Security News

The classic tools and techniques adversaries deploy remain consistent-with some notable exceptions. Detections for malicious email forwarding rules rose by nearly 600%, as adversaries compromised email accounts, redirected sensitive communications to archive folders and other places users are unlikely to look, and attempted to modify payroll or wire transfer destinations, rerouting money into the criminal's account.

Collaborative strategies are key to enhanced ICS securityIn this Help Net Security interview, Marko Gulan, Cyber Security Consultant at Schneider Electric, discusses the complexities of safeguarding industrial control systems. Modeling organizations' defensive mechanisms with MITRE D3FENDFunded by the National Security Agency, MITRE's D3FEND framework is helping to provide standardization, specificity, and repeatability needed by cybersecurity engineers.

As the framework moves from the beta version to version 1.0 in 2024, we asked D3FEND creator Peter Kaloroumakis how D3FEND will strengthen the cybersecurity community. Can you walk us through the inception of D3FEND and what specific needs in the cybersecurity landscape it aims to address?

MITRE ATT&CK, a common language for cybersecurity professionals to communicate with each other and better understand real-world adversary behaviors, celebrates its 10th anniversary this fall. What were the main drivers behind the creation of the MITRE ATT&CK framework back in 2013?

Thorough, independent tests are a vital resource for analyzing provider’s capabilities to guard against increasingly sophisticated threats to their organization. And perhaps no assessment is more...

MITRE Caldera for OT is now publicly available as an extension to the open-source Caldera platform, allowing security teams to run automated adversary emulation exercises that are specifically focused on threats to operational technology. The first Caldera for OT extensions were developed in partnership between the Homeland Security Systems Engineering and Development Institute, a federally funded research and development center that is managed and operated by MITRE for the Department of Homeland Security, and the Cybersecurity and Infrastructure Security Agency to increase the resiliency of critical infrastructure.

MITRE ATT&CK is a widely adopted framework and knowledge base that outlines and categorizes the tactics, techniques, and procedures used in cyberattacks. The MITRE ATT&CK Framework can be found here: https://attack.

MITRE has released its annual list of the Top 25 "Most dangerous software weaknesses" for the year 2023. "These weaknesses lead to serious vulnerabilities in software," the U.S. Cybersecurity and Infrastructure Security Agency said.

MITRE shared today this year's list of the top 25 most dangerous weaknesses plaguing software during the previous two years.Software weaknesses encompass a wide range of issues, including flaws, bugs, vulnerabilities, and errors in software solutions' code, architecture, implementation, or design.

The U.S. Cybersecurity & Infrastructure Security Agency has released 'Decider,' an open-source tool that helps defenders and security analysts quickly generate MITRE ATT&CK mapping reports.CISA recently published a "Best practices" guide about MITRE ATT&CK mapping, highlighting the importance of using the standard.