Security News

MITRE ATT&CK, a common language for cybersecurity professionals to communicate with each other and better understand real-world adversary behaviors, celebrates its 10th anniversary this fall. What were the main drivers behind the creation of the MITRE ATT&CK framework back in 2013?

Thorough, independent tests are a vital resource for analyzing provider’s capabilities to guard against increasingly sophisticated threats to their organization. And perhaps no assessment is more...

MITRE Caldera for OT is now publicly available as an extension to the open-source Caldera platform, allowing security teams to run automated adversary emulation exercises that are specifically focused on threats to operational technology. The first Caldera for OT extensions were developed in partnership between the Homeland Security Systems Engineering and Development Institute, a federally funded research and development center that is managed and operated by MITRE for the Department of Homeland Security, and the Cybersecurity and Infrastructure Security Agency to increase the resiliency of critical infrastructure.

MITRE ATT&CK is a widely adopted framework and knowledge base that outlines and categorizes the tactics, techniques, and procedures used in cyberattacks. The MITRE ATT&CK Framework can be found here: https://attack.

MITRE has released its annual list of the Top 25 "Most dangerous software weaknesses" for the year 2023. "These weaknesses lead to serious vulnerabilities in software," the U.S. Cybersecurity and Infrastructure Security Agency said.

MITRE shared today this year's list of the top 25 most dangerous weaknesses plaguing software during the previous two years.Software weaknesses encompass a wide range of issues, including flaws, bugs, vulnerabilities, and errors in software solutions' code, architecture, implementation, or design.

The U.S. Cybersecurity & Infrastructure Security Agency has released 'Decider,' an open-source tool that helps defenders and security analysts quickly generate MITRE ATT&CK mapping reports.CISA recently published a "Best practices" guide about MITRE ATT&CK mapping, highlighting the importance of using the standard.

MITRE ATT&CK is a knowledge base of adversary tactics and techniques based on real-world observations. Below you can find a collection of MITRE ATT&CK tools and resources available for free.

Wazuh offers robust capabilities like file integrity monitoring, security configuration assessment, threat detection, automated response to threats, and integration with solutions that provide threat intelligence feeds. Wazuh comes with the MITRE ATT&CK module out-of-the-box and threat detection rules mapped against their corresponding MITRE technique IDs.

According to the Fortinet February 2022 Global Threat Landscape Report, industries worldwide experienced a dramatic 15x growth in ransomware volume over the past 18 months, with sustained volume throughout 2021. Attacks are harder to stop because of the evolution of increasing capabilities thanks to a very active economy of threat actors with fresh code for sale.