Follow the Blue Bird: A Study on Threat Data Published on Twitter

Abstract: Open Source Intelligence (OSINT) has taken the interest of cybersecurity practitioners due to its completeness and timeliness. In particular, Twitter has proven to be a discussion hub regarding the latest vulnerabilities and exploits. In this paper, we present a study comparing vulnerability databases between themselves and against Twitter. Although there is evidence of OSINT advantages, no methodological studies have addressed the quality and benefits of the sources available. We compare the publishing dates … Show more

“…11 , 12 The creation date of CVE‐ID in NVD is the day when the vulnerability is indexed (it is always public); whereas, in MITER CVE, the creation date is when the CVE‐ID gets reserved. 13 Other vulnerability databases include the Packet Storm 14 and Security Database, 15 which covers vulnerability description, some analysis around possible fixes, mitigation, and known exploits. Since NVD and MITER CVE have strict policies before vulnerability indexing, for this study, both platforms are considered for validating the CVEs reported on Twitter to identify if any vulnerability got disclosed before its indexing.…”

“…Such discussions are done in small groups of 2–13 tweets, but there was no specific account/user to follow for cybersecurity content. 13 …”

“… 17 Vulnerabilities with a colloquial name attract media attention due to which the users discuss them to increase their content visibility. 13 Twitter Dataset Collection in recent research shows different ways, but the most reliable and ethical practice is the official Twitter Application Programming Interface (API), which we choose for this study. Twitter API can be integrated with other solutions for easing accessibility to a large dataset, say fetching hourly data from Twitter and storing them in Amazon EC2, which is retrieved through Elastic Search.…”

“… 18 The other way for retrieving Twitter data is by GetOldTweets as Twitter API gives access to the past week tweets only. 13 The main limitation of this method is that it is a way to scrape Twitter website without Twitter's access keys. Some researchers captured the human‐to‐human interaction on Twitter using the existing datasets and removed Bot communications since tweets from bots are not informative.…”

“…Twitter is chosen to carry out this study due to its unique design where the messages are limited to 280 characters, and the tweets are to the point with associating links. 13 This study provides insights related to vulnerability disclosure and cybersecurity awareness campaigns on Twitter. Our findings will help government organizations, such as CERT, GCSB, and security agencies to conduct better cybersecurity awareness campaigns in the future for taking proactive measures against any vulnerability exploitation.…”

Vulnerability disclosure and cybersecurity awareness campaigns on twitter during COVID‐19

“…11 , 12 The creation date of CVE‐ID in NVD is the day when the vulnerability is indexed (it is always public); whereas, in MITER CVE, the creation date is when the CVE‐ID gets reserved. 13 Other vulnerability databases include the Packet Storm 14 and Security Database, 15 which covers vulnerability description, some analysis around possible fixes, mitigation, and known exploits. Since NVD and MITER CVE have strict policies before vulnerability indexing, for this study, both platforms are considered for validating the CVEs reported on Twitter to identify if any vulnerability got disclosed before its indexing.…”

“…Such discussions are done in small groups of 2–13 tweets, but there was no specific account/user to follow for cybersecurity content. 13 …”

“… 17 Vulnerabilities with a colloquial name attract media attention due to which the users discuss them to increase their content visibility. 13 Twitter Dataset Collection in recent research shows different ways, but the most reliable and ethical practice is the official Twitter Application Programming Interface (API), which we choose for this study. Twitter API can be integrated with other solutions for easing accessibility to a large dataset, say fetching hourly data from Twitter and storing them in Amazon EC2, which is retrieved through Elastic Search.…”

“… 18 The other way for retrieving Twitter data is by GetOldTweets as Twitter API gives access to the past week tweets only. 13 The main limitation of this method is that it is a way to scrape Twitter website without Twitter's access keys. Some researchers captured the human‐to‐human interaction on Twitter using the existing datasets and removed Bot communications since tweets from bots are not informative.…”

“…Twitter is chosen to carry out this study due to its unique design where the messages are limited to 280 characters, and the tweets are to the point with associating links. 13 This study provides insights related to vulnerability disclosure and cybersecurity awareness campaigns on Twitter. Our findings will help government organizations, such as CERT, GCSB, and security agencies to conduct better cybersecurity awareness campaigns in the future for taking proactive measures against any vulnerability exploitation.…”

Vulnerability disclosure and cybersecurity awareness campaigns on twitter during COVID‐19

CySecAlert: An Alert Generation System for Cyber Security Events Using Open Source Intelligence Data

The SAINT observatory subsystem: an open-source intelligence tool for uncovering cybersecurity threats