Risk Based Security

06/10/2022

📣 CISA, in combination with the FBI and NSA, released a Joint Cybersecurity Advisory (CSA) identifying 16 vulnerabilities Chinese hacking groups use to exploit vulnerable systems.

❗ Organizations are advised to patch these vulnerabilities immediately, but it may not be that simple.

🛑 There are thousands more vulnerabilities with known public exploits, including issues without a CVE ID. Organizations will need the full intelligence picture to proactively manage risk.

CISA, the FBI, and NSA released an advisory outlining the different tactics and techniques that Chinese hackers use to exploit entities.

06/09/2022

Check out the Vulnerability QuickView for the latest statistics:

1️⃣ 10,854 vulnerabilities have been disclosed this year
2️⃣ Last month, 1,620 vulnerabilities were newly disclosed
3️⃣ Of those, 49% of them were remotely exploitable

06/06/2022

A 💪 robust vulnerability management program enables organizations to identify assets that may be affected by critical, or highly exploitable vulnerabilities—enabling them to better prioritize and remediate risk.

Risk Based Security and Flashpoint put together a guide to help you understand what vulnerability management is, why it's important, and what the best practices are. Read more here:

Vulnerability management is the process of determining the level of risk each vulnerability poses, prioritizing them, and remediating them.

04/14/2022

1,701 new vulnerabilities were disclosed last month, with 22% of them missing CVE IDs. Are your risk models as accurate as they can be?

Read more about how Risk Based Security, a Flashpoint company, enables efficient vulnerability prioritization. https://bit.ly/3jEZWVJ

03/30/2022

Risk Based Security and Flashpoint analysts have verified that SpringShell's PoC is valid. However, current information shows that its impact may not be on the same level as Log4Shell.

There is a new remote code ex*****on (RCE) vulnerability developing in the background that security teams may be asked to remediate. Risk Based Security and Flashpoint have analyzed the “SpringShell” vulnerability. Compared to and rumored to be the next Log4Shell in some circles, it is another l...

03/28/2022

The Open Source Software (OSS) community has been split in two after an OSS author repurposed his own library to protest the Ukrainian-Russian war. His decision has given birth to "protestware" which may inspire other developers to target Russian-based machines.

The Open Source Software (OSS) community has been split in two after an OSS author repurposed his own library to protest the Ukrainian-Russian war. On March 7, RIAEvangelist released several versions of his ‘node-ipc’ software package, with some versions reportedly overwriting code on machines p...

03/17/2022

Oracle's upcoming Critical Patch Update is rumored to contain up to 450 patches, many likely being for high and critical vulnerabilities. What can organizations do to prepare?

At the start of 2020 we wrote about the Vulnerability Fujiwhara, warning organizations about the flurry of disclosures coming their way. The three Fujiwhara events that year, where Microsoft’s Patch Tuesdays collided with Oracle’s quarterly Critical Patch Updates (CPU), accounted for 7% of all 2...

03/04/2022

Late yesterday afternoon, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) added an incredible 95 vulnerabilities to the Known Exploitable Vulnerabilities Catalog. Here is a breakdown of those issues and how they might relate to the Russia-Ukraine war:

When the U.S. Cybersecurity & Infrastructure Security Agency (CISA) first announced Binding Operational Directive 22-01 (BOD 22-01), we made it our goal to fully explain what it was, why it was important, and more importantly - how organizations could prioritize 100 vulnerabilities in just two w

03/02/2022

Check out the February QuickView Infographics for the latest vulnerability and data breach statistics:

02/17/2022

Inga Goddijn, Executive Vice President at Risk Based Security, joins Jake Kouns to talk about the data breach landscape, the state of ransomware, and how cyber insurance has changed.

https://youtu.be/n_QeZNrm0Us Inga Goddijn, Executive Vice President at Risk Based Security (RBS), joins Jake Kouns, co-founder of RBS, to talk about the data breach landscape, the state of ransomware, and how cyber insurance has changed. The data breach landscape has shifted considerably ov

02/17/2022

Since Log4Shell's discovery, the news has been dominated by headlines touting its impact and how organizations need to remediate Log4j issues. While more and more articles are published, each of them seems to be asking the same question, but they all seem unable to give a clear answer: Just how “big” is Log4Shell?

This article is derived from the 2021 Year End Vulnerability QuickView Report. By now, the entire world is hopefully aware of what Log4Shell is, and why it’s a major problem. Since its discovery at the end of November last year, the news has been dominated by headlines touting its impact and how

02/14/2022

Our latest 2021 Year End Vulnerability QuickView Report is now available. Last year, 28,695 vulnerabilities were disclosed and CVE/NVD was unable to detail 33% of them. Check out the report for deeper analysis into the vulnerability disclosure landscape:

Download Risk Based Security's 2021 Year End Vulnerability QuickView Report. Powered by VulnDB, get key insights into specific industries.