Threats, Vulnerabilities and Malware

A sampling of resources that identify information security threat sources and describe information technology security weaknesses, including a section that lists resources related specifically to malware, which is a significant type of security threat in and of itself.

The best information about threats and vulnerabilities is subject to constant change as the types of threats and vulnerabilities that represent the most current risks are constantly evolving. Always pursue your own study to ensure that your risk assessments sufficiently address your organization's current risks.

Resources on Threats

NIST Taxonomy of Threat Sources – Appendix D and E

Regional Threat Assessment

A-Z Listing of Threats and Risks

Threat Encyclopedia

Symantec Internet Security Threat Report

Application Threat Modeling

OSF Data Loss Database

Verizon Report on Data Breaches

HHS Reported Breaches

Intelligence and National Secuirty Alliance (INSA) Cyber Insider Threat Task Force

The Enemy Within: Dealing with Insider Threats - Presentation

BJA Major White-Collar Crime and Identity Theft

Ponemon Institute Study on Patient Privacy and Data Security (Subscription Required)

HITRUST Cyber Threat Intelligence and Incident Coordination Center (C3)

Resources on Vulnerabilities

Common Vulnerabilities and Exposures

Open Sourced Vulnerability Database

SANS Top Cyber Security Controls

Vulnerability Reporting and Data eXchange SIG (VRDX-SIG)

CERT Vulnerability Analysis

CERT Vulnerability Notes Database

MS-ISAC Cyber Security Advisories

Common Weakness Risk Analysis Framework (CWRAF)

Nationwide Rollup Review of CMS HIPAA Oversight

GAO Report on Medical Devices

Identifying Vulnerabilities and Risks on Your Network

Where and How to Find Vulnerabilities

Open Web Application Security Project

SQL Injection

Testing for Cross-Site Scripting

Cross-Site Request Forgery

Side Channel Vulnerabilities on the Web

Open Redirect

Finding Vulnerabilities in PHP Using Grep

DNS Vulnerabilities and DNSSec

Resources on Viruses and Malware

OWASP Computer Viruses

OWASP Anti-Malware - Knowledge Base

SRI Malware Threat Center

SNORT

Suricata

Sophos Threat Center

McAfee Threat Center

Symantec Security Response

Kaspersky Knowledge Center

McAfee Virus Info

Trend Micro Malware Trends

Malware Investigator