Security News

To ensure cybersecurity providers are battle ready, MITRE Engenuity uses real-world attack scenarios and tactics implemented by threat groups to test security vendors' capabilities to protect against threats - the MITRE ATT&CK Evaluation. Each vendor's detections and capabilities are assessed within the context of the MITRE ATT&CK Framework.

To ensure cybersecurity providers are battle ready, MITRE Engenuity uses real-world attack scenarios and tactics implemented by threat groups to test security vendors' capabilities to protect against threats - the MITRE ATT&CK Evaluation. Each vendor's detections and capabilities are assessed within the context of the MITRE ATT&CK Framework.

SECURE Magazine issue 70 released(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Financial services need to prioritize API security to protect their customersNoname Security and Alissa Knight, Partner at Knight Ink and recovering hacker, announced a research which unveils a number of vulnerabilities in the banking, cryptocurrency exchange, and FinTech industries.

MITRE shared a list of the topmost dangerous programming, design, and architecture security flaws plaguing hardware this year. This list is the result of the not-for-profit MITRE organization collaborating within the Hardware CWE Special Interest Group, a community of individuals representing organizations from "Hardware design, manufacturing, research, and security domains, as well as academia and government."

Remote access security strategy under scrutiny as hybrid/remote working persistsA report by Menlo Security highlights growing concerns about securing users as the trend for hybrid and remote working is set to remain. In a recent report, Allianz Global Corporate & Specialty analyzes the latest risk developments around ransomware and outlines how companies can strengthen their defenses with good cyber hygiene and IT security practices.

MITRE Corporation has released the tenth version of ATT&CK, its globally accessible knowledge base of cyber adversary tactics and techniques based on real-world observations."The data source object features the name of the data source as well as key details and metadata, including an ID, a definition, where it can be collected, what platform(s) it can be found on, and the data components highlighting relevant values/properties that comprise the data source," MITRE ATT&CK Content Lead Amy L. Robertson and cybersecurity engineers Alexia Crumpton and Chris Ante explained.

MITRE ATT&CK has become the go-to framework in understanding and visualizing cyber threats and risk. Tips on how to use it as part of your cyber skills strategy.

MITRE's 2021 Top 25 Most Dangerous Software Weaknesses is a list of the most common software issues that can be and are exploited by cyber adversaries. The result is a list of 25 software weaknesses from 'Out-of-bounds Write' to 'Improper Neutralization of Special Elements used in a Command'.

MITRE has shared this year's top 25 list of most common and dangerous weaknesses plaguing software throughout the previous two years. Software weaknesses are flaws, bugs, vulnerabilities, and various other types of errors impacting a software solution's code, architecture, implementation, or design, potentially exposing systems it's running on to attacks.

MITRE Engenuity today released results from its first round of independent ATT&CK Evaluations for Industrial Control Systems. The evaluations examined how cybersecurity products from five ICS vendors detected the threat of Russian-linked Triton malware.