Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Hunting PrivateLoader: The malware behind InstallsKey PPI service

Since July 2022, Bitsight has been tracking PrivateLoader, the widespread malware downloader behind the Russian Pay-Per-Install (PPI) service called InstallsKey. At the time, this malware was powering the now decommissioned ruzki PPI service. Figure 1 presents a brief description of the service, which was found in their sales telegram channel. Fig. 1 - Service description on telegram channel profile (Russian and English).

Less Is More: Consolidating Your Third Party Risk Management Tools

Proudly serving over 3,000 enterprises globally, Bitsight works closely with risk leaders across industries to help them protect their businesses. CISOs and third-party risk professionals face pressing challenges, from regulations to efficiency to maintaining supply chain resilience—all calling for smarter, easier, and more integrated solutions.

5 Cyber Governance Tips for Board Members, Inspired by New Bitsight-Google Study

Cybersecurity has become a critical part of corporate governance, with board members increasingly held accountable for the digital safety of their organizations. Amid rising breach costs, new cybersecurity regulations like those from the U.S. Securities and Exchange Commission (SEC), and new studies finding widespread cybersecurity failures, the impact of board-level cyber governance decisions is significant.

Practitioner's Corner: Managing Hidden Risk and Shadow IT

When it comes to managing hidden risk and shadow IT, our primary challenge as cybersecurity practitioners is securing the organization’s data and applications while empowering users to perform their duties efficiently. After all, one survey found that 67% of employees aren’t completely satisfied with their workplace tools and technologies—often resulting in the adoption of unsanctioned applications.

Practitioner's Corner: Turning Regulatory Compliance into Strategic Opportunity

Cyber risk regulations like NIS2 and DORA in the EU, or PS21/3 in the UK, signal a seismic shift toward strengthening cyber resilience and enforcing accountability. Championing regulations is not just a matter of checking compliance boxes: it’s an opportunity to become a business leader. To enable growth and protect revenue.

What is a Cyber Security Audit vs. Assessment (And Which One You Need)

In this article: If you're a security leader being asked to facilitate a cybersecurity audit, or if you are a member of the board requesting one, you must understand the difference between a cybersecurity audit and a cybersecurity assessment. Despite sounding the same, both provide you with different types of information - and that might have a significant impact on your organization’s security posture. In this blog, we provide a quick introduction to a cybersecurity audit vs.

How to Detect Shadow IT and Hidden Risk in Your Organization

In today's fast-paced business environment, the ever-evolving landscape of technology empowers employees with unprecedented flexibility and agility. While this fosters innovation and productivity, it also presents a lurking challenge—Shadow IT. This term encapsulates the use of unauthorized software, applications, or devices within an organization, posing substantial cybersecurity risks and operational hurdles.

Cybersecurity and Proxy Season: What Business Executives and Risk Leaders Need to Know

If you’re a business executive or a risk leader, you’re likely familiar with “proxy season,” the time of year when public companies hold their annual general meetings. During these meetings, investors have the opportunity to vote on important issues such as the election of board members and executive compensation.

Addressing Third-Party Risk in 2024: Insights Inspired by Bitsight-Google Study

Third-party risk is everywhere and the cybersecurity posture of those third parties is more important now than ever before. With organizations using 130 SaaS solutions on average, onboarding the “wrong” vendor — one that doesn’t share the same cyber practices or hygiene as you do, or that sharing sensitive data with would be cause for concern — could land an organization in hot water.