<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=26304&amp;fmt=gif">

BitSight Releases New VPNFilter & Oracle Weblogic Vulnerability Identification Filters

Alex Campanelli | July 6, 2018

Within the BitSight Security Ratings platform, we prioritize features that help organizations both identify and manage risks across their own networks and the networks of their third parties. BitSight now enables users to identify organizations who are potentially vulnerable to VPNFilter malware or Oracle’s WebLogic server problems.

VPNFilter is a piece of malware allegedly linked to the same Russian hacking group that made headlines during the 2016 election, which has now shown up in 54 countries including the United States. This malware uses known vulnerabilities to infect home office routers, and once that happens, it reports back to a command-and-control infrastructure that can install purpose-built plug-ins, which will perform actions like eavesdropping on internet traffic to steal website credentials.

Within your BitSight Security Ratings portal, it’s simple to identify the VPNFilter vulnerability on your own network or on that of a third or fourth party. By doing this, you could find endpoints vulnerable to the VPNFilter malware, which could potentially take control of network devices. Go to Portfolio ➔ All Companies and search for “VPNFilter” in the “Search filter options…” bar, and then include “VPNFILTER (potential)” in your search.


Oracle’s April 2018 Critical Patch Update contained a patch for a vulnerability in the WebLogic Server (WLS) core component of WebLogic. In the update, this security issue received a severity score of 9.8 out of 10, given that it could allow attackers to execute code on remote WebLogic servers without actually needing to authenticate.

To search for the WebLogic vulnerability on your own network or on a third parties’, you can search within the BitSight Security Ratings portal to find vulnerable servers. This will show where BitSight observed the presence of infected WebLogic machines that are attempting to find other vulnerable machines. This vulnerability could allow attackers to execute code on remote WebLogic servers without needing to authenticate. Go to Portfolio ➔ All Companies and search for “Weblogic” in the “Search filter options…” bar, and then include “WeblogicWorm” in your search.


These new filters provides valuable insight into the security posture of an organization (and its vendors). With global cyber attacks that can exploit internal vulnerabilities, companies must keep track of all the endpoints on their network and ensure that patching is consistent and up-to-date. BitSight is leading the way in the Security Rating Services industry to provide advanced vulnerability identification equipping security and risk professionals to reduce the cyber risk associated with their third parties and within their organizations.

Get Your Rating

Suggested Posts

What’s Behind Your Risk Matrix?

This quarter, BitSight released several new product features that enable organizations to more rapidly assess, prioritize and manage cyber risk. These new capabilities — the Portfolio Risk Matrix and Asset Risk Matrix — leverage BitSight’s


Forecasting: The Missing Link in Your Annual Security Performance Planning Process

When it comes to security performance management within your organization, how do your security teams measure performance? If they’re using security ratings, they know that this objective, quantitative measurement is an effective place to...


Forrester Recognizes BitSight as a Leader in Cybersecurity Risk Rating Solutions

This past Tuesday, BitSight was named a Leader in The Forrester New Wave™: Cybersecurity Risk Rating Solutions, Q4 2018 evaluation. This report evaluates the current offering and strategy of vendors in a particular technology market, such...


Subscribe to get security news and updates in your inbox.