<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=26304&amp;fmt=gif">
BitSight

BitSight Releases New VPNFilter & Oracle Weblogic Vulnerability Identification Filters

Alex Campanelli | July 6, 2018

Within the BitSight Security Ratings platform, we prioritize features that help organizations both identify and manage risks across their own networks and the networks of their third parties. BitSight now enables users to identify organizations who are potentially vulnerable to VPNFilter malware or Oracle’s WebLogic server problems.

VPNFilter is a piece of malware allegedly linked to the same Russian hacking group that made headlines during the 2016 election, which has now shown up in 54 countries including the United States. This malware uses known vulnerabilities to infect home office routers, and once that happens, it reports back to a command-and-control infrastructure that can install purpose-built plug-ins, which will perform actions like eavesdropping on internet traffic to steal website credentials.

Within your BitSight Security Ratings portal, it’s simple to identify the VPNFilter vulnerability on your own network or on that of a third or fourth party. By doing this, you could find endpoints vulnerable to the VPNFilter malware, which could potentially take control of network devices. Go to Portfolio ➔ All Companies and search for “VPNFilter” in the “Search filter options…” bar, and then include “VPNFILTER (potential)” in your search.

vpnfilter_360

Oracle’s April 2018 Critical Patch Update contained a patch for a vulnerability in the WebLogic Server (WLS) core component of WebLogic. In the update, this security issue received a severity score of 9.8 out of 10, given that it could allow attackers to execute code on remote WebLogic servers without actually needing to authenticate.

To search for the WebLogic vulnerability on your own network or on a third parties’, you can search within the BitSight Security Ratings portal to find vulnerable servers. This will show where BitSight observed the presence of infected WebLogic machines that are attempting to find other vulnerable machines. This vulnerability could allow attackers to execute code on remote WebLogic servers without needing to authenticate. Go to Portfolio ➔ All Companies and search for “Weblogic” in the “Search filter options…” bar, and then include “WeblogicWorm” in your search.

weblogic_portfolio_360

These new filters provides valuable insight into the security posture of an organization (and its vendors). With global cyber attacks that can exploit internal vulnerabilities, companies must keep track of all the endpoints on their network and ensure that patching is consistent and up-to-date. BitSight is leading the way in the Security Rating Services industry to provide advanced vulnerability identification equipping security and risk professionals to reduce the cyber risk associated with their third parties and within their organizations.

Request A Demo

Suggested Posts

BitSight Releases New VPNFilter & Oracle Weblogic Vulnerability Identification Filters

Within the BitSight Security Ratings platform, we prioritize features that help organizations both identify and manage risks across their own networks and the networks of their third parties. BitSight now enables users to identify...

READ MORE »

BitSight Raises $60 Million in Series D Funding To Further Cement Status as Security Ratings Leader

Last Thursday, BitSight announced the closing of our Series D Round of funding. Not only is this important for our company, it is also extremely significant for the security and risk market as a whole.  

READ MORE »

BitSight Joins Local Boston Companies Participating in Annual Pride Parade

On June 9th, a BitSight team participated in the annual Boston Pride parade for the first time. Boston Pride is a celebration of the city's LGBTQ community and its allies that brings thousands of marchers and spectators into the streets....

READ MORE »

Subscribe to get security news and updates in your inbox.