Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Threat Intel: Finding Balance in an Overcrowded Market
Threaded  |  Newest First  |  Oldest First
jigsawsecurity
50%
50%
jigsawsecurity,
User Rank: Apprentice
4/24/2018 | 10:55:45 AM
BluVector has it right
I read the article and I agree that BluVectors concept is the right way to go. As soon as the threat intelligence vendors post IOC data it migrates quickly through all of the vendors. This makes it more costly for threat actors to operate because they have to them migrate their source code to change the ways it is identified (signature based) or moved to new IP's to defeat the blocks. Since 2015 we have stopped using IOC data for active protection so often and concentrated on heuristics to detect threats while continually upgrading our models. If BluVector does this and is successful they will realize that they are finding more targeted malware that was written specifically to target one organization and not the run of the mill infection. I would like to see more vendors heading in that direction. Not only will it make IOC's invalid but we will get closer to protecting real assets without relying on the fact that a piece of malware has been seen before somewhere else. We need more patient zero solutions as an industry. 
conghau115599
50%
50%
conghau115599,
User Rank: Apprentice
4/25/2018 | 4:01:54 AM
Re: BluVector has it right
i gree with you. Thank for your sharing

https://nhakhoahollywood.vn


Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17424
PUBLISHED: 2019-10-22
A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted file.
CVE-2019-16404
PUBLISHED: 2019-10-21
Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter.
CVE-2019-17400
PUBLISHED: 2019-10-21
The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion.
CVE-2019-17498
PUBLISHED: 2019-10-21
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a ...
CVE-2019-16969
PUBLISHED: 2019-10-21
In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.