Security News

Week in review: Juniper devices compromised, great corporate security blogs, MITRE D3FEND
2023-11-19 09:30

Collaborative strategies are key to enhanced ICS securityIn this Help Net Security interview, Marko Gulan, Cyber Security Consultant at Schneider Electric, discusses the complexities of safeguarding industrial control systems. Modeling organizations' defensive mechanisms with MITRE D3FENDFunded by the National Security Agency, MITRE's D3FEND framework is helping to provide standardization, specificity, and repeatability needed by cybersecurity engineers.

Modeling organizations’ defensive mechanisms with MITRE D3FEND
2023-11-15 06:00

As the framework moves from the beta version to version 1.0 in 2024, we asked D3FEND creator Peter Kaloroumakis how D3FEND will strengthen the cybersecurity community. Can you walk us through the inception of D3FEND and what specific needs in the cybersecurity landscape it aims to address?

MITRE ATT&CK project leader on why the framework remains vital for cybersecurity pros
2023-09-26 04:30

MITRE ATT&CK, a common language for cybersecurity professionals to communicate with each other and better understand real-world adversary behaviors, celebrates its 10th anniversary this fall. What were the main drivers behind the creation of the MITRE ATT&CK framework back in 2013?

How to Interpret the 2023 MITRE ATT&CK Evaluation Results
2023-09-22 10:50

Thorough, independent tests are a vital resource for analyzing provider’s capabilities to guard against increasingly sophisticated threats to their organization. And perhaps no assessment is more...

MITRE Caldera for OT now available as extension to open-source platform
2023-09-06 06:21

MITRE Caldera for OT is now publicly available as an extension to the open-source Caldera platform, allowing security teams to run automated adversary emulation exercises that are specifically focused on threats to operational technology. The first Caldera for OT extensions were developed in partnership between the Homeland Security Systems Engineering and Development Institute, a federally funded research and development center that is managed and operated by MITRE for the Department of Homeland Security, and the Cybersecurity and Infrastructure Security Agency to increase the resiliency of critical infrastructure.

How to Apply MITRE ATT&CK to Your Organization
2023-07-11 11:15

MITRE ATT&CK is a widely adopted framework and knowledge base that outlines and categorizes the tactics, techniques, and procedures used in cyberattacks. The MITRE ATT&CK Framework can be found here: https://attack.

MITRE Unveils Top 25 Most Dangerous Software Weaknesses of 2023: Are You at Risk?
2023-06-30 05:44

MITRE has released its annual list of the Top 25 "Most dangerous software weaknesses" for the year 2023. "These weaknesses lead to serious vulnerabilities in software," the U.S. Cybersecurity and Infrastructure Security Agency said.

MITRE releases new list of top 25 most dangerous software bugs
2023-06-29 16:28

MITRE shared today this year's list of the top 25 most dangerous weaknesses plaguing software during the previous two years.Software weaknesses encompass a wide range of issues, including flaws, bugs, vulnerabilities, and errors in software solutions' code, architecture, implementation, or design.

CISA releases free ‘Decider’ tool to help with MITRE ATT&CK mapping
2023-03-02 14:10

The U.S. Cybersecurity & Infrastructure Security Agency has released 'Decider,' an open-source tool that helps defenders and security analysts quickly generate MITRE ATT&CK mapping reports.CISA recently published a "Best practices" guide about MITRE ATT&CK mapping, highlighting the importance of using the standard.

Top 10 free MITRE ATT&CK tools and resources
2022-12-05 05:30

MITRE ATT&CK is a knowledge base of adversary tactics and techniques based on real-world observations. Below you can find a collection of MITRE ATT&CK tools and resources available for free.