Vulnerability Intelligence: The Best Things In Life Aren't Free?

September 15, 2015 By Risk Based Security

As our regular readers and followers know, we spend a massive amount of time focused on security vulnerabilities at RBS. We are always on the look out for new vulnerabilities to ensure that our VulnDB customers get the most comprehensive and timely coverage on the latest issues as quickly as possible. When we aren't busy finding or cataloging vulnerabilities via our own research, we are[...]

Filed Under: Vulnerabilities, News

The Value Of Tracking Third-Party Libraries: Case Example

April 27, 2015 By Risk Based Security

A few days ago, SourceDNA published a blog about their research in finding 1,500 vulnerable iOS applications. Titled "Finding Every Vulnerable App in the App Store", they talk about scanning the 1.4 million apps in the official Apple store for vulnerabilities. One method they use is detecting which libraries an app uses, then performing searches based on the indication of the presence of that[...]

Filed Under: Vulnerabilities, News

An Analysis of Google’s Project Zero and Alleged Vendor Bias

January 26, 2015 By Risk Based Security

Google’s Project Zero has certainly been in the news the last couple weeks. But for many organizations, it was the first time they have heard of the project. In July of 2014, Google announced a new initiative called Project Zero. The basic premise of the project was that Google invests heavily in their own security and had for quite some time been also tasking their researchers part time work[...]

Filed Under: Vulnerabilities, News

Cross-site Scripting (XSS) Found in Tweetdeck

June 11, 2014 By Risk Based Security

This morning, some of you may have woke to a pop-up in your Tweetdeck tab. It turns out that someone figured out how to get script code to render in the software. The first Tweet we saw, that has been re-tweeted almost 40,000 times, comes from @derGeruhn.

Filed Under: Vulnerabilities, News

Carsten Eiram Acknowledged By ICS-CERT

June 04, 2014 By Risk Based Security

Industrial Control Systems (ICS/SCADA) have been increasingly in the news for all the wrong reasons, ranging from reports that show they are generally insecure to details about a public utility in the U.S. being compromised. These devices are now perceived to be considerably more vulnerable to a computer-based attack than ever before. While many would argue that ICS/SCADA devices have always been[...]

Filed Under: Research, Vulnerabilities, News

Threat Of The Month: Linksys Router Zero-day

April 02, 2014 By Risk Based Security

Carsten Eiram provided SCMagazine with the Threat of the month for April. He discusses a vulnerability in multiple Linksys routers that is currently being exploited by a worm known as “TheMoon.”

Filed Under: Vulnerabilities, News

sIFR Vulnerability Still Impacts Major Organizations

February 15, 2014 By Risk Based Security

It was brought to our attention today a new blog post about sIFR and the many sites affected by the XSS on Softpedia.

Filed Under: Vulnerabilities, News

Risk Based Security To Present At RSA

February 14, 2014 By Risk Based Security

Risk Based Security will be attending and presenting at the 2014 RSA Conference in San Francisco, California!

Filed Under: Research, Vulnerabilities, Presentations, News

Invisible Harms

November 11, 2013 By Risk Based Security

The Invisible Harms conference brings together experts and scholars from different continents to address the issues of security, privacy, copyright, and other information harms from a global perspective. The conference takes place on Thursday, November 14 and Friday, November 15 at the University of Pennsylvania.

Filed Under: Vulnerabilities, Data Breaches, Presentations, News

Jake Kouns To Present At FIRST Energy Symposium

October 28, 2013 By Risk Based Security

We are pleased to announce our Chief Information Security Officer, Jake Kouns, is presenting at the FIRST Energy Symposium.

Filed Under: Vulnerabilities, Data Breaches, Presentations, News

Subscribe to Email Updates