Staminus Breach: Just How Bad Is It?

March 13, 2016 By Risk Based Security

In terms of data security, 2016 is off to a pretty grim start, as we have already tracked 510 data breaches exposing over 175 million records. Just last month, we posted about the potential devastating risks when a hosting provider is compromised. Until a few days ago, many people had never heard of a hosting provider called Staminus that claims to specialize in Distributed Denial of Service[...]

Filed Under: Data Breaches, News

HR Departments: Gone Phishing?

March 07, 2016 By Risk Based Security

On Tuesday March 1st, the IRS issued an alert to payroll and human resources professionals across the nation, warning of a fresh phishing scam angling for employee data. Like so many other targeted phishing campaigns that have come before it, the latest scheme starts with gathering basic staff information about the company such as the name of the CEO or CFO and who’s who in the HR department -[...]

Filed Under: Data Breaches, News

PC Matic… Is It As Amazing As Seen on TV?

March 02, 2016 By Risk Based Security

If you have ever been up late at night, you might have seen an infomercial about a product called PC Matic and been intrigued by the exceptional claims being made about the capabilities of their security solutions.

Filed Under: Research, News

Data Breach Highlight: Camden County Courthouse Comprise

February 26, 2016 By Risk Based Security


Filed Under: Data Breaches, News, Data Breach Highlight

Hosting Providers; One Account, Many Implications

February 19, 2016 By Risk Based Security

WordPress is open source web software that allows users to create a website or blog.

Filed Under: Data Breaches, News

Sony; A Year After the Hack

February 18, 2016 By Risk Based Security

It’s been just over a year since Sony experienced a significant breach that saw incredible amounts of executive’s emails spilled out on the Internet. By February, 2015, much of the excitement had passed, and seemingly all of the interesting or relevant analysis had been done. Accusations had been made against North Korea and others, but ultimately the person(s) responsible for the breach were[...]

Filed Under: Data Breaches, News

Hardcoded Root Credentials In Multiple DVRs

February 17, 2016 By Risk Based Security

Zhuhai RaySharp Technology is a Chinese manufacturer of CCTV systems including stand-alone DVRs. While based in China, the company’s products are available worldwide. Supposedly, “more than 60,000 DVR units are exported every month & delivered to all over the world”. Furthermore, the firmware used in the company’s own DVR product line is also sold to a large number of DVR OEM vendors located[...]

Filed Under: Research, Vulnerabilities, News

Yes, Font Files can Own Your Computer! For Over a Decade...

February 15, 2016 By Risk Based Security

On February 5, the Cisco Talos research team published an advisory covering several vulnerabilities in the Graphite (a.k.a. libgraphite) project. According to the vendor page, it "is a 'smart font' system developed specifically to handle the complexities of lesser-known languages of the world." This prompted the media and some in our industry to comment that it is "2016 and a font file can own[...]

Filed Under: Vulnerabilities, News, Third-party Libraries

DHS Leaks, Cryptobin and Legal Issues: Boy, That Escalated Quickly!

February 11, 2016 By Risk Based Security

As of the evening of February 11, an update to our previous blog, is still suffering issues that make it not easily reached. There have been a few other media outlets doing research to try to determine what is happening with the site, but we have yet to see any confirmation or new information beyond what we have previously posted. While we don't have any new technical details to[...]

Filed Under: Data Breaches, News

Cryptobin Down After DHS & FBI Leaks

February 10, 2016 By Risk Based Security

Just a few days after the DHS and FBI leaks, the site that was used to leak the data, called Cryptobin, is now down.

RBS researchers discovered today that was offline and not accessiable via the main domain name, but was still accessible via its dedicated IP ( address and unsigned SSL.(

As we previously reported, this outage comes just days[...]

Filed Under: Data Breaches, News

Subscribe to Email Updates