Blacklisting Limitations: Poor Cisco Fixes and Korean 0-days

Using blacklisting to fix vulnerabilities is rarely the right approach. That should not come as a surprise to anyone, and we all know variants of the saying: “The developer has to determine all cases of bad input; the attacker just has to determine the one that was missed.” Yet this does not stop vendors from […]

200,000th Vulnerability Added To VulnDB (And Why You Should Care)

VulnDB is the most complete and timely vulnerability intelligence available

RICHMOND, VA, March 29, 2019 — Risk Based Security today announced the addition of the 200,000th vulnerability to VulnDB, the preeminent database of vulnerability intelligence. This significant record highlights the scale of the security challenges faced by organizations, and the sheer volume of data that they need to be able to process. “With over 4,800 […]

More Than 22,000 Vulnerabilities Disclosed In 2018

Risk Based Security today announced the publication of its 2018 Year End Vulnerability QuickView Report, showing over 22,000 new vulnerabilities were disclosed during the year. While approximately 33% of published vulnerabilities received a CVSSv2 score of 7 or above, the number of vulnerabilities scoring 9 or above declined for the third year in a row. […]

VulnDB Add-On for Splunk Brings Best Vulnerability Intelligence To Risk Based Security and Splunk Customers

Risk Based Security (RBS), a provider of detailed information and analysis regarding Vendor Risk Ratings and Vulnerability Intelligence is pleased to announce the launch of our latest VulnDB integration option. The VulnDB Add-On for Splunk helps customers easily integrate data from Risk Based Security’s VulnDB service into Splunk software. The VulnDB Add-On for Splunk assists Splunk® Enterprise and […]

Leaping Forward – Risk Based Security & JFrog Launch 2019 With A New Partnership

Risk Based Security (RBS), the elite provider of comprehensive vulnerability intelligence and vendor risk ratings, is pleased to announce the launch of a new partnership with JFrog, the DevOps technology leader known for enabling liquid software via Continuous Update flows and the creator of Xray, JFrog’s flagship security and compliance scanning solution. Risk Based Security’s […]

On Pace To Break 20k Mark For Disclosed Vulnerabilities

The number of vulnerabilities through Q3 of 2018, though significant and on track to be over 20,000, is down from the same time last year and will likely fall short of the record-breaking 2017 year end numbers of more than 22,000 disclosed vulnerabilities, according to Risk Based Security. Today, Risk Based Security announced the public […]

New libssh Vulnerability – No Logo But Plenty Of Attention

Earlier this week, Andreas Schneider announced the release of a new version of libssh, covering “an important security” that addressed “an authentication bypass vulnerability in the server code”. Pretty quickly we saw several news articles published that covered this issue, as well as third-party blogs that added commentary on the technical side of the vulnerability. […]

Getting To Know Your Electronic Voting Machine. Friend Or Foe?

In April 2016, we published a blog on electronic voting machine (EVM) vulnerabilities titled “To date, Risk Based Security has cataloged over 260 vulnerabilities in electronic voting machines.” Today, that number stands at 292. With the midterm elections coming up, the topic of voter influence, foreign meddling, and EVM security is back in the news, including another […]

Pay No Attention To The Vulnerabilities Behind The Curtain

For years, Microsoft’s Patch Tuesday is something that all IT professionals (not just security practitioners) have dreaded. Since the practice was introduced in October 2003 to reduce the cost of distributing patches, it has become a point of consistency in patch cycles, and the source of grumbling because it often requires a full day or […]

Apache Struts Distraction Continues While Over 600 Additional Vulnerabilities Have Been Released

While everyone has been heavily focused on, or we could say distracted by, the recent Apache Struts vulnerability, the steady flow of additional vulnerabilities being disclosed continues. As we recently pointed out, the flood of vulnerabilities is not letting up this year. They range from the fairly mundane that likely affects few people, to ones […]