New Study: Why Cybersecurity Breach Survivors Are Your Firm’s Most Valued Asset
A critical vulnerability that allows for unauthenticated remote code execution has been discovered in Apache Log4j 2, an open source Java logging tool. The Apache Software Foundation has identified the vulnerability as CVE-2021-44228.

“34% of companies [in portfolios] we examined had at least one exposed Java-based server. Not all of those use Log4j, but that gives a rough sense of the scale of exposure,” said Ethan Geil, Senior Director, Data and Research.
Good Harbor Salon: The Future of Supply Chain Cyber Risk Management After SolarWinds
BitSight partnered with Good Harbor to host a salon discussion with security leaders from various industries to hear their thoughts on what the breach means for the security industry. Hosted by Richard A Clarke and BitSight’s Stephen Boyer, the discussion covered a range of topics from what happened, to what we should learn from the event, to what needs to happen next to minimize the damage from future attacks.