Wikileaks: Vault 7 Leak Exposes CIA Hacking Documents

Just as the story on The Shadow Brokers exposing the alleged NSA Equation Group’s offensive cyber toolkit has come to a close, today Wikileaks announced a new series of leaks concerning the hacking capabilities of the CIA. This new series of leaks has been named “Vault 7” and they claim it is the largest publication […]

CVSSv3: New System, Old Problems Remain

This latest blog post in our CVSSv3 series discusses problems with CVSSv2 that persist in CVSSv3. While CVSSv3 did address some concerns with CVSSv2 – as we plan to discuss in a future blog post – it did not address all. Some of the remaining issues we believe are quite problematic. The Access Complexity Segregation […]

Risk Based Security, NIST and University of Maryland Team Up To Tackle Security Effectiveness

The research team at Risk Based Security analyzes and catalogs thousands of data breaches every year. From that work, a few central themes arise time and again.  One such theme is that breaches can happen at even the most security-conscious organizations. Another is the tenacity and skill of attackers when it comes to searching out […]

CVSSv3: New System, Next Problem (Scope)

In our last CVSSv3 blog series, we discussed our concerns about having to consider exploit reliability and the requirements to bypass advanced exploit mitigation techniques as part of the ‘Attack Complexity (AC)’ base score. This week, we attempt to wrap up the newly introduced challenges by covering the new ‘Scope (S)’ metric. “Formally, Scope refers […]

15,000 Vulnerabilities Disclosed In 2016 – Major Vendors Continue To Be Affected

2016 sets all time high for the number of disclosed vulnerabilities, according to Risk Based Security RICHMOND, VA, February 6, 2017 — Risk Based Security today announced the release of the annual VulnDB QuickView report that shows 2016 broke the previous all-time record for the highest number of reported vulnerabilities. The 15,000 vulnerabilities cataloged during […]

Risk Based Security Appoints Sven Krewitt To VulnDB Research Team

RICHMOND, VA, January 30, 2017 — Risk Based Security, Inc. today announced that it has appointed Mr. Sven Krewitt as a Senior Vulnerability Researcher. The appointment of Mr. Krewitt, a very talented and experienced vulnerability analyst, signals the company’s continued expansion of its vulnerability research team and dedication to providing the highest quality and most […]

2016 Reported Data Breaches Expose Over 4 Billion Records

2016 Sets All Time High for the number of records exposed, according to Risk Based Security RICHMOND, VA, January 25, 2017 — Risk Based Security today announced the release of the annual Data Breach QuickView report that shows 2016 broke the previous all-time high, set back in 2013, for the number of records exposed from […]

CVSSv3: New System, Next Problem (Exploit Reliability)

Last week in our CVSSv3 blog series, we discussed one of the bigger problems introduced by CVSSv3 related to file-based attack vectors. This week, we discuss another concern also introduced with the new version of CVSS. Attack Complexity – Exploit Reliability / Ease of Exploitation When studying the part of the CVSSv3 specification that describes […]

Facebook Forgets To Fix ImageTragick And Pays For It!

Staying up-to-date on vulnerabilities is a critical part of an information security program and many organizations, fortunately, realize this for the most part. However, a problem, which we have been working hard to educate both software / device vendors and organizations on, is that an often overlooked area is libraries and other 3rd party components […]

CVSSv3: New System, New Problems (File-based Attacks)

This is the second blog post in our series discussing CVSSv3. As shared in the first post, we have been in the process of thoroughly evaluating CVSSv3 to better understand the improvements and limitations compared to CVSSv2 for quite some time. For those curious about our thoughts on CVSSv2, we recommend our “The CVSSv2 Shortcomings, Faults, and Failures […]