Click2Gov or Click2Breach?

Here on the Cyber Risk Analytics research team, we have more than our fair share of “glitch in the matrix moments” – you know, that proverbial black cat walking across your screen that makes you think: “Didn’t I just see this breach?” Usually it’s a case of similar circumstances or simply two names that are […]

The Great (belated) Mozilla Firefox CVE Dump

On June 11th, MITRE published descriptions and references for 318 entries, all  relating to Mozilla Firefox. Yes; three hundred and eighteen entries. It may be tempting to think Mozilla was holding back on disclosures or there was a flurry of research activity leading to a slew of new vulnerabilities being discovered. But no, this would […]

MyHeritage – Bad Security or Bad Luck?

In the early afternoon of June 4th, the CISO of MyHeritage received the message every security professional dreads. A researcher was reaching out to share the news they had found a file containing users’ email addresses and hashed passwords – 92,283,889 records in total – for nearly every account created with the service through October […]

Risk Based Security, Inc. and eGRC.COM Announce Partnership

Risk Based Security, Inc. (RBS) is pleased to announce a partnership with eGRC.COM (eGRC) and the corresponding launch of the RiskManaged VulnDB Connector. eGRC provides Enterprise Governance, Risk and Compliance software, integration and consulting services to Fortune 500 clients.  eGRC helps customers maximize value from their GRC platform investments, supporting a variety of technologies including […]

Vulnerability Management: So Much More Than Just Patch Management

The other day I happened upon an article titled: “Vulnerability Management: Why the Problem Can’t Be Solved“, which made me curious for all the wrong reasons. As you can imagine, I strongly disagree with the premise that vulnerability management is a problem that cannot be solved. Having worked in the vulnerability intelligence field for more […]

Efail: What A Disclosure FAIL That Was!

Yesterday, news broke of a “critical” vulnerability in OpenPGP and S/MIME, named ‘Efail’ that could lead to an attacker gaining access to plaintext emails. News broke in the form of a dire warning from the Electronic Frontier Foundation warning people to “immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email.” This was, of course, […]

Pace Of Vulnerability Disclosure Shows No Signs Of Slowing In 2018

Risk Based Security today announced the release of our Vulnerability QuickView Report, examining vulnerabilities reported in the first quarter of 2018. The report shows a continuing rise in the number of publicly disclosed vulnerabilities. Unless the pace of vulnerability disclosure slows down in the coming quarters, we are looking at yet another record-breaking year. Key […]

Too Good To Be True? Breach Activity Declines in Q1 2018 To 2012 Level

RICHMOND, VA, May 8, 2018 — After year over year increases in the number of reported data breaches, Risk Based Security has released the results of their Q1 2018 Data Breach QuickView Report, showing the number of breaches disclosed in the first three months of the year fell to 686 compared to 1,444 breaches reported […]

The Ransomware Sausage Factory – Do You Really Want To Know How They Got Your Data Back?

Statistics vary, but a prevalent theme is that ransomware attacks rose by as much as 250% in 2017. Since a considerable number of incidents go unreported, potentially a majority of them in fact, it is difficult to fully understand just how deep the problem goes. That said, we can all agree the problem is bad. […]

F.A.K.E. Security – Exposing The Snake-oil Salesmen

We recently posted an article about RSA and vendors making promises about their products. In some cases these promises are not technically possible, or the vendors  are overstating what they can really do. The RSA booth from F.A.K.E Security was epic! There is no other way to describe it. When we posted the original article […]