Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

BitSight

SEC Regulations: What is a "Material" Cybersecurity Incident?

In one of the most important cybersecurity regulatory developments in recent memory, the U.S. Securities and Exchange Commission (SEC) recently adopted new cybersecurity disclosure requirements for publicly traded companies, including a requirement to publicly disclose a “material” cybersecurity incident in Form 8-K within four business days of determining that it is material.

Bitsight identifies nearly 100,000 exposed industrial control systems

Bitsight has identified nearly 100,000 exposed industrial control systems (ICS) owned by organizations around the world, potentially allowing an attacker to access and control physical infrastructure such as power grids, traffic light systems, security and water systems, and more. ICSs — a subset of operational technology (OT) — are used to manage industrial processes like water flow in municipal water systems, electricity transmission via power grids, and other critical processes.

How to Discover and Secure Open Port Vulnerabilities

Open port vulnerabilities pose a significant security risk to your organization. If left exposed, ports are a gateway for hackers to breach your network and steal your data. But what are open ports, why are they a security risk, and what can you do to close open port vulnerabilities? Let’s answer your open port questions.

Overcoming Cybersecurity Headwinds Part 2: Automation and Repurposing Time Savings

Welcome back to our Overcoming Cybersecurity Headwinds blog series—inspired by my latest webinar about third party risk with Marc Crudginton, CISO at Howard Hughes Corporation. In our last blog, we explored the wisdom of centrally managing cyber risk efforts across your organization and your third-party supply chain—a strategy that helps you do more with less in an era of budget constraints. Today, we dive deeper into the core of efficient Third Party Risk Management (TPRM): Automation.

5 Strategies to Reduce Attack Surface Exposure

Bitsight was recently named an Overall Leader in the 2023 KuppingerCole Analyst AG Leadership Compass for Attack Surface Management. The report—which provides an overview and comparison of relevant vendors in defined segments—also identified Bitsight as a leader in several other categories, including Product Leader, Innovation Leader, and Market Leader. To read the in-depth report analysis, download your free copy here.

SmokeLoader's Plugins

SmokeLoader is a well-known malware family that has been around for more than 10 years. Its main purpose is to download and drop other malware families. However, SmokeLoader's operators also sell plugins that add capabilities to the main module. Those plugins allow an affiliate to collect browser data from infected computers, as well as emails, cookies, passwords, and much more. In this blog post, we'll dissect SmokeLoader's plugins that were received by an infected computer from the botnet "0020".

5 Risks Of Outdated Software & Operating Systems

One of the most common ways that hackers target organizations is by exploiting vulnerabilities in outdated software. Outdated software risks can leave you open to a variety of hacks, including ransomware, malware, data breaches, and more. The fact is, failing to update your software doesn’t just mean you’re missing out on the latest version—it means you could expose your organization to major security vulnerabilities, like the widespread Apache Log4j2 vulnerability.

Overcoming Cybersecurity Headwinds Part 1: Start With a Unified Approach

In today's digital economy, every industry faces the challenge of doing more with less. Cybersecurity, a critical pillar of modern business operations, is no exception. Organizations are confronted with the need to secure their digital ecosystems while navigating budget constraints. As their supply chains expand, so do the risks—and the costs.

CIO Vs. CISO: Who Does What?

Every organization handles security differently, based on their needs and internal structure—but in some mid-sized and large companies, both the chief information officer (CIO) and the chief information security officer (CISO) are involved. This can set up a CIO vs. CISO standoff. Indeed, historically, the relationship between the CIO and CISO has been described as adversarial but ever-evolving.