As our regular readers and followers know, we spend a massive amount of time focused on security vulnerabilities at RBS. We are always on the look out for new vulnerabilities to ensure that our VulnDB customers get the most comprehensive and timely coverage on the latest issues as quickly as possible. When we aren't busy finding or cataloging vulnerabilities via our own research, we are[...]
A few days ago, SourceDNA published a blog about their research in finding 1,500 vulnerable iOS applications. Titled "Finding Every Vulnerable App in the App Store", they talk about scanning the 1.4 million apps in the official Apple store for vulnerabilities. One method they use is detecting which libraries an app uses, then performing searches based on the indication of the presence of that[...]
Google’s Project Zero has certainly been in the news the last couple weeks. But for many organizations, it was the first time they have heard of the project. In July of 2014, Google announced a new initiative called Project Zero. The basic premise of the project was that Google invests heavily in their own security and had for quite some time been also tasking their researchers part time work[...]
This morning, some of you may have woke to a pop-up in your Tweetdeck tab. It turns out that someone figured out how to get script code to render in the software. The first Tweet we saw, that has been re-tweeted almost 40,000 times, comes from @derGeruhn.
Industrial Control Systems (ICS/SCADA) have been increasingly in the news for all the wrong reasons, ranging from reports that show they are generally insecure to details about a public utility in the U.S. being compromised. These devices are now perceived to be considerably more vulnerable to a computer-based attack than ever before. While many would argue that ICS/SCADA devices have always been[...]
Carsten Eiram provided SCMagazine with the Threat of the month for April. He discusses a vulnerability in multiple Linksys routers that is currently being exploited by a worm known as “TheMoon.”
It was brought to our attention today a new blog post about sIFR and the many sites affected by the XSS on Softpedia.
Risk Based Security will be attending and presenting at the 2014 RSA Conference in San Francisco, California!
The Invisible Harms conference brings together experts and scholars from different continents to address the issues of security, privacy, copyright, and other information harms from a global perspective. The conference takes place on Thursday, November 14 and Friday, November 15 at the University of Pennsylvania.