A critical vulnerability that allows for unauthenticated remote code execution has been discovered in Apache Log4j 2, an open source Java logging tool. The Apache Software Foundation has identified the vulnerability as CVE-2021-44228.
“34% of companies [in portfolios] we examined had at least one exposed Java-based server. Not all of those use Log4j, but that gives a rough sense of the scale of exposure,” said Ethan Geil, Senior Director, Data and Research.
BitSight partnered with Good Harbor to host a salon discussion with security leaders from various industries to hear their thoughts on what the breach means for the security industry. Hosted by Richard A Clarke and BitSight’s Stephen Boyer, the discussion covered a range of topics from what happened, to what we should learn from the event, to what needs to happen next to minimize the damage from future attacks.
Theresa Payton, a leading cybersecurity expert & first female White House CIO, discusses hot topics in cybersecurity including supply chain risk, cyber risk quantification, building a diverse cybersecurity team, and more.
In this on-demand webinar, BitSight’s Tom Montroy, Director of Data Science, and Dan Dahlberg, Director of Research will share insights into the rising trend of ransomware and areas you can address to help prevent becoming a victim.
Andy Bien spent a decade as the Chief Information Officer of the Airport Authority of Hong Kong, an organization that underwent a significant digital transformation in recent years under his leadership. Watch to learn how he manages risk in a complex environment.