MITRE

Moving beyond checkbox security for true resilience

CISO, Compliance, cybersecurity, Don't miss, Features, Hot stuff, MITRE, News, opinion, strategy, threats /

Moving beyond checkbox security for true resilience 2025-03-19 at 08:13 By Mirko Zorz In this Help Net Security interview, William Booth, director, ATT&CK Evaluations at MITRE, discusses how CISOs can integrate regulatory compliance with proactive risk management, prioritize spending based on threat-informed assessments, and address overlooked vulnerabilities like shadow IT and software supply chain risks. […]

React to this headline:

Loading spinner

Moving beyond checkbox security for true resilience Read More »

MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364)

CVE, Don't miss, Hot stuff, MITRE, News, open source, PoC, red team, training /

MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) 2025-02-28 at 17:03 By Zeljka Zorz Users of the MITRE Caldera cyber security platform have been urged to plug a critical hole (CVE-2025–27364) that may allow unauthenticated attackers to achieve remote code execution. About MITRE Caldera MITRE Caldera is a platform built on the

React to this headline:

Loading spinner

MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) Read More »

Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges

Artificial Intelligence, CNA, CVE, cybersecurity, Don't miss, Features, Hot stuff, MITRE, News, opinion, vulnerability management /

Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges 2024-12-02 at 07:12 By Mirko Zorz In this Help Net Security interview, Alec Summers, Project Leader for the CVE Program at MITRE, shares his insights on the 2024 CWE top 25 most dangerous software weaknesses. He discusses the impact of the new methodology that

React to this headline:

Loading spinner

Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges Read More »

MITRE Adds Mitigations to EMB3D Threat Model

ICS, ICS/OT, MITRE /

MITRE Adds Mitigations to EMB3D Threat Model 2024-10-02 at 17:01 By Ionut Arghire MITRE has expanded the EMB3D Threat Model with essential mitigations to help organizations address threats to embedded devices. The post MITRE Adds Mitigations to EMB3D Threat Model appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

MITRE Adds Mitigations to EMB3D Threat Model Read More »

VMware Abused in Recent MITRE Hack for Persistence, Evasion

China APT, Incident Response, MITRE, VMWare /

VMware Abused in Recent MITRE Hack for Persistence, Evasion 2024-05-23 at 17:16 By Eduard Kovacs MITRE has shared information on how China-linked hackers abused VMware for persistence and detection evasion in the recent hack. The post VMware Abused in Recent MITRE Hack for Persistence, Evasion appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

VMware Abused in Recent MITRE Hack for Persistence, Evasion Read More »

MITRE EMB3D Threat Model Officially Released

free tool, IoT Security, MITRE /

MITRE EMB3D Threat Model Officially Released 2024-05-14 at 14:02 By Eduard Kovacs MITRE announced the public availability of the EMB3D threat model for embedded devices used in critical infrastructure. The post MITRE EMB3D Threat Model Officially Released appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to

React to this headline:

Loading spinner

MITRE EMB3D Threat Model Officially Released Read More »

MITRE EMB3D improves security for embedded devices

Industry news, MITRE /

MITRE EMB3D improves security for embedded devices 2024-05-13 at 17:01 By Industry News MITRE released EMB3D, a cybersecurity threat model for embedded devices. The model provides a cultivated knowledge base of cyber threats to embedded devices, providing a common understanding of these threats with the security mechanisms required to mitigate them. The model is the

React to this headline:

Loading spinner

MITRE EMB3D improves security for embedded devices Read More »

MITRE breach details reveal attackers’ successes and failures

APT, backdoor, data breach, Don't miss, government-backed attacks, Hot stuff, Ivanti, Mandiant, MITRE, News, reconnaissance, Volexity, web shell /

MITRE breach details reveal attackers’ successes and failures 2024-05-08 at 14:16 By Zeljka Zorz MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. On that day, the attackers deployed a web shell on an external-facing Ivanti Connect

React to this headline:

Loading spinner

MITRE breach details reveal attackers’ successes and failures Read More »

MITRE and NVIDIA build AI supercomputer for federal agency use

Industry news, MITRE /

MITRE and NVIDIA build AI supercomputer for federal agency use 2024-05-08 at 13:46 By Industry News MITRE is building a new capability intended to give its AI researchers and developers access to a massive increase in computing power. The new capability, MITRE Federal AI Sandbox, will provide better experimentation of next generation AI-enabled applications for

React to this headline:

Loading spinner

MITRE and NVIDIA build AI supercomputer for federal agency use Read More »

MITRE Hack: China-Linked Group Breached Systems in December 2023

China, cyberespionage, espionage, Featured, Ivanti, MITRE, Nation-State, Zero-Day /

MITRE Hack: China-Linked Group Breached Systems in December 2023 2024-05-07 at 11:16 By Eduard Kovacs MITRE has shared more details on the recent hack, including the new malware involved in the attack and a timeline of the attacker’s activities. The post MITRE Hack: China-Linked Group Breached Systems in December 2023 appeared first on SecurityWeek. This

React to this headline:

Loading spinner

MITRE Hack: China-Linked Group Breached Systems in December 2023 Read More »

