Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
In the weeks since our previous post, we’ve seen development in the security community withthe release of an exploit into a commercial product as well as the announcement of theunreleased integration of an exploit into Rapid7’s Metasploit framework. During this time, wewanted to provide an update of affected machines, but also dive a bit deeper into thecharacteristics of the individual systems that remain exposed and unpatched.
A few weeks ago Google confirmed that there was malware pre-installed on a number of Android devices due to a supply-chain attack. The latest installment was discovered by security researchers from Dr.Web who have been investigating this situation for several years as it was already theorized by security researchers back in July 2017 that these infections originated as part of a supply-chain attack. In this instance, these devices were pre-installed with Triada, a form of Android malware that has been studied and reported on by Kaspersky and most recently Google in its attempt to surface this critical information to users and the wider community.
It’s been five weeks since we first posted about the exposure of the BlueKeep vulnerability on the external networks of many organizations across the world. There have been further developments regarding the capabilities of the vulnerability including that both the DHS developed a working exploit and individuals from the private sector have also developed a remote code exploit. Both of these milestones further demonstrate the risk introduced by this vulnerability and the pressing statements by Microsoft and the NSA to patch.
Today ElevenPaths, the Telefónica Group’s global cybersecurity unit, released a report highlighting cybersecurity trends for the first half of 2019. As a follow-up to a November 2018 report, ElevenPaths again takes a close look at how cybersecurity is trending in Spain and compares statistics for Spain against the whole of Europe.
The aftermath of a cyber breach can be costly. But just how expensive and where the brunt of that financial impact falls has been somewhat unclear, until now.
A little over a month ago, Microsoft discovered a software security vulnerability that could ultimately lead to one of the worst cybersecurity attacks since 2017’s infamous WannaCry ransomware incident.
The past few years have shown us that the cybersecurity landscape has only gotten more complex, as massive attack after massive attack —WannaCry and NotPetya ransomwares, at Uber Technologies in 2016, from the Shadow Brokers group, and many more — jolted enterprises around the world.
There are numerous areas of business and enterprise risk that have been measured for years in a standardized fashion — these include financial risk, market risk, operational risk, legal risk, and even IT risk.
Big risks can come from small, sometimes unexpected places. When compared to all the other vendors you need to manage, you might not think of an image container for apps as a high priority — but the recent breach of Docker Hub shows otherwise.
Today, disruptive risks are an area of focus for corporate directors worldwide. On a global basis, we face disruptions in areas like geopolitical volatility, economic slowdown, emerging technologies, cybersecurity threats, and climate change.
Since creating the Security Ratings market in 2011, a core component of Bitsight’s value to users has been providing industry-leading comprehensive visibility into malware communications.
Every day, Bitsight monitors the global threat landscape in a constant effort to identify software that may be placing users and organizations at risk. The presence of malware — or simply potentially unwanted applications — in an organization is an indicator that some security controls may be failing, or that some additional measures should be taken.
Data breaches are a constant in today’s headlines, but in recent years the risk has been front and center of some of the most significant M&A deals. In 2017, Verizon discounted its acquisition price by $350 million when Yahoo belatedly disclosed that it experienced several massive breaches. And in November 2018, Marriott publicly disclosed that Starwood’s guest reservation database — containing hundreds of millions of personal records — had been compromised since 2014, prior to the Marriott acquisition. These incidents — and countless others — raise critical questions. How should Boards be thinking about cyber risk in the acquisition process? What steps should they take to address this risk prior to the acquisition?
In 2019, cyber incidents will be the second most important global business risk. The more cyber incidents that continue to happen on a global scale, the more critical it is for users to understand how to classify the dangers that exist for both businesses and users. In this blog post, we’ll break down the basics and explore the difference between three key areas of cyber risk: vulnerabilities, threats, and exploits.
When it comes to data breach prevention, there are plenty of guides for reducing risk in the long term. While it’s definitely valuable to be working on a data breach prevention strategy with 6-month, 1-year, or 5-year goals, not every cybersecurity initiative takes so much time.