Sep 21, 2023
|
By Stanislas Arnoud
SmokeLoader is a well-known malware family that has been around for more than 10 years. Its main purpose is to download and drop other malware families. However, SmokeLoader's operators also sell plugins that add capabilities to the main module. Those plugins allow an affiliate to collect browser data from infected computers, as well as emails, cookies, passwords, and much more. In this blog post, we'll dissect SmokeLoader's plugins that were received by an infected computer from the botnet "0020".
Sep 19, 2023
|
By Sabrina Pagnotta
One of the most common ways that hackers target organizations is by exploiting vulnerabilities in outdated software. Outdated software risks can leave you open to a variety of hacks, including ransomware, malware, data breaches, and more. The fact is, failing to update your software doesn’t just mean you’re missing out on the latest version—it means you could expose your organization to major security vulnerabilities, like the widespread Apache Log4j2 vulnerability.
Sep 18, 2023
|
By Fábio Freitas
Earlier this summer, the internet was taken by storm by three critical vulnerabilities affecting MOVEit Transfer, a file-transferring software solution widely used by high-profile companies to store and share, in some cases, even the most sensitive business information.
Sep 13, 2023
|
By Vanessa Jankowski
In today's digital economy, every industry faces the challenge of doing more with less. Cybersecurity, a critical pillar of modern business operations, is no exception. Organizations are confronted with the need to secure their digital ecosystems while navigating budget constraints. As their supply chains expand, so do the risks—and the costs.
Sep 11, 2023
|
By Sabrina Pagnotta
Every organization handles security differently, based on their needs and internal structure—but in some mid-sized and large companies, both the chief information officer (CIO) and the chief information security officer (CISO) are involved. This can set up a CIO vs. CISO standoff. Indeed, historically, the relationship between the CIO and CISO has been described as adversarial but ever-evolving.
Sep 11, 2023
|
By Jake Olcott & Nicole Matusek
It seems everyone is concerned about cybersecurity these days, and the investor community is no different. Shareholders are reading the headlines—ransomware attacks, data breaches, infrastructure disruptions—and they are wondering how these incidents could impact the companies that they invest in. Shareholders are about to get a lot more information from companies in the months ahead. In July 2023, the U.S.
Sep 7, 2023
|
By Jake Olcott & Nicole Matusek
It seems everyone is concerned about cybersecurity these days, and the investor community is no different. Shareholders are reading the headlines—ransomware attacks, data breaches, infrastructure disruptions—and they are wondering how these incidents could impact the companies that they invest in. Shareholders are about to get a lot more information from companies in the months ahead. In July 2023, the U.S.
Sep 6, 2023
|
By Terence Cheong
In an era where digital innovation has become the lifeblood of businesses, cybersecurity has taken center stage in the corporate world. The Australian Prudential Regulation Authority (APRA) recognized this need and introduced CPS 234, a regulation that puts cybersecurity at the forefront of APRA-regulated entities. APRA is currently conducting an independent tripartite cyber assessment of compliance with CPS234, which took effect in 2019.
Sep 5, 2023
|
By Sabrina Pagnotta
Software supply chain attacks, or digital supply chain attacks, have become increasingly prevalent over the last couple of years. According to a study by KPMG, 73% of organizations have experienced at least one significant disruption from a third-party in the last three years. What’s the best way to protect against potential software supply chain attacks? To get the answer, let’s define what those attacks are, how they happen, and how you can defend against them.
Aug 31, 2023
|
By João Faria
Cyber threats pose a significant risk to organizations due to today's increasingly interconnected digital landscape. To address these challenges and ensure the security and resilience of critical infrastructure and digital services, the European Union introduced the Directive (UE) 2022/2555, commonly known as NIS 2 - which was actually approved on the same day as DORA, both being critical in how the EU is leveraging regulatory compliance and technology to reduce cyber risk.
Aug 24, 2023
|
By BitSight
Bitsight Third-Party Vulnerability Response empowers organizations to take action on high-priority incidents at a moment’s notice. Learn how to initiate vendor outreach and track responses to critical vulnerabilities through scalable templated questionnaires—with tailored exposure evidence— for more effective remediation. And grow and build trust across your ecosystem without worrying about expanded risk.
