From Security Weekly WikiJump to navigationJump to search
#[http://www.verizonenterprise.com/verizon-insights-lab/dbir/ The 2016 Verizon DBIR is out.] As always, there's some good stuff in there, but not much new- it is sadly a Report Card of Fail in many ways- how many times can we hear that folks need to use 2FA, patch their stuff, segment their networks, etc. etc.?
##[https://blog.osvdb.org/2015/04/23/a-note-on-the-verizon-dbir-2015-incident-counting-and-vdbs/ Jericho took exception to the vulnerability section of this year's DBIR] and he isn't alone.
<br>[https://blog.osvdb.org/2016/04/27/a-note-on-the-verizon-dbir-2016-vulnerabilities-claims/ Jericho followed up after Kenna's response] <br>[http://blog.erratasec.com/2016/05/freaking-out-over-dbir.html Rob Graham was also unimpressed] <br>[http://blog.kennasecurity.com/2016/05/collaborative-data-science-inside-the-2016-verizon-dbir-vulnerability-section/ A response from Kenna Security, who wrote most of the vulnerability section, doesn't seem to answer all of the questions] <br>[http://blog.trailofbits.com/2016/05/05/the-dbirs-forest-of-exploit-signatures/ and Dan Guido further disassembles the vulnerability section.]
#[https://tinyapps.org/network.html Lots of handy tiny apps] thanks to the ever sexy Chris Nickerson for sharing this.
#[http://blog.eckelberry.com/a-bomb-just-dropped-in-endpoint-security-and-im-not-sure-anyone-noticed/ VirusTotal changes the rules] and some folks are gonna get hurt, and might deserve it.