Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


Latrodectus, are you coming back?

At the end of May 2024, the largest ever operation against botnets, dubbed Operation Endgame, targeted several botnets including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot. This operation significantly impacted the botnets by compromising their operations and shutting down their infrastructure. Although Latrodectus was not mentioned in the operation, it was also affected and its infrastructure went offline.

Navigating NIS2 Requirements: Transforming Supply Chain Security

Talking to fellow CISO’s around the globe - and in particular Europe - the topic of cybersecurity regulations and compliance has taken on a new life. Most recently, the Network and Information Security (NIS 2) Directive is the latest regulation shaking up the region. NIS2 is much more than an update though—it's transforming the cybersecurity landscape of the EU.

7 Types of exposures to manage beyond CVEs

As cybersecurity leaders try to get ahead of threats to their organization, they're increasingly seeking ways to get off the hamster wheel of chasing countless CVEs (common vulnerabilities and exposures). The brass ring that most CISOs reach for today is prioritization of exposures in their infrastructure (and beyond), so their teams can focus on tackling the ones that present the greatest risk. In some cases, the highest priority exposures will still be critical CVEs on mission critical assets.

Race to KEV Remediation: Who Tops the Charts in Europe?

In our global study of the CISA KEV Catalog, we uncovered widespread vulnerabilities and the swift pace at which threats evolve. As we dissect the layers of data from the report, it becomes evident that each country's unique approach to cybersecurity regulation, vulnerability management, and remediation presents distinct challenges and opportunities.

Integrating your TPRM Stack for Seamless Vendor Lifecycle Management

Every cybersecurity team is being challenged to do more with less. CISOs experience top-down pressure to maximize the value of their resources, consolidate vendors as much as possible, and optimize their tool stack. And, they have unchanged expectations of keeping their organization safe across ever-growing digital supply chains. But traditional approaches to VRM often leave cybersecurity teams grappling with a tangled web of manual processes, disparate tools, and fragmented data.

Ivanti EPM Cloud Services Appliance - Taking advantage of a backdoor to detect a vulnerability

At Bitsight, part of the Vulnerability Research team's core work involves analyzing vulnerabilities in order to create detection capabilities that can be implemented on an Internet-wide scale.

The Race to Secure Operational Technologies is On

Whether it's because industrial control systems remain quite vulnerable to attacks, or because these systems manage valuable physical resources and uptime is essential—or a bit of both—attackers are increasingly targeting operational technology (OT) and industrial control systems (ICS).

How Cyber Risk Ratings Platforms Have Evolved - And Why Bitsight is a Leader

Bitsight was named a Leader in The Forrester Wave: Cybersecurity Risk Ratings Platforms, Q2 2024 for a third consecutive time. Click here to download The Forrester Wave: Cybersecurity Risk Ratings Platforms, Q2 2024. We are incredibly proud to be highlighted as a Leader, and our placement in this report is validation of our ongoing effort to help risk and security leaders identify exposure, prioritize investment, communicate with stakeholders, and mitigate risk.

Analyzing Utilities Sector Cybersecurity Performance

With economic sanctions being levied by the US against Iran and a trade war heating up with China, some security experts are cautioning that attacks targeting US critical infrastructure may be inevitable. Are electric utilities prepared to defend themselves and their facilities against these attacks?