The Pains Of Vulnerability Coordination – And What To Learn From It

Some of the members of our Risk Based Security Vulnerability Research Team have been discovering and coordinating vulnerabilities for almost 20 years. Coordinating vulnerabilities can be painful at times, even if things overall have improved, especially when coordinating vulnerabilities with companies from the USA and most parts of the EU. These difficulties can be compounded […]

Critical Vulnerabilities Discovered in South Korean ActiveX controls

computer code on laptop screen

Many years ago, ActiveX was a popular technology. Unfortunately, too many ActiveX controls had a very low code maturity and were riddled with basic vulnerabilities like buffer overflows, or exposed unsafe functionality even if marked as “safe for scripting”. These allowed malicious websites to trivially compromise users’ systems. Today, ActiveX technology is considered obsolete and […]

Vulnerabilities disclosed during the first three months of 2019 reach a Q1 all-time high

RICHMOND, VA, May 16, 2019 — Risk Based Security today released the Q1 2019 Vulnerability QuickView Report. There were 5,501 vulnerabilities aggregated by Risk Based Security’s VulnDB that were disclosed during the first three months of 2019. This represents a 1% increase over the same period in 2018, making this Q1 an all-time high. CVSSv2 […]

Over 1,900 breaches reported in the first three months of 2019, a new Q1 record

RICHMOND, VA, May 7, 2019 — Risk Based Security today announced the release of its Q1 2019 Data Breach QuickView Report, which found that there were 1,903 publicly disclosed data compromise events in the first three months of the year, exposing over 1.9 billion records. No other first quarter has seen this level of activity, […]

From 4,000 to 40,000 Data Breaches: People are Still the Problem

CRA data breach statistics - May 2019

On May 2, 2019, we hit a data breach milestone. The Cyber Risk Analytics research team added the 40,000th breach entry to our ever expanding data breach database. Coming hot on the heels of the 200,000th vulnerability added to VulnDB, it can be tempting to think much of the breach activity taking place over the […]

Vulnerability Fixes That Make You Go Hmm…

things that make you go hmmm...

The VulnDB research team processes a large number of vulnerability reports, exploits, and vendor advisories on a daily basis. Each report is scrutinized, classified and added to the VulnDB vulnerability database. They are enriched with important details like affected versions, requirements for exploitation, and sometimes even identifying incorrect fixes. The lack of available detail in […]

Blacklisting Limitations: Poor Cisco Fixes and Korean 0-days

Using blacklisting to fix vulnerabilities is rarely the right approach. That should not come as a surprise to anyone, and we all know variants of the saying: “The developer has to determine all cases of bad input; the attacker just has to determine the one that was missed.” Yet this does not stop vendors from […]

200,000th Vulnerability Added To VulnDB (And Why You Should Care)

VulnDB is the most complete and timely vulnerability intelligence available

RICHMOND, VA, March 29, 2019 — Risk Based Security today announced the addition of the 200,000th vulnerability to VulnDB, the preeminent database of vulnerability intelligence. This significant record highlights the scale of the security challenges faced by organizations, and the sheer volume of data that they need to be able to process. “With over 4,800 […]

More Than 22,000 Vulnerabilities Disclosed In 2018

Risk Based Security today announced the publication of its 2018 Year End Vulnerability QuickView Report, showing over 22,000 new vulnerabilities were disclosed during the year. While approximately 33% of published vulnerabilities received a CVSSv2 score of 7 or above, the number of vulnerabilities scoring 9 or above declined for the third year in a row. […]

Over 6,500 Data Breaches and More Than 5 Billion Records Exposed in 2018

Risk Based Security today announced the release of its Year End 2018 Data Breach QuickView Report, showing there were 6,515 publicly disclosed data compromise events through December 31, 2018, exposing over 5 billion sensitive records. While the year ended below 2017’s high mark of 6,728 reported breaches, a continuing slow trickle of new breach information […]