.
Bitsight Security Research
Our latest research, a collaboration between Bitsight TRACE & the security researcher Gi7w0rm, has uncovered additional details & information about the 7777 Botnet.
Bitsight Security Research
Before Crowdstrike caused the world to melt down for a few days, the talk of the security town was a recent OpenSSH vulnerability. Let's revisit CVE-2024-6387.
Bitsight Security Research
Bitsight's analysis of the CrowdStrike outage and timeline mysteries.
Bitsight Security Research
Much of your daily life depends on Industrial Control Systems(ICSs). We’ll cover ICSs unique characteristics and some of the challenges in applying IT security practices or technology to them.
Bitsight Security Research
Curious about software vulnerabilities and their fixes? Check out my latest blog on KEV exposures and common weaknesses for surprising insights!
Bitsight Security Research
How will the prohibition of Kaspersky Lab, Inc. impact global users? Read our analysis of the prevalence of Kaspersky products used by organizations around the globe.
Bitsight Security Research
Learn about what the latest reduction in capacity in the NVD means for the state of vulnerabilities.
Bitsight Security Research
This article provides a technical analysis of Latrodectus, offering insights into its campaigns and victims up until Operation Endgame.
Bitsight Security Research
This blog post details one of these very unique cases: `CVE-2022-44877`, an unauthenticated Command Injection issue, flagged by CISA as a Known Exploited Vulnerability (CISA KEV).
Bitsight Security Research
Discover key differences in KEV prevalence across Europe and how they impact cybersecurity strategies in this detailed blog.
Bitsight Security Research
This blog post details how `CVE-2021-44529` was researched as well as the current method being used to detect it.
Bitsight Security Research
Dive into a significant cybersecurity scare that could have led to widespread chaos, highlighting the vulnerabilities that were exposed and the swift actions taken to prevent disaster.
Bitsight Security Research
Bitsight’s global, advanced scanning and detection capabilities provide insight into many actively exploited vulnerabilities that others just can’t touch. Explore how we do it.
Bitsight Security Research
Discover why millions of smartphones worldwide are at risk due to cluttered and outdated apps. Dive into our research to learn more about this critical issue.
Bitsight Security Research
This blog post details one of these very unique cases: `CVE-2022-44877`, an unauthenticated Command Injection issue, flagged by CISA as a Known Exploited Vulnerability (CISA KEV).
Bitsight Security Research
We’re back again with a monthly-ish blog reflecting on major goings on in the security world.
Bitsight Security Research
Read the latest Bitsight research on PrivateLoader including important updates recently, including a new string encryption algorithm, a new alternative communication protocol and more.
Bitsight Security Research
AgentTesla (also known as OriginLogger) remains a prevalent commodity stealer, being daily distributed, mainly via email attachments
Bitsight Security Research
This blog discusses the state of DMARC, the role that DMARC plays in email authentication, and why it should be a key component of your email security solution.
Bitsight Security Research
Explore recent Ivanti Secure vulnerabilities affecting SSL VPN and Network Access Control solutions. Understand the criticality, patch delays, and ongoing exploitation.
Bitsight Security Research
We build on our previous work and look into how threat actors are abusing SLP to launch reflection/amplification DDoS attacks, their evolution, and what targets are they focused on at the moment.
Bitsight Security Research
Recently, our Threat Research team discovered a new malware sample, distributed by the PrivateLoader and Amadey loaders. Learn more.
Bitsight Security Research
Bitsight dissects SmokeLoader's plugins received by an infected computer from the botnet "0020". We explore their inner workings, capabilities, and threat vectors.
Bitsight Security Research
Discover the methodology, at a technical level, the Bitsight Security Research team used to evaluate the three critical vulnerabilities affecting MOVEit Transfer.
Bitsight Security Research
CVE-2023-35036 & CVE-2023-35708 — were identified on June 9th and June 15th in the latest series of high-profile software supply chain vulnerabilities.
Bitsight Security Research
Researchers from Bitsight and Curesec have jointly discovered a high-severity vulnerability — tracked as CVE-2023-29552 — in the Service Location Protocol (SLP).
Bitsight Security Research
Mylobot is a malware that targets Windows systems, it first appeared in 2017. In this article, we'll focus on its main capability, which is transforming the infected system into a proxy.
Bitsight Security Research
SystemBC is a malware written in C that turns infected computers into SOCKS5 proxies.
Bitsight Security Research
PrivateLoader is a loader from a pay-per-install malware distribution service that has been utilized to distribute info stealers, banking trojans, loaders, spambots, and ransomware on Windows machines.
Bitsight Security Research
We cover investments that Bitsight is making to greatly scale out our vulnerability coverage in record time through automation.
Bitsight Security Research
Brandon Smith discusses some of the challenges an Automation Engineer face, Bitsight's partnership with Schneider Electric, and what manufacturers in general are doing to tackle ICS security.
Malware Insights
Hunting PrivateLoader: The malware behind InstallsKey PPI service
Read the latest Bitsight research on PrivateLoader including important updates recently, including a new string encryption algorithm, a new alternative communication protocol...