Security News

MITRE shared today this year's list of the top 25 most dangerous weaknesses plaguing software during the previous two years.Software weaknesses encompass a wide range of issues, including flaws, bugs, vulnerabilities, and errors in software solutions' code, architecture, implementation, or design.

The U.S. Cybersecurity & Infrastructure Security Agency has released 'Decider,' an open-source tool that helps defenders and security analysts quickly generate MITRE ATT&CK mapping reports.CISA recently published a "Best practices" guide about MITRE ATT&CK mapping, highlighting the importance of using the standard.

MITRE ATT&CK is a knowledge base of adversary tactics and techniques based on real-world observations. Below you can find a collection of MITRE ATT&CK tools and resources available for free.

Wazuh offers robust capabilities like file integrity monitoring, security configuration assessment, threat detection, automated response to threats, and integration with solutions that provide threat intelligence feeds. Wazuh comes with the MITRE ATT&CK module out-of-the-box and threat detection rules mapped against their corresponding MITRE technique IDs.

According to the Fortinet February 2022 Global Threat Landscape Report, industries worldwide experienced a dramatic 15x growth in ransomware volume over the past 18 months, with sustained volume throughout 2021. Attacks are harder to stop because of the evolution of increasing capabilities thanks to a very active economy of threat actors with fresh code for sale.

MITRE shared this year's list of the top 25 most common and dangerous weaknesses impacting software throughout the previous two calendar years. Software weaknesses are flaws, bugs, vulnerabilities, or various other errors found in software solutions' code, architecture, implementation, or design.

CIS relies on the contributions of these passionate industry experts to create and maintain the CIS Benchmarks. To start these new mappings, CIS focused on two of the most downloaded CIS Benchmarks - Microsoft Windows 10 and Red Hat Enterprise Linux 7 - and drilled in to MITRE ATT&CKtechniques.

To ensure cybersecurity providers are battle ready, MITRE Engenuity uses real-world attack scenarios and tactics implemented by threat groups to test security vendors' capabilities to protect against threats - the MITRE ATT&CK Evaluation. Each vendor's detections and capabilities are assessed within the context of the MITRE ATT&CK Framework.

To ensure cybersecurity providers are battle ready, MITRE Engenuity uses real-world attack scenarios and tactics implemented by threat groups to test security vendors' capabilities to protect against threats - the MITRE ATT&CK Evaluation. Each vendor's detections and capabilities are assessed within the context of the MITRE ATT&CK Framework.

SECURE Magazine issue 70 released(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Financial services need to prioritize API security to protect their customersNoname Security and Alissa Knight, Partner at Knight Ink and recovering hacker, announced a research which unveils a number of vulnerabilities in the banking, cryptocurrency exchange, and FinTech industries.