Research

Risk Based Security has its own in-house research team that is responsible for performing various vulnerability-related research and conduct application assessments for customers. As part of our VulnDB offering we validate and perform in-depth open-source and closed-source analysis of select vulnerabilities in high-profile products.

As part of this work, Risk Based Security’s research team occasionally discovers new vulnerabilities and works closely with the vendors to make sure these are addressed.

The following is a list of vulnerabilities published by the Risk Based Security research team. Please note that hundreds of critical vulnerabilities found before 2013 by our team members in popular products from vendors like Microsoft, Symantec, IBM, Adobe, Apple, RealNetworks, Trend Micro, Blue Coat, Mozilla, Google, Honeywell, and Novell are not listed:

 

DATE RBS ID VULNDB ID VENDOR AUTHOR
2017/12/13 RBS­-2017­-003 170893, 170894, 170895 NetGain Systems Sven Krewitt
2017/11/16 RBS­-2017­-002 169389 Drägerwerk AG Carsten Eiram
2017/11/07 RBS­-2017­-001 156368 OpenEMR Sven Krewitt
2016/12/29 RBS­-2016­-004 148933, 148932, 148936,
148945, 148937, 148938,
148941, 148934, 148935,
148940, 148939, 148942,
148943, 148944, 148951,
148950, 148949, 148948,
148947, 148946
Jensen of Scandinavia AS Carsten Eiram
2016/08/31 RBS­-2016­-003 142310, 142311, 142312,
142313, 142314, 142315
Crestron Electronics Carsten Eiram
2016/02/29 RBS­-2016­-002 134781, 135099, 135100,
135101, 135102, 135103,
135104, 135105
PC Pitstop Carsten Eiram
2016/02/17 RBS­-2016­-001 134624 Zhuhai RaySharp Carsten Eiram
2015/12/22 RBS­-2015­-004 126784, 126785, 126786,
126787,126788, 126789,
126790
Moxa Carsten Eiram
2015/02/26 RBS­-2015­-003 118789 Bitdefender Carsten Eiram
2015/01/01 RBS­-2015­-002 116603, 116604, 116605,
116606, 116607, 116608,
116609, 116610, 116611,
116612, 116613, 116614,
116615, 116616, 116617,
116618, 116619, 116620
EverFocus Electronics Corp Carsten Eiram
2015/01/01 RBS­-2015­-001 116600, 116601, 116602 EverFocus Electronics Corp Carsten Eiram
2014/12/23 RBS­-2014­-006 116196, 116197 TOPICA Technology Co., Ltd. Carsten Eiram
2014/12/04 RBS­-2014­-005 115471, 115472, 115473,
115474, 115475, 115476
3S Pocketnet Tech. Carsten Eiram
2014/07/18 RBS­-2014­-004 109306 Jesse Cortez Dennis Kelly
2014/06/30 RBS­-2014­-003 108488 Asante / UIC Corporation Carsten Eiram
2014/02/16 RBS­-2014­-002 103452 FlatNuke Dennis Kelly
2014/01/24 RBS­-2014­-001 103434 Schneider Electric Carsten Eiram
2013/10/09 RBS­-2013­-007 94846, 94852 Rockwell Carsten Eiram
2013/10/09 RBS­-2013­-006 96919 GameHouse Carsten Eiram
2013/10/09 RBS­-2013­-005 96918 GameHouse Carsten Eiram
2013/05/20 RBS­-2013­-004 93498, 93501, 93499, 93500 MyHeritage Carsten Eiram
2013/05/06 RBS­-2013­-003 92202 Schneider Electric Carsten Eiram
2013/04/27 RBS­-2013­-002 92057 Rockwell Carsten Eiram
2013/04/27 RBS­-2013­-001 92048 Rockwell Carsten Eiram

Risk Based Security may also occasionally publish analyses of vulnerabilities discovered by external parties, malware, and other vulnerability or data breach intelligence related reports. An archive of these reports will be listed here.

DATE TITLE
2016/10/31 2016 3Q Data Breach Quick View
2016/08/31 Data Breaches Lead To Over 1 Billion Records Exposed In The First Half of 2016
2016/03/15 2015, A Record Year For Vulnerabilities
2016/03/02 PC Matic… Is It As Amazing As Seen on TV?
2016/02/02 2015 Reported Data Breaches Surpasses All Previous Years
2015/11/12 Data Breach QuickView: Third Quarter 2015 Data Breach Trends
2015/07/21 Data Breach QuickView: Mid-Year 2015 Data Breach Trends
2015/07/06 CVE & NVD: The High Price Of Free
2015/02/23 Data Breach QuickView: 2014 Data Breach Trends
2014/11/19 Data Breach QuickView: Data Breach Trends during the First Nine Months of 2014
2014/07/27 Data Breach QuickView: Data Breach Trends in the First Half of 2014
2014/05/27 Data Breach QuickView: Data Breach Trends in the First Quarter of 2014
2014/02/18 Data Breach QuickView: An Executive’s Guide to Data Breach Trends in 2013
2013/09/18 Personally Identifiable Information – More Fun With Definitions
2013/09/05 An Analysis of the (In)Security State of the GameHouse Game Installation Mechanism
2013/08/20 Memory Corruption… (And Why We Dislike That Term)
2013/07/02 Exploitability/Priority Index Rating Systems (Approaches, Value, and Limitations)
2013/02/27 The CVSSv2 Shortcomings, Faults, and Failures Formulation
2013/02/14 Data Breach QuickView: An Executive’s Guide to Data Breach Trends in 2012

Should you be interested in Risk Based Security’s vulnerability intelligence services or consulting offers, then please contact us at [email protected]. Whether you are a software company looking for external help to evaluate or improve the security of your code as part of an SDL process or an organization looking for assessments of applications in your network or a monitoring solution to secure your business critical applications, Risk Based Security can help you.