Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

The Aftermath of the Kaspersky Ban

In the spring of 2024, amid growing international concern about supply chain risk and the trust and reliability of technology suppliers, the United States banned Kaspersky Lab, Inc., the Russia-based antivirus company from providing its products to the US market. The ban went into effect on September 30, 2024. What impact has the ban had on US and global usage of Kaspersky? Has it been effective? A new analysis from Bitsight contains some surprising results.

Enhancing Corporate Governance in the Digital Age: Integrating Cybersecurity into ESG Stewardship

In an era where digital resilience is vital to corporate health, cybersecurity is a critical governance issue. The partnership between Bitsight and Glass Lewis underscores this reality by providing companies with a forward-thinking approach to assessing cybersecurity as part of Environmental, Social, and Governance (ESG) considerations.

BADBOX Botnet Is Back

Imagine this: you're at home, eagerly waiting for the new device you ordered from Amazon. The package arrives, you power it on, and start enjoying all the benefits of 21st century technology—unaware that, as soon as you powered it on, a scheme was unfolding within this device. Welcome to the world of BADBOX. BADBOX is a large-scale cybercriminal operation selling off-brand Android TV boxes, smartphones, and other Android electronics with preinstalled malware. What does this mean?

Web Application Security for DevOps: Anti-CSRF and Cookie SameSite Options

This is a continuation of our series on web application security. If you haven't already read through parts 1 and 2, this is a good time to go back. If not, let's move on and answer the question left hanging during our last installment: what are request methods, including the POST request method, and how does logging out of a website work when it comes to cookies and session IDs? Let's also tackle the more important issue of how to combat cross-site request forgery (CSRF) attacks.

A New Chapter for Bitsight: Welcoming Cybersixgill & Cyber Threat Intelligence

Today, I am thrilled to announce the official closing of Bitsight’s acquisition of Cybersixgill, a leading provider of cyber threat intelligence solutions. This is not only a pivotal step in our long-term vision—it’s a reinforcement of our promise to help each and every one of our customers to make smarter, faster risk decisions. Bitsight was founded on the belief that cyber risk is not binary.

Turning Security Insights into Action with Bitsight's New Jira Integration

Enterprise security is a job that is never truly done. Success comes down to prioritizing high-impact activities, executing them efficiently, and adapting as new information emerges. Bitsight Security Performance Management (SPM) is the centerpiece of this lifecycle for many organizations. It helps security teams understand their external attack surface in detail and make data-driven decisions about how to apply their limited resources most effectively.

SOC 2 Compliance 101

SOC 2 compliance is no longer optional—it’s essential to a robust cybersecurity posture and cyber risk management strategy. It’s a key indicator of an organization’s commitment to securing data and maintaining operational resilience. In this blog, we’ll offer insights and recommendations to help your organization stay ahead as part of your overarching cybersecurity compliance strategy.

Accelerating Rating Updates Post-Remediation with Bitsight Groma

Thousands of organizations globally rely on the Bitsight Security Rating to prioritize their internal security efforts and ensure that third-party vendors meet their security commitments. While this is a highly strategic activity, progress is often measured in incremental steps as individual security findings are remediated over time.

PROXY.AM Powered by Socks5Systemz Botnet

A year ago, Bitsight TRACE published a blog post on Socks55Systemz,a proxy malware with minimal mentions in the threat intelligence community at the time. In that post, we correlated a Telegram user to the botnet operation and estimated its size at around 10,000 compromised systems. After a year-long investigation, we are shedding new light on these conclusions.

NIS2 Compliance Advice from Luxembourg's Regulatory Authority

NIS2 is a transformative directive reshaping how organizations across Europe and the globe approach cybersecurity, supply chain management, and operational resilience. A lot has been written about compliance strategies, but what does NIS2 mean in practice? We’ve asked the Institut Luxembourgeois de Régulation (ILR), Luxembourg’s national regulatory authority responsible for overseeing the implementation and enforcement of NIS2 in the country.