[Webinar] The Data Breach Landscape – Trends and Highlights Through September 2018

The Q3 2018 Data Breach QuickView Report was released last week. Let’s dig in and talk about what it all means! Join us this Wednesday for a fun and informative look at the breaches and trends shaping the data loss landscape through the third quarter of 2018. Webinar At A Glance: Wednesday, November 14, 2018 […]

Though 2018 Will Likely Not Surpass 2017 Numbers – Still Significant Year For Breach Activity

The number of publicly reported breaches keeps pace with recent years while a staggering 3.6 billion records are exposed. Risk Based Security today announced the release of its 2018 Q3 Data Breach QuickView report, showing there have been 3,676 publicly disclosed data compromise events through September 30. Breach activity continues at a consistent pace for […]

5-Star Ratings – Just How Vulnerable Is That Shiny New Application?

Star-based ratings are everywhere you look these days. From hotel and restaurant reviews to doctors and lawyers, practically every service and seller imaginable is subject to some sort of performance score. These rating systems are so familiar in fact that they have become the de facto shorthand for making fast judgements about the quality of […]

New libssh Vulnerability – No Logo But Plenty Of Attention

Earlier this week, Andreas Schneider announced the release of a new version of libssh, covering “an important security” that addressed “an authentication bypass vulnerability in the server code”. Pretty quickly we saw several news articles published that covered this issue, as well as third-party blogs that added commentary on the technical side of the vulnerability. […]

Getting To Know Your Electronic Voting Machine. Friend Or Foe?

In April 2016, we published a blog on electronic voting machine (EVM) vulnerabilities titled “To date, Risk Based Security has cataloged over 260 vulnerabilities in electronic voting machines.” Today, that number stands at 292. With the midterm elections coming up, the topic of voter influence, foreign meddling, and EVM security is back in the news, including another […]

Ransomware: To Pay Or Not To Pay, That Is Still A Real Question

Ransomware has long been a lurking threat, but it really took center stage in 2017 with the rapid spread of WannaCry and Petya/NotPetya. Like someone flipping a switch, ransomware went from a manageable annoyance to a major concern of not only security professionals but business owners and executives everywhere. While questions have been raised around […]

ABC Film Crews Leave Hospitals on the Hook for HIPAA Fines

Who: Boston Medical Center, Brigham and Women’s Hospital, and Massachusetts General Hospital How many records impacted: Undisclosed Timeline: Occurred: 10/1/2014 Discovered by the Organization: Unconfirmed Publicly Reported: September 20, 2018 What Happened: Trauma centers are fascinating places. Lives very often hang in the balance, with highly skilled teams of professionals working frenetically to ensure this […]

Sponsorships! Speaking Engagements! And Bears, OH MY!

We’re just kidding about the bears. The Risk Based Security team has a lot of exciting events on the calendar for October. First we’re off to Orlando to sponsor Splunk .conf18. Then, Jake Kouns is hopping transport to speak at the Wall Street Journal Pro’s Small Business Academy event along with other industry leaders. Next, […]

Pay No Attention To The Vulnerabilities Behind The Curtain

For years, Microsoft’s Patch Tuesday is something that all IT professionals (not just security practitioners) have dreaded. Since the practice was introduced in October 2003 to reduce the cost of distributing patches, it has become a point of consistency in patch cycles, and the source of grumbling because it often requires a full day or […]

Click2Gov Update: ICYMI Here’s The Latest

It’s been three months since our original post was published and as feared, breaches of the Click2Gov system continue to be reported. Here is what we’ve learned: Attackers are exploiting an unpatched vulnerability in Oracle’s WebLogic. Early on, we speculated whether the problem was with the Click2Gov application itself and whether it impacted the cloud-based […]