29% Increase In Vulnerabilities Already Disclosed In 2017

2017 starts off with an unrelenting rise in vulnerabilities, according to Risk Based Security RICHMOND, VA, May 23, 2017 — Risk Based Security today announced the release of our VulnDB QuickView for the first quarter of 2017. The report shows an unrelenting rise in the number of vulnerabilities being reported. Unless the pace of vulnerability […]

Another Record Pace For Breach Activity Already In Q1 2017

RICHMOND, VA, May 23, 2017 — Risk Based Security is pleased to announce the release of the Q1 2017 DataBreach QuickView Report. Results from the analysis of Q1 activity do not look promising for data breach activity in 2017. In fact, with over 1,200 breaches and over 3.4 billion, yes billion, records exposed, 2017 is […]

CVSS – Is Version 3 All Bad?

Over the past months, we’ve been blogging in our CVSSv3 series about various concerns and problems with CVSSv3 either introduced in CVSSv3 or that existed since CVSSv2. We have also discussed the shift and increased severity ratings, which we have seen with the scoring system itself. To be fair, it is important to know that […]

CVSSv3: When Every Vulnerability Appears To Be High Priority

After a brief hiatus, we are excited to be in the home stretch of our CVSSv3 series. In this post we look at some of the current CVSSv3 scoring and analysis that has been published. The first thing we did when starting this blog series was to reach out to the CVSS SIG mailing list […]

Wikileaks: Vault 7 Leak Exposes CIA Hacking Documents

Just as the story on The Shadow Brokers exposing the alleged NSA Equation Group’s offensive cyber toolkit has come to a close, today Wikileaks announced a new series of leaks concerning the hacking capabilities of the CIA. This new series of leaks has been named “Vault 7” and they claim it is the largest publication […]

CVSSv3: New System, Old Problems Remain

This latest blog post in our CVSSv3 series discusses problems with CVSSv2 that persist in CVSSv3. While CVSSv3 did address some concerns with CVSSv2 – as we plan to discuss in a future blog post – it did not address all. Some of the remaining issues we believe are quite problematic. The Access Complexity Segregation […]

Risk Based Security, NIST and University of Maryland Team Up To Tackle Security Effectiveness

The research team at Risk Based Security analyzes and catalogs thousands of data breaches every year. From that work, a few central themes arise time and again.  One such theme is that breaches can happen at even the most security-conscious organizations. Another is the tenacity and skill of attackers when it comes to searching out […]

CVSSv3: New System, Next Problem (Scope)

In our last CVSSv3 blog series, we discussed our concerns about having to consider exploit reliability and the requirements to bypass advanced exploit mitigation techniques as part of the ‘Attack Complexity (AC)’ base score. This week, we attempt to wrap up the newly introduced challenges by covering the new ‘Scope (S)’ metric. “Formally, Scope refers […]

15,000 Vulnerabilities Disclosed In 2016 – Major Vendors Continue To Be Affected

2016 sets all time high for the number of disclosed vulnerabilities, according to Risk Based Security RICHMOND, VA, February 6, 2017 — Risk Based Security today announced the release of the annual VulnDB QuickView report that shows 2016 broke the previous all-time record for the highest number of reported vulnerabilities. The 15,000 vulnerabilities cataloged during […]

Risk Based Security Appoints Sven Krewitt To VulnDB Research Team

RICHMOND, VA, January 30, 2017 — Risk Based Security, Inc. today announced that it has appointed Mr. Sven Krewitt as a Senior Vulnerability Researcher. The appointment of Mr. Krewitt, a very talented and experienced vulnerability analyst, signals the company’s continued expansion of its vulnerability research team and dedication to providing the highest quality and most […]