惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Fortinet All Blogs
S
Secure Thoughts
月光博客
月光博客
美团技术团队
雷峰网
雷峰网
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
N
News and Events Feed by Topic
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Forbes - Security
Forbes - Security
W
WeLiveSecurity
P
Proofpoint News Feed
阮一峰的网络日志
阮一峰的网络日志
爱范儿
爱范儿
G
GRAHAM CLULEY
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
AI
AI
Last Week in AI
Last Week in AI
Google Online Security Blog
Google Online Security Blog
Schneier on Security
Schneier on Security
云风的 BLOG
云风的 BLOG
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Recent Announcements
Recent Announcements
Webroot Blog
Webroot Blog
T
Tor Project blog
Cisco Talos Blog
Cisco Talos Blog
N
News and Events Feed by Topic
罗磊的独立博客
The Register - Security
The Register - Security
Blog — PlanetScale
Blog — PlanetScale
T
Threat Research - Cisco Blogs
博客园 - 【当耐特】
Apple Machine Learning Research
Apple Machine Learning Research
人人都是产品经理
人人都是产品经理
T
The Exploit Database - CXSecurity.com
www.infosecurity-magazine.com
www.infosecurity-magazine.com
B
Blog
腾讯CDC
Microsoft Azure Blog
Microsoft Azure Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
H
Hacker News: Front Page
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Engineering at Meta
Engineering at Meta
Latest news
Latest news
IT之家
IT之家
D
DataBreaches.Net
博客园 - 司徒正美
N
Netflix TechBlog - Medium
V
V2EX
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知

Intel 471 Blog

TeamPCP Supply Chain Attacks Turning Geopolitical Tension into Actionable Intelligence CVE-2025-68613: Zerobot botnet exploits critical vulnerability impacting n8n AI orchestration platform Introducing Cyber Threat Exposure Bundle: A Unified Approach to External Risk CVE-2026-20127: Critical Cisco SD-WAN vulnerability exploited in wild Handala Threat Group OpenClaw: A viral AI assistant and a magnet for infostealer malware and ClickFix trickery Israeli, US strikes against Iran triggers a surge in hacktivist activity CVE-2026-1731: Finding a critical RCE in an age of AI-driven vulnerability research Born to bypass MFA: Taking down Tycoon 2FA The UK Cyber Security Resilience Bill How AI and the human advantage beat tomorrow’s threats Winter Olympics 2026: Hacktivism Surges Ahead of Protests and Suspected Sabotage How Threat Hunting and “Good” Metrics Help The Business Likely fake ransomware operator 0APT causes panic — Our analysis Hunting APTs: from state policy to TTPs CrazyHunter Ransomware DevMan Ransomware Introducing HUNTER Tuning: a New Tool for Driving Behavioral Threat Hunt Detections Battling check fraud in the U.S. Gootloader Malware Update Shai-Hulud Worm 2.0 New FvncBot Android banking trojan targets Poland White Paper Preview: Black "Fraud Day” and Beyond — The Key Cyber Threats Facing the Retail Sector this Holiday Season Threat hunting case study: Detecting IAB activity Using deception to extract cyber threat intelligence Lynx Ransomware Qilin Ransomware Group ClickFix: Tricking users into installing infostealers Cybercrime Takedowns: Trust, Partnerships and Focus How card fraud is powered by underground card checkers Tracking down The Com Turning Chaos into Clarity: The Next Phase of Intel 471’s Geopolitical Intelligence Solution The FBI’s Group 78: Covertly fighting ransomware? How threat actors bypass multifactor authentication Crimson Collective In a digital age, US paper check fraud flourishes How you can defend against AI-driven fraud and phishing Detecting cybercriminal activity on Telegram NPM - Shai-Hulud Worm Threat hunting case study: ToolShell AMOS Stealer How AI can (and can’t) help in threat hunting The Phrack leak: Examining an APT’s workstation How initial access offers power intrusions and ransomware Drawing value from cyber threat intelligence “Pig-Butchering” Scams: The Dark Side of Social Engineering and Why Terminology Matters After disruption, XSS cybercrime forum faces loss of trust Update: Salt Typhoon Bridging the CTI Gap: New Exposure Modules on Verity471 Deliver Market-Disrupting Views of Threats Introducing Verity471: Cyber Threat Intelligence Ready to Operationalize FileFix Social Engineering Technique Guided Threat Hunts Takes Your Behavioral Threat Hunting to the Next Level Defending against doxing CVE-2025-53770 - Microsoft Sharepoint Mass Exploitation (ToolShell) Threat hunting case study: Lumma infostealer Pro-Russian hacktivism: Shifting alliances, new groups and risks mommy Access Broker NATO summit commences in tandem with tense cyber, kinetic conflict A look at ‘Tinker,’ Black Basta’s phishing fixer, negotiator Threat hunting case study: DragonForce Two critical challenges facing CTI teams and how to overcome them: Intel 471’s additional insights into the SANS 2025 CTI Survey Android malware trends: Stealthier, easier-to-use Fingerprinting threat actors by their anonymity techniques DanaBot malware disrupted, threat actors named Intel 471 brings HUNTER behavioral threat hunts to Google Security Operations SANS 2025 CTI Survey: It’s Business Time for Cyber Risk How an alleged Russian hacker slipped away Threat hunting case study: Medusa ransomware CVE-2025-31324 - SAP NetWeaver Vulnerability DragonForce Ransomware Managing a cyber crisis LabHost: A defunct but potent phishing service Understanding and threat hunting for RMM software misuse Threat-hunting case study: Windows Management Instrumentation abuse VanHelsing Ransomware An in-depth look at Black Basta's TTPs Six Key Takeaways From the SANS 2025 Threat Hunting Survey Update: Medusa Ransomware Writing high-quality IDS detection rules Threat hunting case study: RMM software Update: LockBit Ransomware Zservers: Bulletproof hosting for online crime Update: Black Basta Ransomware and Threat Group Black Basta exposed: A look at a cybercrime data leak BadPilot Campaign The evolution of Russian cybercrime Android trojan TgToxic updates its capabilities Threat hunting case study: SocGholish DeepSeek AI poses cybersecurity risks Law enforcement hammered cybercrime in 2024. Is it working? Remote Monitoring and Management (RMM) Abuse How threat actors are using artificial intelligence Threat hunting case study: PsExec How ransomware may trend in 2025 What 2025 May Hold for Cybersecurity Bring Your Own Hunts to HUNTER ‘Tis the Season to Be Alert for Cyber Threats: 5 Unjoyful Holiday Tactics Collecting Useful CTI from Underground Markets Expanding source coverage: adding Signal chats to threat intelligence
You need to adjust your patch priorities!
2020-05-21 · via Intel 471 Blog

