Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

BitSight

Password Security: How To Protect Credentials Across Your Supply Chain

Many major stories about cyberattacks or data breaches have one weak link in common: passwords. Oftentimes, the simple alphanumeric password that acts as gatekeeper to our personal phones and email accounts is the same one that protects enterprise businesses’ servers. And passwords are only as strong as we make them. Unfortunately, though, most employees—76 percent of Americans, according to research we conducted in 2022—never change their passwords, or only do so when forced to.

How cybersecurity's "5 Percent Rule" could help you avoid the next cyber attack

It’s not easy being a cybersecurity leader these days. Security vulnerabilities in software, hardware, and devices are rising in number and severity, bringing with them risk of ransomware, breach, and other dangerous cybersecurity incidents. The risks presented by vulnerabilities are rising fast: Here’s the important question: With cyber vulnerabilities rising and presenting increasingly serious risks, are organizations doing enough to fight back? The answer might surprise you.

Zero day remediation tips: Preparing for the next vulnerability

Businesses increasingly run on software, which, unbeknownst to its developers, can contain vulnerabilities that attackers often discover and exploit before a patch is available. This makes zero day attacks inevitable, but you can reduce their impact in your network and across your supply chain if you’re prepared to act fast.

A Mere Five Percent of Vulnerable Enterprises Fix Their Issues Every Month: How to Help Them Do Better?

Software vulnerabilities are one of the leading threats to an organization's cybersecurity posture, yet recent research from Bitsight reveals that enterprises affected by software vulnerabilities resolve them at a typical compound rate1 of only about 5% per month compounded continuously. However, there is evidence of much faster remediation for certain classes of vulnerabilities.

What is a cybersecurity report? Why are they necessary?

Waves of change are constantly disrupting companies of all sizes around the world, particularly when it comes to cybersecurity. Digital infrastructure keeps expanding, work models constantly change, and the web between businesses gets more and more intertwined. It’s no surprise that CISOs and risk leaders are evolving. A majority of boards now see cyber risk as business risk, so they’re asking hard questions around risk and exposure.

5 Things a Security Manager Should Check Every Morning

As a security manager, you have a wide variety of tasks you need to complete in order to protect your organization — as well as your employee and customer data. Of course, some of these responsibilities are performed on a quarterly or yearly basis, such as gathering information for audits or conducting annual assessments. But there are certain tasks that you should be completing daily in order to maintain the desired security posture and reduce cyber risk across your expanding attack surface.

New high-severity vulnerability (CVE-2023-29552) discovered in the Service Location Protocol (SLP)

Researchers from Bitsight and Curesec have jointly discovered a high-severity vulnerability — tracked as CVE-2023-29552 — in the Service Location Protocol (SLP), a legacy Internet protocol. Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive Denial-of-Service (DoS) amplification attacks with a factor as high as 2200 times, potentially making it one of the largest amplification attacks ever reported.

5 Common Vulnerabilities Associated With Remote Access

After COVID, enterprise IT security got turned on its head. As the world adjusted to working from home, and continues to, IT teams worked overtime to enable remote access for millions of employees. This transition has gone smoothly for most organizations, but many security gaps still remain years later. The SolarWinds data breach is a worrying example. It shows how vulnerable organizations are to malicious activity in our changing risk environment.

Remediate Zero Day Events with Third-Party Vulnerability Detection & Response

When a major security event like SolarWinds or Log4j happens, how do you assess the impact across your third-party supply chain? Most organizations struggle to effectively react to zero day attacks and other critical vulnerabilities at scale, often following manual and cumbersome workflows. But our latest capability is here to change that.