To date, Risk Based Security has cataloged over 260 vulnerabilities in electronic voting machines.
Yesterday was the two year anniversary for Heartbleed, the 'named' vulnerability that received a huge amount of attention. While not the first to be named, it started the now (in)famous trend of researchers naming their vulnerability discoveries to get attention, and it also lead to a positive change: Vendors and enterprises started focusing more on vulnerabilities in 3rd party libraries.
2015 sets all time high for the number of disclosed vulnerabilities, according to Risk Based Security
We are pleased to release our VulnDB QuickView report that shows 2015 broke the previous all-time record for the highest number of reported vulnerabilities. The 14,185 vulnerabilities cataloged during 2015 by Risk Based Security eclipsed the total covered by the National Vulnerability[...]
Zhuhai RaySharp Technology is a Chinese manufacturer of CCTV systems including stand-alone DVRs. While based in China, the company’s products are available worldwide. Supposedly, “more than 60,000 DVR units are exported every month & delivered to all over the world”. Furthermore, the firmware used in the company’s own DVR product line is also sold to a large number of DVR OEM vendors located[...]
On February 5, the Cisco Talos research team published an advisory covering several vulnerabilities in the Graphite (a.k.a. libgraphite) project. According to the vendor page, it "is a 'smart font' system developed specifically to handle the complexities of lesser-known languages of the world." This prompted the media and some in our industry to comment that it is "2016 and a font file can own[...]
2016 is off to a quick start as we have already tracked 804 vulnerabilities and there have been 65 data breaches exposing 57 million records. But before we move on to 2016 we wanted to take a moment to share a 2015 success for Risk Based Security
Earlier this month, we encountered an older TRENDnet N300 Wireless Hot Spot Access Point (TEW-636APB) and decided to extract the firmware to take a closer look at it. For those, who do not recall, TRENDnet is the vendor that was slapped by the FTC in 2014.
Shortly after a year closes out, the industry is treated to dozens of security companies that want to tell you all about vulnerability totals and trends from the previous year. In many cases, the companies offering the predictions are armchair experts of a sorts, who do not aggregate vulnerability intelligence on their own. Instead, they simply download a set of vulnerability data, do some[...]