VCDB Alternatives

VCDB reviews and mentions

• 2024 Verizon Data Breach Investigation Report [pdf]
  1 project | news.ycombinator.com | 1 May 2024

  The DBIR is an interesting dataset in that it only covers breaches that have been covered by the media.

  It does not include the vast majority of breaches that happen every year and are reported to federal and state regulatory bodies or as posted to cybercrime / ransomware sites.

  One of the coolest things is that this process though flawed is transparent and semi-open to the public.

  The dataset and the underlying process for which events are selected takes place in the open on GitHub.

  Kudos to their commitment to open source.

  https://github.com/vz-risk/VCDB

• A dramatic new EPA rule will force up to 60% of new US car sales to be EVs in just 7 years
  1 project | /r/technology | 9 Apr 2023
• Ask HN: Are most security breaches based on social engineering?
  3 projects | news.ycombinator.com | 20 Sep 2021

  You can look at:

  - A collection of public threat intel reports [0]. Lot's of reading though. I did some Splunking on it last year and at least 50% uses phishing for initial access. You could call that a structural vulnerability.

  - Exploiting vulnerable public facing stuff is another initial access technique. Here someone collected all the CVEs used by ransomware crews:

  - VERIS community database: collection of 8894 security incidents. If you look in the JSON there are some fields describing the vector and the actor.

  [0] https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_C...

  [1] https://twitter.com/uuallan/status/1437068825636265985

  [2] https://github.com/vz-risk/VCDB

• A note from our sponsor - SaaSHub
  www.saashub.com | 10 May 2024

  SaaSHub helps you find the best software and product alternatives Learn more →