InSights Blog

A critical vulnerability that allows for unauthenticated remote code execution has been discovered in Apache Log4j 2, an open source Java logging tool. The Apache Software Foundation has identified the vulnerability as CVE-2021-44228.

“34% of companies [in portfolios] we examined had at least one exposed Java-based server. Not all of those use Log4j, but that gives a rough sense of the scale of exposure,” said Ethan Geil, Senior Director, Data and Research.

There are many ways that a bad actor can infiltrate your IT infrastructure and begin sifting through your data. These vulnerable entry points are known as risk vectors and include insecure endpoints, unsupported mobile devices, unpatched systems, and more.

Today, the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities, to drive urgent and prioritized remediation of vulnerabilities that are being actively exploited by adversaries.

This directive includes an update to CISA's catalog of “known exploited vulnerabilities,” part of an ongoing effort encourage organizations to reduce risk within their attack surface. BitSight is proud to partner with CISA on these critical efforts.

In the past few weeks, BitSight has conducted research on two of the vulnerabilities in the CISA list: CVE-2021-41773 and CVE-2021-42013. These vulnerabilities were introduced via a recent Apache Server update and highlight the importance of an effective software update and patch management strategy as well as the need for third-party risk management.

Facebook and the apps under its umbrella, including Instagram and WhatsApp, were inaccessible for hours on Monday.

In early September, a threat actor leaked nearly 500,000 Fortinet VPN login names and passwords that were allegedly scraped from vulnerable devices last summer. The leaked credentials could allow hackers to access an exposed network to perform data exfiltration, install malware, and perform ransomware attacks. BitSight was able to verify that 98% of the IP addresses in the leaked files were, in fact, running Fortinet VPN servers within the past 12 months.

It happened again - another disruptive ransomware attack. On July 2, 2021 Kaseya, a Florida-based software provider that provides Remote Management Monitoring, warned of its software being abused to deploy ransomware on end-customers' systems.

Microsoft recently announced that the threat actor Nobelium continues to target government agencies, think tanks, consultants, and non-government organizations with cyber attacks. 

In the six months since the SolarWinds supply chain attack there has been increased action in the cybersecurity breach world – and the bad actors aren’t letting up. This means that cybersecurity protection is more critical than ever. 

After last week’s catastrophic cyber incident targeting Colonial Pipeline, could more U.S. Oil and Energy companies be at risk of a ransomware attack? 

Millions of organizations world-wide rely on WordPress for website creation and management. In fact, currently there are over 75 million sites that use WordPress for their operations. The Walt Disney Company, BBC America, Microsoft News, The Rolling Stone - all of these big name brands rely on WordPress website creation to run, which also makes them a desirable target for bad actors. 

The unfolding Hafnium attack is the latest event in the trend of cyber events. CISO’s are starting to recognize that enterprise cyber security is being redefined to mean me and all my suppliers, or  the combination of first and third party cyber risk is enterprise risk. NotPetya demonstrated that breaching a small accounting firm could cost a firm like Merck over $1B in damage. 

Organizations around the globe continue to address the fallout from the Microsoft Exchange Server zero-day attacks. It was recently announced that hackers may now be exploiting the vulnerabilities in Exchange to drop ransomware into vulnerable systems via backdoor attacks (or Web shells). There is significant urgency for organizations to update their systems and patch immediately to stop these backdoor attacks that originated with Exchange.

Microsoft Exchange is a critical business software used by organizations around the world for email. Sensitive data and communications are stored and transacted on the platform daily. In an unusual situation, threat actors have performed mass exploitation on zero-day vulnerabilities associated with Microsoft Exchange.

Microsoft Exchange is a critical business software used by organizations around the world for email. Sensitive data and communications are stored and transacted on the platform daily. In an unusual situation, threat actors have performed mass exploitation on zero-day vulnerabilities associated with Microsoft Exchange.

On March 2, Microsoft announced that it has detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server. According to Microsoft, in the attacks observed, cybersecurity threat actors used this vulnerability to access on-premises Exchange servers, which enabled access to email accounts, and installed additional malware to facilitate long-term access to victim environments.