Security News

Threat hunting with MITRE ATT&CK and Wazuh
2022-11-18 12:07

Wazuh offers robust capabilities like file integrity monitoring, security configuration assessment, threat detection, automated response to threats, and integration with solutions that provide threat intelligence feeds. Wazuh comes with the MITRE ATT&CK module out-of-the-box and threat detection rules mapped against their corresponding MITRE technique IDs.

Making Sense of EPP  Solutions: Reading the 2022 MITRE ATT&CK® Evaluation Results
2022-07-25 00:00

According to the Fortinet February 2022 Global Threat Landscape Report, industries worldwide experienced a dramatic 15x growth in ransomware volume over the past 18 months, with sustained volume throughout 2021. Attacks are harder to stop because of the evolution of increasing capabilities thanks to a very active economy of threat actors with fresh code for sale.

MITRE shares this year's list of most dangerous software bugs
2022-06-28 16:29

MITRE shared this year's list of the top 25 most common and dangerous weaknesses impacting software throughout the previous two calendar years. Software weaknesses are flaws, bugs, vulnerabilities, or various other errors found in software solutions' code, architecture, implementation, or design.

2022-04-27 04:00

CIS relies on the contributions of these passionate industry experts to create and maintain the CIS Benchmarks. To start these new mappings, CIS focused on two of the most downloaded CIS Benchmarks - Microsoft Windows 10 and Red Hat Enterprise Linux 7 - and drilled in to MITRE ATT&CKtechniques.

Results Overview: 2022 MITRE ATT&CK Evaluation – Wizard Spider and Sandworm Edition
2022-04-04 06:58

To ensure cybersecurity providers are battle ready, MITRE Engenuity uses real-world attack scenarios and tactics implemented by threat groups to test security vendors' capabilities to protect against threats - the MITRE ATT&CK Evaluation. Each vendor's detections and capabilities are assessed within the context of the MITRE ATT&CK Framework.

Results overview: 2022 MITRE ATT&CK Evaluation – Wizard Spider and Sandworm edition
2022-04-01 12:55

To ensure cybersecurity providers are battle ready, MITRE Engenuity uses real-world attack scenarios and tactics implemented by threat groups to test security vendors' capabilities to protect against threats - the MITRE ATT&CK Evaluation. Each vendor's detections and capabilities are assessed within the context of the MITRE ATT&CK Framework.

Week in review: CVE + MITRE ATT&CK methodology, new issue of (IN)SECURE Magazine
2021-11-07 09:00

SECURE Magazine issue 70 released(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Financial services need to prioritize API security to protect their customersNoname Security and Alissa Knight, Partner at Knight Ink and recovering hacker, announced a research which unveils a number of vulnerabilities in the banking, cryptocurrency exchange, and FinTech industries.

MITRE shares list of most dangerous hardware weaknesses
2021-11-02 12:27

MITRE shared a list of the topmost dangerous programming, design, and architecture security flaws plaguing hardware this year. This list is the result of the not-for-profit MITRE organization collaborating within the Hardware CWE Special Interest Group, a community of individuals representing organizations from "Hardware design, manufacturing, research, and security domains, as well as academia and government."

Week in review: MITRE ATT&CK v10 released, BEC scammers’ latest tricks, WFH security tactics
2021-10-24 08:00

Remote access security strategy under scrutiny as hybrid/remote working persistsA report by Menlo Security highlights growing concerns about securing users as the trend for hybrid and remote working is set to remain. In a recent report, Allianz Global Corporate & Specialty analyzes the latest risk developments around ransomware and outlines how companies can strengthen their defenses with good cyber hygiene and IT security practices.

Released: MITRE ATT&CK v10
2021-10-22 10:01

MITRE Corporation has released the tenth version of ATT&CK, its globally accessible knowledge base of cyber adversary tactics and techniques based on real-world observations."The data source object features the name of the data source as well as key details and metadata, including an ID, a definition, where it can be collected, what platform(s) it can be found on, and the data components highlighting relevant values/properties that comprise the data source," MITRE ATT&CK Content Lead Amy L. Robertson and cybersecurity engineers Alexia Crumpton and Chris Ante explained.