MITRE breached by nation-state threat actor via Ivanti zero-days

data breach, Don't miss, Hot stuff, Incident Response, Ivanti, Mandiant, MITRE, News, Volexity /

MITRE breached by nation-state threat actor via Ivanti zero-days 2024-04-22 at 15:16 By Zeljka Zorz MITRE has been breached by attackers via two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti’s Connect Secure VPN devices. The attackers have also managed to move laterally and compromise the company network’s VMware infrastructure, MITRE confirmed late last week. What is

React to this headline:

Loading spinner

MITRE breached by nation-state threat actor via Ivanti zero-days Read More »

MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days

Featured, MITRE, Nation-State /

MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days 2024-04-22 at 13:16 By Eduard Kovacs MITRE R&D network hacked in early January by a state-sponsored threat group that exploited an Ivanti zero-day vulnerability. The post MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days Read More »

GSMA releases Mobile Threat Intelligence Framework

framework, GSMA, MITRE, News /

GSMA releases Mobile Threat Intelligence Framework 2024-04-10 at 06:01 By Help Net Security GSM Association’s Fraud and Security Group (FASG) has published the first version of a framework for describing, in a structured way, how adversaries attack and use mobile networks, based on the tactics, techniques and procedures (TTPs) that they use. The Mobile Threat

React to this headline:

Loading spinner

GSMA releases Mobile Threat Intelligence Framework Read More »

CVE and NVD – A Weak and Fractured Source of Vulnerability Truth

CVE, Featured, MITRE, NVD, Vulnerabilities /

CVE and NVD – A Weak and Fractured Source of Vulnerability Truth 2024-04-03 at 17:17 By Kevin Townsend MITRE is unable to compile a list of all new vulnerabilities, and NIST is unable to subsequently, and consequently, provide an enriched database of all vulnerabilities. What went wrong, and what can be done? The post CVE

React to this headline:

Loading spinner

CVE and NVD – A Weak and Fractured Source of Vulnerability Truth Read More »

Public anxiety mounts over critical infrastructure resilience to cyber attacks

critical infrastructure, cybersecurity, Government, MITRE, News, report, risk, survey, The Harris Poll /

Public anxiety mounts over critical infrastructure resilience to cyber attacks 2024-03-18 at 12:01 By Help Net Security With temporary failures of critical infrastructure on the rise in the recent years, 81% of US residents are worried about how secure critical infrastructure may be, according to MITRE and The Harris Poll. Public views cyberattacks as greatest

React to this headline:

Loading spinner

Public anxiety mounts over critical infrastructure resilience to cyber attacks Read More »

OpenARIA: Open-source edition of the Aviation Risk Identification and Assessment (ARIA)

GitHub, MITRE, News, open source, software /

OpenARIA: Open-source edition of the Aviation Risk Identification and Assessment (ARIA) 2024-03-08 at 06:51 By Mirko Zorz MITRE now offers an open-source version of its Aviation Risk Identification and Assessment (ARIA) software suite, OpenARIA. This initiative is dedicated to enhancing aviation safety and efficiency through the active involvement of the aviation community. ARIA suite The

React to this headline:

Loading spinner

OpenARIA: Open-source edition of the Aviation Risk Identification and Assessment (ARIA) Read More »

Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressive

ATT&CK, Featured, Malware & Threats, MITRE, Pincus, Ransomware /

Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressive 2024-02-13 at 07:31 By Kevin Townsend A malware tactic dubbed ‘hunter-killer’ is growing, based on an analysis of more than 600,000 malware samples. This may become the standard approach for advanced attacks. The post Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressive appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressive Read More »

EMB3D Threat Model: Understand threats to embedded devices in critical infrastructure

Industry news, MITRE, Narf, Red Balloon Security /

EMB3D Threat Model: Understand threats to embedded devices in critical infrastructure 14/12/2023 at 11:45 By Industry News Critical infrastructure depends on embedded devices across industries such as oil and natural gas, electric, water management, automotive, medical, satellite, autonomous systems, and unmanned aircraft systems. However, these devices often lack proper security controls and are insufficiently tested

React to this headline:

Loading spinner

EMB3D Threat Model: Understand threats to embedded devices in critical infrastructure Read More »

MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure

framework, ICS/OT, IoT, IoT Security, MITRE, Security Architecture /

MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure 13/12/2023 at 19:02 By Eduard Kovacs MITRE and partners unveil EMB3D, a new threat model designed for critical infrastructure embedded devices. The post MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure Read More »

Modeling organizations’ defensive mechanisms with MITRE D3FEND

CISO, collaboration, Compliance, cybersecurity, Don't miss, Features, framework, Hot stuff, MITRE, News, NSA, opinion, security ROI, security standard, standards, strategy /

Modeling organizations’ defensive mechanisms with MITRE D3FEND 15/11/2023 at 09:02 By Mirko Zorz Funded by the National Security Agency, MITRE’s D3FEND framework is helping to provide standardization, specificity, and repeatability needed by cybersecurity engineers. As the framework moves from the beta version to version 1.0 in 2024, we asked D3FEND creator Peter Kaloroumakis how D3FEND

React to this headline:

Loading spinner

Modeling organizations’ defensive mechanisms with MITRE D3FEND Read More »

Scroll to Top