It’s Time Your Healthcare IT System Had a Checkup!
How do you determine the overall health of a patient? You run a series of blood and other diagnostic tests to look for anomalies. How do you measure the risk of future diseases for a given patient? You assess familial patterns to determine the...
read moreWhen IoT Security is a Matter of Life or Death
In the IT security world, regulations have a tendency to add clarity to otherwise obscure risks. While it may be impossible to quantify or even scope the risk of hacked devices, a regulation, with its fines and penalties, makes risk concrete....
read moreSpectre Rises from the Grave
On May 21, 2018, Microsoft and Google released two new side-channel attacks called Spectre Variant 3a (CVE-2018-3640) and Variant 4 (CVE-2018-3639). These are only important to worry about if you are an operating system developer; for everyone...
read moreStates Can Do More to Protect Elections
Last month, Congress authorized $380 million in federal funding for states to improve the administration of elections and enhance election security. The Election Assistance Commission (EAC) is now distributing the funds. While the EAC did not...
read moreRiskSense’s Red Team 2017 Accomplishments – In Retrospect
A vulnerability without a public exploit is not a vulnerability that can't be exploited; it's a vulnerability that attackers know more about than you do. To combat this, RiskSense dedicates resources to developing tools and exploits...
read moreData-Driven Prioritization: The Role of AI in Vulnerability and Threat Management
The conventional approach to vulnerability and threat management is rapidly changing to a data-driven strategy in which remediation efforts are targeted to individual vulnerabilities based on their exploitability, exploit pulse, and environment....
read moreRiskSense’s Apache Struts Report: How Do These Vulnerabilities Affect Your Organization?
Last year, an unpatched Apache Struts vulnerability was the foundation of a significant data breach that forced Apache Struts into the spotlight. This vulnerability, CVE-2017-5638, emphasized the impending risks for Apache Struts-based...
read moreNew Year, Same Old Exploits: RiskSense Adds More MS17-010 Modules to Metasploit
It's a new year, and we're still finding Windows systems missing the MS17-010 patch in virtually every client network we perform an attack surface validation (i.e., penetration test). Unfortunately, malware authors have been able to exploit...
read moreI’ve Got 99 Cyber Security Problems and Accuracy is One
The Hype The successes of machine learning and artificial intelligence (AI) has spurred excitement and innovation in nearly every field imaginable. Part of the reason for this are the volumes of data generated by various processes. Security...
read moreThe Kernel Page Tables Have Turned: Newly Discovered Hardware Vulnerability in Most CPUs: Spectre and Meltdown
Spectres of the Past and Future Various researchers and Google's Project Zero have discovered improved methods of side-channel cache timing attacks on processors that use speculative execution. Speculative execution is a performance optimization...
read moreFeatured Authors
