The purpose of our research is to raise awareness of the CISA KEV catalog and understand how many of these vulnerabilities are under active exploitation so that organizations can take action against their risk. In our research, we relied on the CISA KEV catalog, a notable source of information regarding vulnerabilities actively exploited in the wild. We analyzed the common vulnerabilities and exposures (CVEs) using GreyNoise and other resources and found the attack surface in the past and present.

This report outlines the state of open source security, including open source adoption, known vulnerabilities, and vulnerability identification.

Network-Attached Storage (NAS) devices are a popular way for people to store and share their photos, videos and documents. Securing these devices is essential as they can contain sensitive information and are often exposed to the Internet. Because Synology is one of the top manufacturers of NAS devices, this paper chose to analyze a Synology DS215j. In doing so it identifies a number of exploitable security flaws. In this paper, they discuss in detail the analysis performed, methodologies used, and vulnerabilities found during the summer of 2015.