Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Bitsight and Google collaborate to reveal global cybersecurity performance
Bitsight and Google collaborate to reveal global cybersecurity performance
This joint study between Bitsight and Google arms organizations with actionable insights, providing the current status of global cybersecurity performance by analyzing nearly 100,000 global organizations across 16 cybersecurity controls and nine industries amid heightened stakeholder demands on cybersecurity strategy.
Malware can gain entry to your network in many ways. Once malware has penetrated a network, threat actors can use it to steal information, encrypt systems, spy on users, and remove files. Learn how to prevent dangerous malware.
Atlassian Confluence has been impacted by vulnerability CVE-2022-26134 allowing for ransomware deployment, data theft, & more. See Bitsight's findings & analysis.
In November 2021, a new version of the Emotet botnet emerged. How did this happen? What is the botnet doing today? And how can organizations avoid becoming victims? Get the answers and more.
Are organizations prepared to meet new cyber incident disclosure requirements? The latest report from Bitsight's data analysts shows it might be easier said than done.
Organizations remain concerned about the potential implications to their own security posture as a result of the Okta cyber attack. It's important to identify where risks are present throughout your third parties landscape.
The UK Cyber Resilience 2022 strategy is a remarkable blueprint for any organization looking to improve cyber resilience. What lessons can be learned?
The situation between Russia and Ukraine has been escalating since the start of January, when Russia stationed more than 100,000 troops along the Ukrainian Border. Although cyber security is not the primary concern in the current situation, there is a cyber security component that absolutely should not be overlooked.
We believe a war in the region would have a direct impact on the cyber threat landscape. Both Poland and Lithuania have recently raised their countries' alert level, just hours after Ukraine reported its defense ministry and two banks had been hacked. In the US, CISA has issued a recommendation for all organizations, regardless of size, to adopt a heightened posture when it comes to cybersecurity. Meanwhile, Russia launched a full scale attack on Ukraine territory, which is still developing, and its full reach still remains to be seen.
We believe a war in the region would have a direct impact on the cyber threat landscape. Both Poland and Lithuania have recently raised their countries' alert level, just hours after Ukraine reported its defense ministry and two banks had been hacked. In the US, CISA has issued a recommendation for all organizations, regardless of size, to adopt a heightened posture when it comes to cybersecurity. Meanwhile, Russia launched a full scale attack on Ukraine territory, which is still developing, and its full reach still remains to be seen.
From the start, it was clear that the Log4j vulnerability, also referred to as Log4Shell, would be widespread and present major challenges for organizations. But, why is addressing Log4j so challenging?
Learn how to reduce the threat of cyber intrusion with a detection and prevention approach grounded in continuous monitoring.
Bitsight has been collecting FluBot infection telemetry data since March 2021. In total, we have identified 1.3 million IPs used by infected Android devices. Of them, over half (61%) are in Germany and Spain. Additionally, we are tracking an increase in IPs over time, which likely indicates an increase in infected devices.
As internet use continues moving toward a mobile-centric experience, it has become essential to consider mobile applications when crafting a security strategy. Bitsight’s latest research demonstrates exactly why. We are excited to announce that Bitsight Insights: Mobile Application Risk Report is available now.
A critical vulnerability that allows for unauthenticated remote code execution has been discovered in Apache Log4j 2, an open source Java logging tool. The Apache Software Foundation has identified the vulnerability as CVE-2021-44228.
“34% of companies [in portfolios] we examined had at least one exposed Java-based server. Not all of those use Log4j, but that gives a rough sense of the scale of exposure,” said Ethan Geil, Senior Director, Data and Research.
“34% of companies [in portfolios] we examined had at least one exposed Java-based server. Not all of those use Log4j, but that gives a rough sense of the scale of exposure,” said Ethan Geil, Senior Director, Data and Research.
There are many ways that a bad actor can infiltrate your IT infrastructure and begin sifting through your data. These vulnerable entry points are known as risk vectors and include insecure endpoints, unsupported mobile devices, unpatched systems, and more.
Today, the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities, to drive urgent and prioritized remediation of vulnerabilities that are being actively exploited by adversaries.
This directive includes an update to CISA's catalog of “known exploited vulnerabilities,” part of an ongoing effort encourage organizations to reduce risk within their attack surface. Bitsight is proud to partner with CISA on these critical efforts.
In the past few weeks, Bitsight has conducted research on two of the vulnerabilities in the CISA list: CVE-2021-41773 and CVE-2021-42013. These vulnerabilities were introduced via a recent Apache Server update and highlight the importance of an effective software update and patch management strategy as well as the need for third-party risk management.
This directive includes an update to CISA's catalog of “known exploited vulnerabilities,” part of an ongoing effort encourage organizations to reduce risk within their attack surface. Bitsight is proud to partner with CISA on these critical efforts.
In the past few weeks, Bitsight has conducted research on two of the vulnerabilities in the CISA list: CVE-2021-41773 and CVE-2021-42013. These vulnerabilities were introduced via a recent Apache Server update and highlight the importance of an effective software update and patch management strategy as well as the need for third-party risk management.
Facebook and the apps under its umbrella, including Instagram and WhatsApp, were inaccessible for hours on Monday.