topic Re: https://vulnerability.isc2.org/ - presenting 503 Error in Threats

https://vulnerability.isc2.org/ - presenting 503 Error

Wayne_Evans — Thu, 18 Jan 2024 17:31:16 GMT

Hi all,

is https://vulnerability.isc2.org/ down? All I have been getting when I have been checking for days is HTTP 503 error - or have they killed a very useful benefit of CISSP membership?

KR,
Wayne

Re: https://vulnerability.isc2.org/ - presenting 503 Error

JKWiniger — Thu, 18 Jan 2024 18:27:39 GMT

Confirmed it is down. I have heard nothing about this being discontinued.

@AndreaMoore might know the right team to check with.

John-

Re: https://vulnerability.isc2.org/ - presenting 503 Error

denbesten — Thu, 18 Jan 2024 18:37:52 GMT

Sounds like it just needs a kick in the pants.

The complete message coming back is "503 Service Unavailable: Back-end server is at capacity",.

Re: https://vulnerability.isc2.org/ - presenting 503 Error

isc2jade — Thu, 18 Jan 2024 19:05:11 GMT

Hi Wayne, Vulnerability Central was discontinued as an ISC2 member benefit as of December 31, 2023. If you are interested in continuing to receive Vulnerability Central's list of timely, curated security notifications as a direct service, contact dabbondanzio@cytenna.com for more information.

Re: https://vulnerability.isc2.org/ - presenting 503 Error

ericgeater — Thu, 18 Jan 2024 19:45:25 GMT

I received an email from Cytenna on November 21 of last year, which announced they would end service to ISC2 members on 12-31-2023. I was a long-time subscriber of this service from my "feral, early days" in cybersecurity. The alerts I received were poorly assembled at best, and glacially slow at worst. Cytenna may have been a source, but it was a pitiful source.

Now that I've participated with ISACs, the Center for Internet Security , SANS (both @risk and Internet Storm Center), and CISA, plus less official channels like VXUnderground on Twitter (sorry, no linky!), there's a big difference between their raw, effective alerting structure, and Cytenna's ancillary, meandering reports.

I'm still feral, though.

(my opinion is my own. edited to add CISA)

Re: https://vulnerability.isc2.org/ - presenting 503 Error

JKWiniger — Thu, 18 Jan 2024 19:40:12 GMT

@isc2jade You might consider adding a placeholder page that informs people that it is not longer offered and direct them to other options...

John-

Re: https://vulnerability.isc2.org/ - presenting 503 Error

JoePete — Thu, 18 Jan 2024 20:30:58 GMT

@ericgeater wrote:
Now that I've participated with ISACs, the Center for Internet Security , SANS (both @risk and Internet Storm Center),

I would consider SANS Internet Storm Center the best source, in particular the morning podcasts with Johannes Ullrich. Like you, I found Cytenna quite lacking - I mean their current current HTTPS cert is expired. This industry is full of snakeoil.

Re: https://vulnerability.isc2.org/ - presenting 503 Error

Wayne_Evans — Thu, 18 Jan 2024 21:47:48 GMT

I must have missed the memo about the discontinued benefit - Thank you for confirming @isc2jade that it is no longer available.

@ericgeater Yes there are some great sources there that you list - I will adapt my TTPs (tactics, Techniques & procedures)

Have great day all 🙂

Re: https://vulnerability.isc2.org/ - presenting 503 Error

ericgeater — Fri, 19 Jan 2024 13:30:32 GMT

There's another consideration which would follow your hardware technical debt: do you currently have channels to advisories from their manufacturers? If you have Megusta backup appliances, Sinsalpor network devices, Nolacara server systems, or Bromatonta cellular infrastructure, have you subscribed to any alert notification systems those companies may have available?

Not that companies always do a better job of disseminating alerts which address their own equipment, but that's what you pay for support for, in my mind's eye.