Electronic Voting; an Old but Looming Threat

April 26, 2016 By Risk Based Security

To date, Risk Based Security has cataloged over 260 vulnerabilities in electronic voting machines.

Filed Under: Research, Vulnerabilities, News, evoting

Two Year Anniversary for Heartbleed: Still Many Vulnerable Devices

April 08, 2016 By Risk Based Security

Yesterday was the two year anniversary for Heartbleed, the 'named' vulnerability that received a huge amount of attention. While not the first to be named, it started the now (in)famous trend of researchers naming their vulnerability discoveries to get attention, and it also lead to a positive change: Vendors and enterprises started focusing more on vulnerabilities in 3rd party libraries.

Filed Under: Vulnerabilities, News

Bad Luck Over The Upcoming Badlock Vulnerability?

March 22, 2016 By Risk Based Security

The Beginning (March 22) Badlock: The Day After (March 23) All Quiet on the Disclosure Front (April 5) The Day of Reckoning (April 12)

Filed Under: Vulnerabilities, News, Badlock

2015, A Record Year For Vulnerabilities

March 15, 2016 By Risk Based Security

2015 sets all time high for the number of disclosed vulnerabilities, according to Risk Based Security

We are pleased to release our VulnDB QuickView report that shows 2015 broke the previous all-time record for the highest number of reported vulnerabilities. The 14,185 vulnerabilities cataloged during 2015 by Risk Based Security eclipsed the total covered by the National Vulnerability[...]

Filed Under: Vulnerabilities, News

Hardcoded Root Credentials In Multiple DVRs

February 17, 2016 By Risk Based Security

Zhuhai RaySharp Technology is a Chinese manufacturer of CCTV systems including stand-alone DVRs. While based in China, the company’s products are available worldwide. Supposedly, “more than 60,000 DVR units are exported every month & delivered to all over the world”. Furthermore, the firmware used in the company’s own DVR product line is also sold to a large number of DVR OEM vendors located[...]

Filed Under: Research, Vulnerabilities, News

Yes, Font Files can Own Your Computer! For Over a Decade...

February 15, 2016 By Risk Based Security

On February 5, the Cisco Talos research team published an advisory covering several vulnerabilities in the Graphite (a.k.a. libgraphite) project. According to the vendor page, it "is a 'smart font' system developed specifically to handle the complexities of lesser-known languages of the world." This prompted the media and some in our industry to comment that it is "2016 and a font file can own[...]

Filed Under: Vulnerabilities, News, Third-party Libraries

RBS Named Top 10 Vulnerability Management Solution Provider

January 27, 2016 By Risk Based Security

2016 is off to a quick start as we have already tracked 804 vulnerabilities and there have been 65 data breaches exposing 57 million records. But before we move on to 2016 we wanted to take a moment to share a 2015 success for Risk Based Security

Filed Under: Vulnerabilities, News

TRENDnet Devices Bundle Infamous scfgmgr Service

January 11, 2016 By Risk Based Security

Earlier this month, we encountered an older TRENDnet N300 Wireless Hot Spot Access Point (TEW-636APB) and decided to extract the firmware to take a closer look at it. For those, who do not recall, TRENDnet is the vendor that was slapped by the FTC in 2014.

Filed Under: Research, Vulnerabilities, News

Risk Based Security Finds Vulnerabilities In Moxa SoftCMS

December 30, 2015 By Risk Based Security
Risk Based Security is well-known for aggregating vulnerability data and our VulnDB solution that provides vendor and software ratings as well as alerts when new vulnerabilities are released. However, the RBS Research Team also performs in-depth security assessments of software and devices to uncover new vulnerabilities and evaluate secure coding efforts. Assessments may either be requested[...]

Filed Under: Research, Vulnerabilities, News

Our New Year Vulnerability "Trends" Prediction!

December 07, 2015 By Risk Based Security

Shortly after a year closes out, the industry is treated to dozens of security companies that want to tell you all about vulnerability totals and trends from the previous year. In many cases, the companies offering the predictions are armchair experts of a sorts, who do not aggregate vulnerability intelligence on their own. Instead, they simply download a set of vulnerability data, do some[...]

Filed Under: Vulnerabilities, News

Subscribe to Email Updates