20.05.2020 2No Button You Need to Patch Blog Graphic 01 01 01 01 01

Some business people might say the security folks don’t understand the dollar impact of taking a system offline. The reality is in business often time is money and quantifying the cost of key systems being taken offline is a real thing. Some security folks might also say that your business folks don’t understand or care about the risk or impact of a vulnerability being exploited. This is an age-old situation that pits two competing worlds where one side might be more comfortable with taking risks and the other tends to be more risk averse. Queue your cyber threat intelligence team…the perfect referee in this conversation.

Patching decisions must be based on a solid (as possible) calculation of risk to your organization associated with a subject vulnerability. Everyone’s probably sick of hearing about the risk equation, but let’s revisit it just one more time for the sake of this conversation:

RISK = IMPACT * PROBABILITY / COST

Measuring impact and cost are often an internal facing exercise encompassing data that is readily available as long as the right people are at the table. We’re going to focus on measuring the more abstract concept of probability given a particular vulnerability. Some will focus on the vulnerabiliy’s CVSS score, but this is merely a standalone measure of severity of the vulnerability. There’s little to no context or business realities being taken into account with the CVSS. It’s simply not a measure of risk and even the CVSS 3.1 standard itself tells us we shouldn’t rely on it as a measure of risk:


“The CVSS Specification Document has been updated to emphasize and clarify the fact that CVSS is designed to measure the severity of a vulnerability and should not be used alone to assess risk.”

Source: https://www.first.org/cvss/use...

Supporting an assessment of probability is the perfect situation to leverage Threat Intelligence. This is where some of your known unknowns become known. If you are asking your CTI team or vendors to support vulnerability management and patch prioritization you should be asking the below questions. If your CTI capability is not supporting vulnerability management and patch prioritization you need to ask why not!

Intelligence requirements to support patch prioritization:

  • What is the level of interest in open sources, the underground and privately amongst cybercriminals?
  • Is proof-of-concept (POC) code being traded or for sale in the underground, in open sources or privately between cybercriminals?
  • Have attacks in the wild been observed?
  • Has the exploit been weaponized?
  • Has an exploit been productized into a known exploitation framework or kit?
  • Lastly, some like to take volumetric keyword hits against vulnerability terms or CVEs, but the problem is this often lacks context. If you are truly going to have intelligence support to patch prioritization you need context – actual conversations amongst threat actors, assessments and history to assess threat actor capabilities and intent, etc.

For example, here’s what we call a SPOTREP* that we sent out to our clients that would have been routed to anyone subscribed to our Vulnerability and Exploits General Intelligence Requirements (GIRs):

A SPOTREP is a short succinct intelligence notice that relays a significant piece of information to analysts that may be considered time sensitive.

We have a significant threat actor who has communicated to the market that a specific vulnerability was integrated into a widely used exploit kit. The barrier to entry to leverage this exploit dropped significantly. If this sort of data point and context doesn’t help drive the probability equation and assessment of risk in general then there may not be much else that will. This sort of information can be leveraged regularly and should be. Lean on your CTI teams and vendors to support the very important use-case of patch prioritization. CTI teams reach out to your vulnerability managers and show them how you can support their use-case and the business overall.

Want to see an example of Vulnerability Intelligence? Please consider subscribing to our Periscope list and get a monthly version of Intel 471’s CVE Weaponization Report, which is curated by Intel 471 analysts who track the life cycle of vulnerabilities from initial disclosure to exploit weaponization and productization observed in the underground. You can read more about it here: www.intel471.com/periscope.html.

Lastly, we’re finalizing our Vulnerability Intelligence Splunk Application so please stay tuned on splunkbase.com for more information. It will be a Splunk version of our live Vulnerability Intelligence dashboard found in our Titan platform. Here’s a teaser….