MITRE

Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges

Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges 2024-12-02 at 07:12 By Mirko Zorz In this Help Net Security interview, Alec Summers, Project Leader for the CVE Program at MITRE, shares his insights on the 2024 CWE top 25 most dangerous software weaknesses. He discusses the impact of the new methodology that […]

React to this headline:

Loading spinner

Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges Read More »

MITRE Adds Mitigations to EMB3D Threat Model

MITRE Adds Mitigations to EMB3D Threat Model 2024-10-02 at 17:01 By Ionut Arghire MITRE has expanded the EMB3D Threat Model with essential mitigations to help organizations address threats to embedded devices. The post MITRE Adds Mitigations to EMB3D Threat Model appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

MITRE Adds Mitigations to EMB3D Threat Model Read More »

VMware Abused in Recent MITRE Hack for Persistence, Evasion

VMware Abused in Recent MITRE Hack for Persistence, Evasion 2024-05-23 at 17:16 By Eduard Kovacs MITRE has shared information on how China-linked hackers abused VMware for persistence and detection evasion in the recent hack. The post VMware Abused in Recent MITRE Hack for Persistence, Evasion appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

VMware Abused in Recent MITRE Hack for Persistence, Evasion Read More »

MITRE EMB3D Threat Model Officially Released

MITRE EMB3D Threat Model Officially Released 2024-05-14 at 14:02 By Eduard Kovacs MITRE announced the public availability of the EMB3D threat model for embedded devices used in critical infrastructure. The post MITRE EMB3D Threat Model Officially Released appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to

React to this headline:

Loading spinner

MITRE EMB3D Threat Model Officially Released Read More »

MITRE EMB3D improves security for embedded devices

MITRE EMB3D improves security for embedded devices 2024-05-13 at 17:01 By Industry News MITRE released EMB3D, a cybersecurity threat model for embedded devices. The model provides a cultivated knowledge base of cyber threats to embedded devices, providing a common understanding of these threats with the security mechanisms required to mitigate them. The model is the

React to this headline:

Loading spinner

MITRE EMB3D improves security for embedded devices Read More »

MITRE breach details reveal attackers’ successes and failures

MITRE breach details reveal attackers’ successes and failures 2024-05-08 at 14:16 By Zeljka Zorz MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. On that day, the attackers deployed a web shell on an external-facing Ivanti Connect

React to this headline:

Loading spinner

MITRE breach details reveal attackers’ successes and failures Read More »

MITRE and NVIDIA build AI supercomputer for federal agency use

MITRE and NVIDIA build AI supercomputer for federal agency use 2024-05-08 at 13:46 By Industry News MITRE is building a new capability intended to give its AI researchers and developers access to a massive increase in computing power. The new capability, MITRE Federal AI Sandbox, will provide better experimentation of next generation AI-enabled applications for

React to this headline:

Loading spinner

MITRE and NVIDIA build AI supercomputer for federal agency use Read More »

MITRE Hack: China-Linked Group Breached Systems in December 2023

MITRE Hack: China-Linked Group Breached Systems in December 2023 2024-05-07 at 11:16 By Eduard Kovacs MITRE has shared more details on the recent hack, including the new malware involved in the attack and a timeline of the attacker’s activities. The post MITRE Hack: China-Linked Group Breached Systems in December 2023 appeared first on SecurityWeek. This

React to this headline:

Loading spinner

MITRE Hack: China-Linked Group Breached Systems in December 2023 Read More »

MITRE breached by nation-state threat actor via Ivanti zero-days

MITRE breached by nation-state threat actor via Ivanti zero-days 2024-04-22 at 15:16 By Zeljka Zorz MITRE has been breached by attackers via two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti’s Connect Secure VPN devices. The attackers have also managed to move laterally and compromise the company network’s VMware infrastructure, MITRE confirmed late last week. What is

React to this headline:

Loading spinner

MITRE breached by nation-state threat actor via Ivanti zero-days Read More »

MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days

MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days 2024-04-22 at 13:16 By Eduard Kovacs MITRE R&D network hacked in early January by a state-sponsored threat group that exploited an Ivanti zero-day vulnerability. The post MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days Read More »

GSMA releases Mobile Threat Intelligence Framework

GSMA releases Mobile Threat Intelligence Framework 2024-04-10 at 06:01 By Help Net Security GSM Association’s Fraud and Security Group (FASG) has published the first version of a framework for describing, in a structured way, how adversaries attack and use mobile networks, based on the tactics, techniques and procedures (TTPs) that they use. The Mobile Threat

