From Security Weekly WikiJump to navigationJump to search
[http://www.verizonenterprise.com/verizon-insights-lab/dbir/ The 2016 Verizon DBIR is out.] As always, there's some good stuff in there, but not much new- it is sadly a Report Card of Fail in many ways- how many times can we hear that folks need to use 2FA, patch their stuff, segment their networks, etc. etc.?
<br>[https://blog.osvdb.org/2015/04/23/a-note-on-the-verizon-dbir-2015-incident-counting-and-vdbs/ Jericho took exception to the vulnerability section of this year's DBIR] and he isn't alone.
[https://blog.osvdb.org/2016/04/27/a-note-on-the-verizon-dbir-2016-vulnerabilities-claims/ Jericho followed up after Kenna's response][http://blog.erratasec.com/2016/05/freaking-out-over-dbir.html Rob Graham was also unimpressed][http://blog.kennasecurity.com/2016/05/collaborative-data-science-inside-the-2016-verizon-dbir-vulnerability-section/ A reponse from Kenna Security, who wrote most of the vulnerability section, doesn't seem to answer all of the questions][http://blog.trailofbits.com/2016/05/05/the-dbirs-forest-of-exploit-signatures/ and Dan Guido further dissassebles the vulnerability section.
#[https://tinyapps.org/network.html Lots of handy tiny apps] thanks to the ever sexy Chris Nickerson for sharing this.