Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

How to Set Up and Run a Workable AI Council to Govern Trustworthy AI

As in many companies around the world, Bitsight leadership believes that adoption and innovation through the use of artificial intelligence (AI) capabilities is crucial to the future of our company. From the top down, our employees are continually on the hunt for ways to leverage AI to improve business outcomes and customer productivity.

Critical Vulnerabilities Uncovered: How Bitsight Delivered Fast, Actionable Insights in Under 24 Hours

The speed at which vulnerabilities are detected and addressed can drastically impact an organization’s likelihood of suffering a security incident. Recently, Bitsight demonstrated how its investments in product fingerprinting and CVE mapping allowed it to identify and surface assets potentially impacted by a set of critical vulnerabilities in the CUPS printing system in under 24 hours.

Critical Vulnerabilities Discovered in Automated Tank Gauge Systems

Industrial Control Systems (ICS) have become a ubiquitous part of modern critical infrastructure. Automatic Tank Gauge (ATG) systems play a role in this infrastructure by monitoring and managing fuel storage tanks, such as those found in everyday gas stations. These systems ensure that fuel levels are accurately tracked, leaks are detected early, and inventory is managed efficiently.

From Theory to Practice: How Portugal's Cybersecurity Centre Is Tackling NIS2 Compliance

In their capacity as a regulator, the Portuguese National Cybersecurity Centre (CNCS) is at the forefront of adapting to NIS2 requirements and ensuring that entities under their purview are compliant. They provide strategic oversight and support for organisations navigating the complexities of the new directive, which introduces stricter standards for risk management, incident response, and supply chain security.

CISA KEV performance in the Financial Sector

As a security data nerd I am absolutely spoiled here at Bitsight. So much so that I have to stop myself from doing little projects and requests so I can dive into the “big” stuff1. So it is always refreshing when folks see a piece of research and decide “hey can you give me more information on my little corner of the world.” Then of course and can throw off those notions of “stopping” and just dive back in.

Continuing to Evolve Next-Gen Asset Attribution Through Service Provider Collaboration

One of the primary reasons that the Bitsight Security Rating is widely respected and closely correlated with real-world security outcomes is the scale and sophistication of our asset attribution capabilities. In a recent post, my colleague Francisco Ferreira shared an update on the momentum building with Bitsight Graph of Internet Assets (GIA), the AI-powered engine we use to map assets to organizations and build our Ratings Trees.

Do We Need Yet Another Vulnerability Scoring System? For SSVC, That's a YASS

The security world is awash in acronyms. As a niche in the security world, vulnerability, tracking, measurement, and management is no stranger to inscrutable collections of capital letters. We’ve got NVD, CPE, CWE, CVSS, EPSS, CAPEC, KEV, and of course “CVE”. The key goal of all these frameworks is to try to help folks organize information around vulnerabilities and assess how their presence might increase an organization's exposure.

A Complete Guide to Security Ratings

Security ratings are a data-driven, dynamic measurement of an organization's cyber security performance that can be used to understand and influence internal and third-party cyber risk. Sometimes referred to as cybersecurity ratings, these quantitative metrics give security teams a simple indicator of security performance across their own organization, as well as the security posture of the third-party organizations they rely on.

A look into Web Application Security

In today's digital age, web applications are the backbone of many businesses, supporting and managing a vast array of sensitive information, from personal details and financial records to critical business data. When we think about any company that we want to know more about, the most common question is: “what is their website”? But web applications are not just about traditional websites, they encompass far more than just the pages you go to when browsing the Internet.

7777 Botnet - Insights into a Multi-Target Botnet

Over the last month there have been some updates about the mysterious 7777 botnet—which was first mentioned in this post in October 2023. Until now, it was known that the botnet was made up of TP-LINK routers and that it was being used to execute very low volume and controlled brute force attacks on Microsoft 365 services targeting corporate accounts. In our continuous efforts to have all sorts of malware families under our radar, the 7777 botnet is no exception.