Critical Vulnerabilities Discovered in South Korean ActiveX controls

computer code on laptop screen

Many years ago, ActiveX was a popular technology. Unfortunately, too many ActiveX controls had a very low code maturity and were riddled with basic vulnerabilities like buffer overflows, or exposed unsafe functionality even if marked as “safe for scripting”. These allowed malicious websites to trivially compromise users’ systems. Today, ActiveX technology is considered obsolete and […]

Vulnerabilities disclosed during the first three months of 2019 reach a Q1 all-time high

RICHMOND, VA, May 16, 2019 — Risk Based Security today released the Q1 2019 Vulnerability QuickView Report. There were 5,501 vulnerabilities aggregated by Risk Based Security’s VulnDB that were disclosed during the first three months of 2019. This represents a 1% increase over the same period in 2018, making this Q1 an all-time high. CVSSv2 […]

Risk Based Security Wins 2019 Emerging Technology Business Award

Photo of Jake Kouns, CISO and co-founder of Risk Based Security, accepting the Emerging Technology award at the RVAtech Gala

RICHMOND, VA, May 10, 2019 — Risk Based Security, a global leader in vulnerability intelligence and risk ratings, has been honored as the 2019 winner in the Emerging Technology Business category at the annual RVAtech award gala. The Emerging Technology Business award is given to organizations with high growth potential who are establishing themselves as […]

Over 1,900 breaches reported in the first three months of 2019, a new Q1 record

RICHMOND, VA, May 7, 2019 — Risk Based Security today announced the release of its Q1 2019 Data Breach QuickView Report, which found that there were 1,903 publicly disclosed data compromise events in the first three months of the year, exposing over 1.9 billion records. No other first quarter has seen this level of activity, […]

From 4,000 to 40,000 Data Breaches: People are Still the Problem

CRA data breach statistics - May 2019

On May 2, 2019, we hit a data breach milestone. The Cyber Risk Analytics research team added the 40,000th breach entry to our ever expanding data breach database. Coming hot on the heels of the 200,000th vulnerability added to VulnDB, it can be tempting to think much of the breach activity taking place over the […]

Risk Based Security Announces New Integration with Recorded Future for Intelligence-Driven Vulnerability Management

Provides richer, more actionable vulnerability intelligence to improve risk mitigation RICHMOND, VA, May 1, 2019 — Risk Based Security, Inc., a provider of detailed information and analysis on Vulnerability Intelligence, Data Breaches, and Vendor Risk Ratings, today announced a new partnership with Recorded Future, the leading threat intelligence company, to help joint customers more effectively […]

Vulnerability Fixes That Make You Go Hmm…

things that make you go hmmm...

The VulnDB research team processes a large number of vulnerability reports, exploits, and vendor advisories on a daily basis. Each report is scrutinized, classified and added to the VulnDB vulnerability database. They are enriched with important details like affected versions, requirements for exploitation, and sometimes even identifying incorrect fixes. The lack of available detail in […]

Blacklisting Limitations: Poor Cisco Fixes and Korean 0-days

Using blacklisting to fix vulnerabilities is rarely the right approach. That should not come as a surprise to anyone, and we all know variants of the saying: “The developer has to determine all cases of bad input; the attacker just has to determine the one that was missed.” Yet this does not stop vendors from […]

200,000th Vulnerability Added To VulnDB (And Why You Should Care)

VulnDB is the most complete and timely vulnerability intelligence available

RICHMOND, VA, March 29, 2019 — Risk Based Security today announced the addition of the 200,000th vulnerability to VulnDB, the preeminent database of vulnerability intelligence. This significant record highlights the scale of the security challenges faced by organizations, and the sheer volume of data that they need to be able to process. “With over 4,800 […]

More Than 22,000 Vulnerabilities Disclosed In 2018

Risk Based Security today announced the publication of its 2018 Year End Vulnerability QuickView Report, showing over 22,000 new vulnerabilities were disclosed during the year. While approximately 33% of published vulnerabilities received a CVSSv2 score of 7 or above, the number of vulnerabilities scoring 9 or above declined for the third year in a row. […]