Over 2,300 Data Breaches Disclosed So Far In 2018, Exposing Over 2.6 Billion Records

Risk Based Security today announced the release of its Mid-Year 2018 Data Breach QuickView report, showing there have been 2,308 publicly disclosed data compromise events through June 30th. After a surprising drop in the number of reported data breaches in first quarter, breach activity appears to be returning to a more “normal” pace. At the […]

More Than 10,000 Vulnerabilities Disclosed So Far In 2018 – Over 3,000 You May Not Know About

Risk Based Security today announced the release of its 2018 Mid Year VulnDB QuickView report that shows there have been 10,644 vulnerabilities disclosed through June 30th. This is the highest number of disclosed vulnerabilities at the mid-year point on record. The 10,644 vulnerabilities cataloged during the first half of 2018 by Risk Based Security’s research […]

Join RBS At Hacker Summer Camp 2018

Another busy year in the security world and Hacker Summer Camp is again here upon us! The Risk Based Security team will be on site, to meet and mingle at Black Hat and DEF CON. If you are planning to be in town for the events, we’d love to see you there. Take a break […]

Risk Based Security Announces Sponsorship and Integration With OWASP Dependency-Track

Risk Based Security is pleased to announce our sponsorship of the OWASP Dependency-Track project and corresponding integration of VulnDB data into the Dependency-Track platform. Dependency-Track is an intelligent Software Composition Analysis (SCA) platform that allows organizations to identify and reduce risk from the use of third-party and open source components.  The platform tracks third-party component […]

Click2Gov or Click2Breach?

Here on the Cyber Risk Analytics research team, we have more than our fair share of “glitch in the matrix moments” – you know, that proverbial black cat walking across your screen that makes you think: “Didn’t I just see this breach?” Usually it’s a case of similar circumstances or simply two names that are […]

The Great (belated) Mozilla Firefox CVE Dump

On June 11th, MITRE published descriptions and references for 318 entries, all  relating to Mozilla Firefox. Yes; three hundred and eighteen entries. It may be tempting to think Mozilla was holding back on disclosures or there was a flurry of research activity leading to a slew of new vulnerabilities being discovered. But no, this would […]

MyHeritage – Bad Security or Bad Luck?

In the early afternoon of June 4th, the CISO of MyHeritage received the message every security professional dreads. A researcher was reaching out to share the news they had found a file containing users’ email addresses and hashed passwords – 92,283,889 records in total – for nearly every account created with the service through October […]

Risk Based Security, Inc. and eGRC.COM Announce Partnership

Risk Based Security, Inc. (RBS) is pleased to announce a partnership with eGRC.COM (eGRC) and the corresponding launch of the RiskManaged VulnDB Connector. eGRC provides Enterprise Governance, Risk and Compliance software, integration and consulting services to Fortune 500 clients.  eGRC helps customers maximize value from their GRC platform investments, supporting a variety of technologies including […]

Vulnerability Management: So Much More Than Just Patch Management

The other day I happened upon an article titled: “Vulnerability Management: Why the Problem Can’t Be Solved“, which made me curious for all the wrong reasons. As you can imagine, I strongly disagree with the premise that vulnerability management is a problem that cannot be solved. Having worked in the vulnerability intelligence field for more […]

Efail: What A Disclosure FAIL That Was!

Yesterday, news broke of a “critical” vulnerability in OpenPGP and S/MIME, named ‘Efail’ that could lead to an attacker gaining access to plaintext emails. News broke in the form of a dire warning from the Electronic Frontier Foundation warning people to “immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email.” This was, of course, […]