React to this headline:

Loading spinner

GSMA releases Mobile Threat Intelligence Framework Read More »

CVE and NVD – A Weak and Fractured Source of Vulnerability Truth

CVE and NVD – A Weak and Fractured Source of Vulnerability Truth 2024-04-03 at 17:17 By Kevin Townsend MITRE is unable to compile a list of all new vulnerabilities, and NIST is unable to subsequently, and consequently, provide an enriched database of all vulnerabilities. What went wrong, and what can be done? The post CVE

React to this headline:

Loading spinner

CVE and NVD – A Weak and Fractured Source of Vulnerability Truth Read More »

Public anxiety mounts over critical infrastructure resilience to cyber attacks

Public anxiety mounts over critical infrastructure resilience to cyber attacks 2024-03-18 at 12:01 By Help Net Security With temporary failures of critical infrastructure on the rise in the recent years, 81% of US residents are worried about how secure critical infrastructure may be, according to MITRE and The Harris Poll. Public views cyberattacks as greatest

React to this headline:

Loading spinner

Public anxiety mounts over critical infrastructure resilience to cyber attacks Read More »

OpenARIA: Open-source edition of the Aviation Risk Identification and Assessment (ARIA)

OpenARIA: Open-source edition of the Aviation Risk Identification and Assessment (ARIA) 2024-03-08 at 06:51 By Mirko Zorz MITRE now offers an open-source version of its Aviation Risk Identification and Assessment (ARIA) software suite, OpenARIA. This initiative is dedicated to enhancing aviation safety and efficiency through the active involvement of the aviation community. ARIA suite The

React to this headline:

Loading spinner

OpenARIA: Open-source edition of the Aviation Risk Identification and Assessment (ARIA) Read More »

Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressive

Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressive 2024-02-13 at 07:31 By Kevin Townsend A malware tactic dubbed ‘hunter-killer’ is growing, based on an analysis of more than 600,000 malware samples. This may become the standard approach for advanced attacks. The post Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressive appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressive Read More »

EMB3D Threat Model: Understand threats to embedded devices in critical infrastructure

EMB3D Threat Model: Understand threats to embedded devices in critical infrastructure 14/12/2023 at 11:45 By Industry News Critical infrastructure depends on embedded devices across industries such as oil and natural gas, electric, water management, automotive, medical, satellite, autonomous systems, and unmanned aircraft systems. However, these devices often lack proper security controls and are insufficiently tested

React to this headline:

Loading spinner

EMB3D Threat Model: Understand threats to embedded devices in critical infrastructure Read More »

MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure

MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure 13/12/2023 at 19:02 By Eduard Kovacs MITRE and partners unveil EMB3D, a new threat model designed for critical infrastructure embedded devices. The post MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure Read More »

Modeling organizations’ defensive mechanisms with MITRE D3FEND

Modeling organizations’ defensive mechanisms with MITRE D3FEND 15/11/2023 at 09:02 By Mirko Zorz Funded by the National Security Agency, MITRE’s D3FEND framework is helping to provide standardization, specificity, and repeatability needed by cybersecurity engineers. As the framework moves from the beta version to version 1.0 in 2024, we asked D3FEND creator Peter Kaloroumakis how D3FEND

React to this headline:

Loading spinner

Modeling organizations’ defensive mechanisms with MITRE D3FEND Read More »

MITRE partners with Microsoft to address generative AI security risks

MITRE partners with Microsoft to address generative AI security risks 06/11/2023 at 19:32 By Industry News MITRE and Microsoft have added a data-driven generative AI focus to MITRE ATLAS, a community knowledge base that security professionals, AI developers, and AI operators can use as they protect AI-enabled systems. This new framework update and associated new

React to this headline:

Loading spinner

MITRE partners with Microsoft to address generative AI security risks Read More »

MITRE ATT&CK v14 released

MITRE ATT&CK v14 released 02/11/2023 at 12:16 By Zeljka Zorz MITRE has released MITRE ATT&CK v14, the newest iteration of its popular investigation framework / knowledge base of tactics and techniques employed by cyber attackers. MITRE ATT&CK v14 ATT&CK’s goal is to catalog and categorize behaviors of cyber adversaries in real-world attacks. The framework is

React to this headline:

Loading spinner

MITRE ATT&CK v14 released Read More »

Scroll to Top