Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Organizations register domains for many reasons, the obvious one being to use as their primary online presence. In many cases organizations also register domains that they might not use but want to prevent others from using.

You may not know it, but much of your daily life depends on Industrial Control Systems(ICSs). From the power you're using right now to the water you drink, it all depends on Programmable Logic Controllers (PLCs) and other ICS tech to be delivered. In fact, nearly any time something in the physical world needs to be automated, there will be an ICS involved.

Let’s talk technical debt. It’s that silent, creeping problem many of us have faced—those quick fixes and shortcuts we took to keep things running smoothly. They accumulate over time, leaving us with a tangled web of outdated systems and patchwork solutions. In cybersecurity, this isn’t just a minor annoyance—it’s a ticking time bomb. So, what’s technical debt consolidation?

Before Crowdstrike caused the world to melt down for a few days, the talk of the security town was a recent OpenSSH vulnerability (CVE-2024-6387). Dubbed by its celebrity name regreSSHion, it is a Remote Code Execution vulnerability in some versions of OpenSSH discovered by the Qualys Threat Research Unit on July 1, 2024. Specifically, versions of OpenSSH compiled against the glibc library, which is to say “probably most of them”, were impacted.

Most organizations now recognize that even if they have a strong internal security posture, a security lapse by any one of their many third-party vendors or partners can be just as catastrophic to their business as a direct breach. Industry and government regulators are increasingly focused on this topic as well, resulting in a wave of new compliance requirements that extend to third-party risks.

Earlier this year, we announced Bitsight’s next-generation internet scanning, Bitsight Groma, and AI-powered discovery and attribution technology, Bitsight Graph of Internet Assets (Bitsight GIA). While these technologies work as partners in the Bitsight Cyber Risk Data Engine to create a dynamic map of internet infrastructure, it is helpful to separate them out to understand their unique contributions.

As we are all very aware, being a technical person or layman, the recent CrowdStrike outage caused disruptions on a myriad of systems worldwide, affecting multiple industry sectors and millions of people in some way, shape, or format.

In today’s interconnected business environment, organizations rely heavily on third parties, and while third party relations are critical for success in most businesses, they also leave data more vulnerable to exposure from bad actors. This makes vendor risk management (VRM) a critical component of any company's overall risk management strategies. Effective VRM practices help protect sensitive data and maintain robust security postures, minimizing the potential risks introduced by vendors.

As most in the industry are aware, a defective content update to CrowdStrike’s Falcon Sensor for Windows led to a global cascade of system outages affecting critical industry sectors such as transportation, banking, healthcare, and public safety. Many enterprises and government agencies around the world are still actively managing their response to this incident.

In the course of a major research rollout like my recent whitepaper on KEV vulnerabilities, I frequently end up doing some bit of analysis that doesn’t make it into the final doc. Usually, it is because I am dealing with limited space and attention spans, and I gotta stop sometime. The stuff that gets cut is usually not terribly compelling or surprising or is maybe more an artifact of the particular bias in our sample or is only interesting to a very small audience.