Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

11/27/2017
08:00 AM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail
50%
50%

8 Low or No-Cost Sources of Threat Intelligence

Here's a list of sites that for little or no cost give you plenty of ideas for where to find first-rate threat intelligence.
Previous
1 of 9
Next

Image Source: BeeBright / Shutterstock.com

Image Source: BeeBright / Shutterstock.com

Organizations know they need to get serious about threat intelligence, but it’s not always clear where to find credible information. While just about every security industry vendor website offers up information on the latest threats, some are better than others. Here, we 'll point out the sites that are the most informative and useful.

We called on Roselle Safran, president of Rosint Labs, to work with us to build a meaningful list. Safran's extensive experience in cybersecurity includes several years of service in the Executive Office of the President and Department of Homeland Security during the Obama administration.

Safran included some obvious choices from federal government sources, but she also struts her cybergeek sruff by offering up some lesser-known sites that track ransomware and malware. We combined forces with Safran to develop a list that will give novices the threat intelligence amuse-bouche they need while supplying some intel red meat for experienced security pros. 

Go through the list. You’ll find that there are many more than eight sites to choose from:

 

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Previous
1 of 9
Next
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
tdsan
50%
50%
tdsan,
User Rank: Ninja
11/30/2017 | 11:50:23 AM
Where is the list?
I could be missing something, but I was curious where is the list you are referencing in your article?

Please advise.
szurier210
50%
50%
szurier210,
User Rank: Moderator
11/30/2017 | 11:54:42 AM
Re: Where is the list?
Thanks for touching base. It's in Slideshow format. You should be able to click on the arrows under the overview page and go Slide by Slide to see the list. Let me know if you still have any problems. 
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19740
PUBLISHED: 2019-12-12
Octeth Oempro 4.7 allows SQL injection. The parameter CampaignID in Campaign.Get is vulnerable.
CVE-2019-19746
PUBLISHED: 2019-12-12
make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.
CVE-2019-19748
PUBLISHED: 2019-12-12
The Work Time Calendar app before 4.7.1 for Jira allows XSS.
CVE-2017-18640
PUBLISHED: 2019-12-12
The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
CVE-2019-19726
PUBLISHED: 2019-12-12
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from th...