Sponsorships! Speaking Engagements! And Bears, OH MY!

We’re just kidding about the bears. The Risk Based Security team has a lot of exciting events on the calendar for October. First we’re off to Orlando to sponsor Splunk .conf18. Then, Jake Kouns is hopping transport to speak at the Wall Street Journal Pro’s Small Business Academy event along with other industry leaders. Next, […]

Pay No Attention To The Vulnerabilities Behind The Curtain

For years, Microsoft’s Patch Tuesday is something that all IT professionals (not just security practitioners) have dreaded. Since the practice was introduced in October 2003 to reduce the cost of distributing patches, it has become a point of consistency in patch cycles, and the source of grumbling because it often requires a full day or […]

Click2Gov Update: ICYMI Here’s The Latest

It’s been three months since our original post was published and as feared, breaches of the Click2Gov system continue to be reported. Here is what we’ve learned: Attackers are exploiting an unpatched vulnerability in Oracle’s WebLogic. Early on, we speculated whether the problem was with the Click2Gov application itself and whether it impacted the cloud-based […]

You Didn’t Think the Sony Saga Was Over, Did You?

On November 24th, 2014 a Reddit post appeared stating that Sony Pictures had been breached and that their complete internal network, nationwide, had signs that the breach was carried out by a group calling themselves GOP, or The Guardians Of Peace. This started a long twisting road for Sony as details of the hack came […]

RBS Hits The Road In September

The Risk Based Security team will be participating in some exciting events in September. Inga Goddijn will be sharing her industry knowledge at an upcoming webinar hosted by our partners at Privacy Ref. Additionally, Risk Based Security will be on the ground in Colorado, attending the Cherwell Global Conference 2018. We’ll close out the month […]

Insult To Injury – Florida Health Care Management Firm Accidentally Gives Data To Attackers

Who: HMC HealthWorks How many records impacted: Undisclosed Timeline: Occurred: Undisclosed Discovered by the Organization: July 16, 2018 Publicly Reported: August 22, 2018 What Happened: On July 16, 2018 Health Management Concepts, also known as HMC Healthworks, discovered they were the unlucky recipients of a ransomware infection. Like so many other businesses, it seems HMC […]

Apache Struts Distraction Continues While Over 600 Additional Vulnerabilities Have Been Released

While everyone has been heavily focused on, or we could say distracted by, the recent Apache Struts vulnerability, the steady flow of additional vulnerabilities being disclosed continues. As we recently pointed out, the flood of vulnerabilities is not letting up this year. They range from the fairly mundane that likely affects few people, to ones […]

Thoughts On The NTIA Software Component Transparency Meeting

I was able to attend the NTIA meeting on Software Component Transparency on July 19th, 2018 hosted in Washington, D.C. at the American Institute of Architects. The meeting was webcast and might eventually be published for others to watch in the future. This was our first time attending (though we really should have been at […]

Watch Out! Another Nasty Apache Struts Vulnerability Has Been Disclosed!

Here we go again! Today, a brand new Apache Struts vulnerability (CVE 2018-11776) has been disclosed that can result in remote code execution. Sure, the patch is out there, but this one is a CVSSv2 10.0 or “Critical” issue which for many organization this should mean it is a full stop, all hands on deck […]

Our Reports Clickbait? No. Click Here To Find Out Why…

Last week, we published our 2018 mid-year report that included an overview of the vulnerabilities that we have tracked and included in VulnDB. We highlighted a key takeaway from the report in the title: “Over 3,000 [vulnerabilities] You May Not Know About”. This statement is based on our aggregation of over three thousand vulnerabilities in […]