Risk Based Security, NIST and University of Maryland Team Up To Tackle Security Effectiveness

The research team at Risk Based Security analyzes and catalogs thousands of data breaches every year. From that work, a few central themes arise time and again.  One such theme is that breaches can happen at even the most security-conscious organizations. Another is the tenacity and skill of attackers when it comes to searching out […]

CVSSv3: New System, Next Problem (Scope)

In our last CVSSv3 blog series, we discussed our concerns about having to consider exploit reliability and the requirements to bypass advanced exploit mitigation techniques as part of the ‘Attack Complexity (AC)’ base score. This week, we attempt to wrap up the newly introduced challenges by covering the new ‘Scope (S)’ metric. “Formally, Scope refers […]

15,000 Vulnerabilities Disclosed In 2016 – Major Vendors Continue To Be Affected

2016 sets all time high for the number of disclosed vulnerabilities, according to Risk Based Security RICHMOND, VA, February 6, 2017 — Risk Based Security today announced the release of the annual VulnDB QuickView report that shows 2016 broke the previous all-time record for the highest number of reported vulnerabilities. The 15,000 vulnerabilities cataloged during […]

Risk Based Security Appoints Sven Krewitt To VulnDB Research Team

RICHMOND, VA, January 30, 2017 — Risk Based Security, Inc. today announced that it has appointed Mr. Sven Krewitt as a Senior Vulnerability Researcher. The appointment of Mr. Krewitt, a very talented and experienced vulnerability analyst, signals the company’s continued expansion of its vulnerability research team and dedication to providing the highest quality and most […]

2016 Reported Data Breaches Expose Over 4 Billion Records

2016 Sets All Time High for the number of records exposed, according to Risk Based Security RICHMOND, VA, January 25, 2017 — Risk Based Security today announced the release of the annual Data Breach QuickView report that shows 2016 broke the previous all-time high, set back in 2013, for the number of records exposed from […]

CVSSv3: New System, Next Problem (Exploit Reliability)

Last week in our CVSSv3 blog series, we discussed one of the bigger problems introduced by CVSSv3 related to file-based attack vectors. This week, we discuss another concern also introduced with the new version of CVSS. Attack Complexity – Exploit Reliability / Ease of Exploitation When studying the part of the CVSSv3 specification that describes […]

Facebook Forgets To Fix ImageTragick And Pays For It!

Staying up-to-date on vulnerabilities is a critical part of an information security program and many organizations, fortunately, realize this for the most part. However, a problem, which we have been working hard to educate both software / device vendors and organizations on, is that an often overlooked area is libraries and other 3rd party components […]

CVSSv3: New System, New Problems (File-based Attacks)

This is the second blog post in our series discussing CVSSv3. As shared in the first post, we have been in the process of thoroughly evaluating CVSSv3 to better understand the improvements and limitations compared to CVSSv2 for quite some time. For those curious about our thoughts on CVSSv2, we recommend our “The CVSSv2 Shortcomings, Faults, and Failures […]

Laws, Warranties, and Vulnerabilities – Oh My!

At the end of 2016, Risk Based Security’s research team published a vulnerability report detailing a lot of vulnerabilities in Air:Link routers from Jensen of Scandinavia AS, which is a market leader of networking devices in – you guessed it – Scandinavia. An interesting thing about Jensen of Scandinavia AS’ networking devices is that they […]

From Car Theft To Bombing Military Targets – Security Continues To Get “Real”

As we’ve written before, “cyber” risk is largely viewed as a financial problem. Criminals target rich caches of personal data for a myriad of identity fraud schemes or go after financial processes in order to steal money. Whether the attack is wildly successful – like Yahoo’s recent revelation a whooping 1 billion user records were […]