In today's digital age, web applications are the backbone of many businesses, supporting and managing a vast array of sensitive information, from personal details and financial records to critical business data. When we think about any company that we want to know more about, the most common question is: “what is their website”? But web applications are not just about traditional websites, they encompass far more than just the pages you go to when browsing the Internet.

Over the last month there have been some updates about the mysterious 7777 botnet—which was first mentioned in this post in October 2023. Until now, it was known that the botnet was made up of TP-LINK routers and that it was being used to execute very low volume and controlled brute force attacks on Microsoft 365 services targeting corporate accounts. In our continuous efforts to have all sorts of malware families under our radar, the 7777 botnet is no exception.

Last month, my colleague Arzu Ozbek Akay shared some insights about the impact that Bitsight Groma, our next-generation scanner, is already having on our products. Today, I’m going to follow that up with an update on the momentum we’re seeing with the second core component of our data engine: Bitsight Graph of Internet Assets (GIA). As a quick refresher, GIA uses advanced graph technology and AI models to map assets to specific organizations and build Ratings Trees at a global scale.

On April 9, 2024, Japan's Ministry of Economy, Trade and Industry (METI) announced its intention to implement a cybersecurity rating system for companies by fiscal year 2025.

When a new major CVE gets released, cybersecurity companies race to discover ways of detecting the new vulnerability and organizations scramble to determine if they are impacted or not. Developing high-confidence techniques to scan the public-facing Internet assets for newly published vulnerabilities can potentially take weeks or even months as vulnerability researchers discover and test various detection methods.

The path to NIS2 compliance is less about ticking boxes and more about fostering a resilient, proactive cybersecurity culture across the organisation and its extended network. While the challenges pertaining to third-party and supply chain risk management are significant, they are not insurmountable—especially if we break them down. Today we will focus on understanding a very specific NIS2 requirement: Coordinated Risk Assessments.

Organizations register domains for many reasons, the obvious one being to use as their primary online presence. In many cases organizations also register domains that they might not use but want to prevent others from using.

You may not know it, but much of your daily life depends on Industrial Control Systems(ICSs). From the power you're using right now to the water you drink, it all depends on Programmable Logic Controllers (PLCs) and other ICS tech to be delivered. In fact, nearly any time something in the physical world needs to be automated, there will be an ICS involved.

Let’s talk technical debt. It’s that silent, creeping problem many of us have faced—those quick fixes and shortcuts we took to keep things running smoothly. They accumulate over time, leaving us with a tangled web of outdated systems and patchwork solutions. In cybersecurity, this isn’t just a minor annoyance—it’s a ticking time bomb. So, what’s technical debt consolidation?

Before Crowdstrike caused the world to melt down for a few days, the talk of the security town was a recent OpenSSH vulnerability (CVE-2024-6387). Dubbed by its celebrity name regreSSHion, it is a Remote Code Execution vulnerability in some versions of OpenSSH discovered by the Qualys Threat Research Unit on July 1, 2024. Specifically, versions of OpenSSH compiled against the glibc library, which is to say “probably most of them”, were impacted.