Apr 20, 2023
|
By BitSight
Bitsight Third-Party Vulnerability Response empowers organizations to take action on high priority incidents at a moments notice. Learn how to initiate vendor outreach and track responses to critical vulnerabilities through scalable templated questionnaires —with tailored exposure evidence— for more effective remediation. And grow and build trust across your ecosystem without worrying about expanded risk. Vulnerability Response not only facilitates communication with vendors but also allows you to track responses with more precision, coupling automated, bulk outreach with status updates and insights.
Apr 20, 2023
|
By BitSight
Bitsight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties. Companies rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss. Built on over a decade of technological innovation, its integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis.
Dec 13, 2022
|
By BitSight
Learn how BitSight for Fourth-Party Risk Management, helps you uncover deep insights into the most crucial and concentrated risk in your extended vendor network so you can proactively manage and remediate risk. With our latest enhancements, you can address concentrated risk within your extended vendor network in a more scalable and efficient way.
Dec 13, 2022
|
By BitSight
Learn how Bitsight Third-Party Vulnerability Detection empowers third-party risk professionals to find and remediate threats - including major security events - more quickly within their vendor portfolio. Identify exposure and mitigate risk more easily with critical insights into the impact on your organization’s third parties.
Jul 27, 2022
|
By BitSight
Learn about the benefits of our sourcing part of your TPRM program through leveraging experts in the industry and learning best practices to get your program up and running in an effective manner.
Jul 27, 2022
|
By BitSight
Learn about third-party risk management foundational elements and the 5 lifecycle stages that organizations go through with their vendors, including how it works in practice.
Jul 27, 2022
|
By BitSight
Learn about the successes our customers see through the help of their BitSight Advisors and where they assist customers the most when it comes to making smarter business decisions.
Apr 17, 2023
|
By BitSight
Cybersecurity ROI isn't about cost savings. It's about how your cybersecurity program helps you achieve your goals while managing risk to a level that your executive team is comfortable with. So if you shouldn't measure success in cost savings, how do you measure it? BitSight is providing five steps that help CISOs and executive teams evaluate their company's cybersecurity performance.
Apr 17, 2023
|
By BitSight
Are you overwhelmed by the intricacies of your attack surface? Concerned about the rising risk of vulnerabilities in your and your partners' digital ecosystems? New BitSight research finds that the average vulnerability remediation rate across organizations is about 5 percent per month, sparking concern that the status quo of exposure and vulnerability management is broken. Moreover, organizations face significant challenges in managing vulnerabilities in their extended, third-party ecosystem, and most security leaders do not have the tools to address these emerging threats.
Apr 1, 2023
|
By BitSight
Traditional vendor risk management programs are not effective at mitigating risk in ever-expanding third-party networks, and yet 69% of businesses still rely on manual processes. It's time to take your program to the next level. How can you centralize, automate, and streamline your process to manage hundreds of vendors as effectively as you manage ten? Scalable VRM continuously detects, monitors, and mitigates risk, going beyond due diligence and initial assessments to constantly reassess and proactively act on vendor risk.
Apr 1, 2023
|
By BitSight
Stop reacting to cyber risk as it comes. BitSight for Security Performance Management empowers security leaders to strengthen cyber resilience over time with objective, meaningful, and evidence-based metrics. Gain insights, drive decisions, and build confidence with our suite of advanced analytics.
- September 2023 (9)
- August 2023 (16)
- July 2023 (17)
- June 2023 (14)
- May 2023 (17)
- April 2023 (20)
- March 2023 (9)
- December 2022 (2)
- August 2022 (2)
- July 2022 (8)
Bitsight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties. Global enterprises, governments, and organizations rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss. When unrelenting market pressure pushes organizations to uncertainty and caution, they turn to Bitsight to confidently navigate cyber risk and grow with confidence.
Bitsight's universally recognized risk standard and market-leading data provides actionable insights into how companies set and manage to standards and report results to internal and external stakeholders. Built on over a decade of technological innovation, Bitsight's integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis.
Bitsight is on a mission to free the global economy from the material impact of cyber incidents.