Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.

InSights Blog
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Gartner Predicts 2022: Cybersecurity Leaders Are Losing Control in a Distributed Ecosystem

Gartner Predicts 2022: Cybersecurity Leaders Are Losing Control in a Distributed Ecosystem
This report from Gartner reveals cybersecurity predictions about culture, the evolution of a leader’s role, third-party exposure, and the board’s perception of cyber risk. Download the report to learn key findings, market implications, and recommendations.

BitSight has discovered two previously undocumented malware families named Cova and Nosu. They have different purposes and capabilities, although we found some similarities during our research.

A data breach can have financial, operational, and reputational impact, but how much does it actually cost?

New BitSight research finds that many organizations are still affected by the OpenSSL vulnerabilities, tracked as CVE-2022-3786 and CVE-2022-3602. This blog identifies the most affected sectors and nations around the world.

A study reveals the correlation between these security flaws and the likelihood of cybersecurity incidents. Learn more.

As a security professional navigating the new challenges 2020 is bringing to cybersecurity, it’s critical to understand the ways your organization’s data could be exposed. Sensitive data is critical, safeguarded information. Different information can be considered sensitive depending on the industry, but in general it can be anything your organization, your employees, your customers, or your third parties would expect to be private and protected.Below, we’ve outlined five examples of sensitive data your organization likely handles—and a few key ways to protect it from evolving cyber threats.

BitSight evaluated the current global state of exposure to CVE-2022-1388. Our findings indicate that many organizations remain vulnerable to this critical vulnerability, presenting risk not only to these organizations but also to their customer bases. See the findings.

In late 2021 we started registering some DGA-like domains that not only did not belong to any known domain generation algorithm (DGA), but were also being classified as different types of malware. Read the analysis.

SystemBC is a malware written in C that turns infected computers into SOCKS5 proxies.

BitSight found that 25% of the S&P 500 and half of the top 20 most valuable public U.S companies have had at least one SSO credential for sale on the dark web in 2022. Read the full analysis.

PrivateLoader is a loader from a pay-per-install malware distribution service that has been utilized to distribute info stealers, banking trojans, loaders, spambots, and ransomware on Windows machines.

BitSight has discovered six severe vulnerabilities in a popular vehicle GPS tracker (MiCODUS MV720) potentially allowing hackers to track individuals without their knowledge, remotely disable fleets of corporate supply and emergency vehicles, abruptly stop civilian vehicles on dangerous highways, and more.

A vulnerability scanner evaluates security weaknesses and gaps in your digital infrastructure. Learn what to look for in a robust solution.

What is a botnet? A botnet is a collection of networked devices that are infected by malware and hijacked to carry out scams and data breaches.

Malware can gain entry to your network in many ways. Once malware has penetrated a network, threat actors can use it to steal information, encrypt systems, spy on users, and remove files. Learn how to prevent dangerous malware.

Atlassian Confluence has been impacted by vulnerability CVE-2022-26134 allowing for ransomware deployment, data theft, & more. See BitSight's findings & analysis.
Get the Weekly Cybersecurity Newsletter
Subscribe to get security news and industry ratings updates in your inbox.