Security News

MITRE has named Wen Masters as vice president for cyber technologies, where she will lead corporate cybersecurity strategy beginning May 17, 2021. Masters will be responsible for developing a wide range of cyber capabilities and solutions, including programs that address key economic and national security challenges such as securing critical infrastructure against foreign exploitation and protecting American intellectual property from cyber theft by foreign adversaries.

The Mitre Corporation has released the ninth version of its ATT&CK knowledge base of adversary tactics and techniques, which now also includes a newly created ATT&CK matrix for containers. MITRE has also revamped data sources, consolidated IaaS platforms, added a Google Workspace matrix, updated macOS-based attack techniques and added macOS-specific malware, and has created a brand new ATT&CK for Containers matrix.

A new webinar aims to provide some clarity on what to look for and how to interpret the results. Most importantly, the webinar will show how to get real value out of the evaluation results as a tool for understanding a vendor's strengths.

April is usually a whirlwind month for the cybersecurity industry as it coincides with the release of the highly regarded and influential MITRE ATT&CK test results. The result is a storm of spin and PR that is hard to navigate.

MITRE named Dana Jackson as senior vice president and general manager, MITRE National Security Sector, where he will serve as a catalyst for accelerating change in how our nation addresses its greatest national security challenges and drive solutions of national impact. He is responsible for the strategic growth and execution of MITRE's national security programs, including support to the U.S. Department of Defense, the U.S. Department of Justice, and the Intelligence Community, including leading the National Security Engineering Center.

MITRE Engenuity will assess commercial cybersecurity products' ability to detect the threat posed by the groups commonly known as Sandworm and Wizard Spider, both of whom have used data encryption as a key element of their attacks. The evaluations will use ATT&CK, a MITRE-curated knowledge base of adversary tactics, techniques, and procedures that is based on published threat reporting.

Phishers tricking users via fake LinkedIn Private Shared DocumentPhishers are trying to trick users into opening a "LinkedIn Private Shared Document" and entering their login credentials into a fake LinkedIn login page, security researcher JB Bowers warns. Apple details major security, privacy enhancements in its devicesApple has released on Thursday a newer version of its Platform Security Guide, outlining the security and privacy innovations and improvements its users will be able to take advantage of.

Purdue University and MITRE are combining their expertise and capabilities to form a new public-private partnership focusing on key areas of national safety and security. Purdue will join MITRE as one of its select academic vision partners.

MITRE ATT&CK helps understand attacker behavior. The MITRE ATT&CK framework is a well known and widely used knowledge base of cyber adversary tactics, techniques and procedures, and is based on observations on real-world attacks.

There's a good reason everyone's talking about MITRE ATT&CK: it's an objective, third-party standard with which organizations can measure their own detection coverage, as well as the coverage provided by EDR solutions. Still, even while you appreciate ATT&CK, it's not always clear how you can use it to improve your own organizational security.