Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Bitsight and Google collaborate to reveal global cybersecurity performance
Bitsight and Google collaborate to reveal global cybersecurity performance
This joint study between Bitsight and Google arms organizations with actionable insights, providing the current status of global cybersecurity performance by analyzing nearly 100,000 global organizations across 16 cybersecurity controls and nine industries amid heightened stakeholder demands on cybersecurity strategy.
Discover why millions of smartphones worldwide are at risk due to cluttered and outdated apps. Dive into our research to learn more about this critical issue.
This blog post details one of these very unique cases: `CVE-2022-44877`, an unauthenticated Command Injection issue, flagged by CISA as a Known Exploited Vulnerability (CISA KEV).
Read the latest Bitsight research on PrivateLoader including important updates recently, including a new string encryption algorithm, a new alternative communication protocol and more.
AgentTesla (also known as OriginLogger) remains a prevalent commodity stealer, being daily distributed, mainly via email attachments
This blog discusses the state of DMARC, the role that DMARC plays in email authentication, and why it should be a key component of your email security solution.
We build on our previous work and look into how threat actors are abusing SLP to launch reflection/amplification DDoS attacks, their evolution, and what targets are they focused on at the moment.
Bitsight and Google have collaborated to study global organizational performance across cybersecurity controls in the Minimum Viable Secure Product (MVSP) framework.
Recently, our Threat Research team discovered a new malware sample, distributed by the PrivateLoader and Amadey loaders. Learn more.
Bitsight has identified nearly 100,000 exposed industrial control systems (ICS) potentially allowing an attacker to access and control physical infrastructure.
Bitsight dissects SmokeLoader's plugins received by an infected computer from the botnet "0020". We explore their inner workings, capabilities, and threat vectors.
Discover the methodology, at a technical level, the Bitsight Security Research team used to evaluate the three critical vulnerabilities affecting MOVEit Transfer.
Read Bitsight breach research by looking at the evolution of reported incidents over the past years to identify trends and global patterns.
CVE-2023-35036 & CVE-2023-35708 — were identified on June 9th and June 15th in the latest series of high-profile software supply chain vulnerabilities.
The other week, Bitsight released a piece of high-profile research alerting the public to a high-severity vulnerability. Here’s a summary of what happened and why it matters.
Enterprises tend to take their time with remediation efforts, despite software vulnerabilities being a top threat to organizations’ cybersecurity performance. The key to quicker fixes? Timely briefings.