Tag: SpiceWorks

  • APT Naming Woes Redux (Bonus ‘DOJ’ Oops!)

    APT Naming Woes Redux (Bonus ‘DOJ’ Oops!)

    One aspect of vulnerability intelligence is also doing a best-faith effort to track the threat actors that are using the vulnerabilities. While that information often isn’t published, when it is we should include it. For example, less than 1% of data breaches publish the vulnerability associated with the initial compromise, and that is often the…

  • 2024 and Some Still Don’t Understand the CVE Ecosystem

    2024 and Some Still Don’t Understand the CVE Ecosystem

    [Update: Even before I publish this, I want to keep everything I wrote for now. But I believe this rebuttal is in response to trash written by SpiceWorks and a GPT.] The world of vulnerability disclosures is growing fast, for a variety of reasons I won’t get into. Suffice it to say my time is…