IoT Patching is Not Likely to Happen Soon
The federal government has issued its guidance for manufacturers of Internet of Things (IoT) devices. In November, 2015, the Department of Homeland Security issued its Strategic Principles for Security the Internet of Things. The main...
read moreGuidance is Not Enough for Medical System Security
Hospitals and healthcare networks have a big problem. While they were focused on protecting data to be in compliance with HIPAA, they have been steadily deploying more and more technology. Aside from all the personal devices for remote...
read moreIt’s Time Your Healthcare IT System Had a Checkup!
How do you determine the overall health of a patient? You run a series of blood and other diagnostic tests to look for anomalies. How do you measure the risk of future diseases for a given patient? You assess familial patterns to determine the...
read moreWhen IoT Security is a Matter of Life or Death
In the IT security world, regulations have a tendency to add clarity to otherwise obscure risks. While it may be impossible to quantify or even scope the risk of hacked devices, a regulation, with its fines and penalties, makes risk concrete....
read moreSpectre Rises from the Grave
On May 21, 2018, Microsoft and Google released two new side-channel attacks called Spectre Variant 3a (CVE-2018-3640) and Variant 4 (CVE-2018-3639). These are only important to worry about if you are an operating system developer; for everyone...
read moreStates Can Do More to Protect Elections
Last month, Congress authorized $380 million in federal funding for states to improve the administration of elections and enhance election security. The Election Assistance Commission (EAC) is now distributing the funds. While the EAC did not...
read moreRiskSense’s Red Team 2017 Accomplishments – In Retrospect
A vulnerability without a public exploit is not a vulnerability that can't be exploited; it's a vulnerability that attackers know more about than you do. To combat this, RiskSense dedicates resources to developing tools and exploits...
read moreData-Driven Prioritization: The Role of AI in Vulnerability and Threat Management
The conventional approach to vulnerability and threat management is rapidly changing to a data-driven strategy in which remediation efforts are targeted to individual vulnerabilities based on their exploitability, exploit pulse, and environment....
read moreRiskSense’s Apache Struts Report: How Do These Vulnerabilities Affect Your Organization?
Last year, an unpatched Apache Struts vulnerability was the foundation of a significant data breach that forced Apache Struts into the spotlight. This vulnerability, CVE-2017-5638, emphasized the impending risks for Apache Struts-based...
read moreNew Year, Same Old Exploits: RiskSense Adds More MS17-010 Modules to Metasploit
It's a new year, and we're still finding Windows systems missing the MS17-010 patch in virtually every client network we perform an attack surface validation (i.e., penetration test). Unfortunately, malware authors have been able to exploit...
read moreFeatured Authors
