From Security Weekly WikiJump to navigationJump to search
#[http://www.verizonenterprise.com/verizon-insights-lab/dbir/ The 2016 Verizon DBIR is out.] As always, there's some good stuff in there, but not much new- it is sadly a Report Card of Fail in many ways- how many times can we hear that folks need to use 2FA, patch their stuff, segment their networks, etc. etc.? And the vulnerability section didn;t sit well with a lot of folks:
##[https://blog.osvdb.org/2015/04/23/a-note-on-the-verizon-dbir-2015-incident-counting-and-vdbs/ Jericho took exception to the vulnerability section of this year's DBIR] and he isn't alone.
##[https://blog.osvdb.org/2016/04/27/a-note-on-the-verizon-dbir-2016-vulnerabilities-claims/ Jericho followed up
after Kenna's response] ##[http://blog.erratasec.com/2016/05/freaking-out-over-dbir.html Rob Graham was also unimpressed]
##[http://blog.kennasecurity.com/2016/05/collaborative-data-science-inside-the-2016-verizon-dbir-vulnerability-section/ A response from Kenna Security, who wrote most of the vulnerability section, doesn't seem to answer all of the questions]
##[http://blog.trailofbits.com/2016/05/05/the-dbirs-forest-of-exploit-signatures/ and Dan Guido further disassembles the vulnerability section.]
#[https://threatbutt.com/press/Threatbutt-DZIR-2016.pdf The ThreatButt DZIR might appeal to you] if the Verizon DBIR doesn't.
#[https://tinyapps.org/network.html Lots of handy tiny apps] thanks to the ever sexy Chris Nickerson for sharing this.