<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=26304&amp;fmt=gif">
BitSight

BitSight Releases New VPNFilter & Oracle Weblogic Vulnerability Identification Filters

Alex Campanelli | July 6, 2018

Within the BitSight Security Ratings platform, we prioritize features that help organizations both identify and manage risks across their own networks and the networks of their third parties. BitSight now enables users to identify organizations who are potentially vulnerable to VPNFilter malware or Oracle’s WebLogic server problems.

VPNFilter is a piece of malware allegedly linked to the same Russian hacking group that made headlines during the 2016 election, which has now shown up in 54 countries including the United States. This malware uses known vulnerabilities to infect home office routers, and once that happens, it reports back to a command-and-control infrastructure that can install purpose-built plug-ins, which will perform actions like eavesdropping on internet traffic to steal website credentials.

Within your BitSight Security Ratings portal, it’s simple to identify the VPNFilter vulnerability on your own network or on that of a third or fourth party. By doing this, you could find endpoints vulnerable to the VPNFilter malware, which could potentially take control of network devices. Go to Portfolio ➔ All Companies and search for “VPNFilter” in the “Search filter options…” bar, and then include “VPNFILTER (potential)” in your search.

vpnfilter_360

Oracle’s April 2018 Critical Patch Update contained a patch for a vulnerability in the WebLogic Server (WLS) core component of WebLogic. In the update, this security issue received a severity score of 9.8 out of 10, given that it could allow attackers to execute code on remote WebLogic servers without actually needing to authenticate.

To search for the WebLogic vulnerability on your own network or on a third parties’, you can search within the BitSight Security Ratings portal to find vulnerable servers. This will show where BitSight observed the presence of infected WebLogic machines that are attempting to find other vulnerable machines. This vulnerability could allow attackers to execute code on remote WebLogic servers without needing to authenticate. Go to Portfolio ➔ All Companies and search for “Weblogic” in the “Search filter options…” bar, and then include “WeblogicWorm” in your search.

weblogic_portfolio_360

These new filters provides valuable insight into the security posture of an organization (and its vendors). With global cyber attacks that can exploit internal vulnerabilities, companies must keep track of all the endpoints on their network and ensure that patching is consistent and up-to-date. BitSight is leading the way in the Security Rating Services industry to provide advanced vulnerability identification equipping security and risk professionals to reduce the cyber risk associated with their third parties and within their organizations.

Get Your Rating

Suggested Posts

Forrester Recognizes BitSight as a Leader in Cybersecurity Risk Rating Solutions

This past Tuesday, BitSight was named a Leader in The Forrester New Wave™: Cybersecurity Risk Rating Solutions, Q4 2018 evaluation. This report evaluates the current offering and strategy of vendors in a particular technology market, such...

READ MORE »

BitSight EXCHANGE Recap: Takeaways from the Inaugural Forum

On October 10th, BitSight’s inaugural EXCHANGE forum, the premier event for security and risk professionals, took place at the Intercontinental New York Times Square. Over the course of this one-day event, distinguished business and...

READ MORE »

5 Reasons Not To Miss BitSight’s Inaugural EXCHANGE Event

On October 9th & 10th, BitSight will host EXCHANGE, the premier event for security and risk professionals, at the Intercontinental New York Times Square. Over the course of this one-day event, distinguished business and technology leaders...

READ MORE »

Subscribe to get security news and updates in your inbox.