Security News

MITRE shared a list of the topmost dangerous programming, design, and architecture security flaws plaguing hardware this year. This list is the result of the not-for-profit MITRE organization collaborating within the Hardware CWE Special Interest Group, a community of individuals representing organizations from "Hardware design, manufacturing, research, and security domains, as well as academia and government."

Remote access security strategy under scrutiny as hybrid/remote working persistsA report by Menlo Security highlights growing concerns about securing users as the trend for hybrid and remote working is set to remain. In a recent report, Allianz Global Corporate & Specialty analyzes the latest risk developments around ransomware and outlines how companies can strengthen their defenses with good cyber hygiene and IT security practices.

MITRE Corporation has released the tenth version of ATT&CK, its globally accessible knowledge base of cyber adversary tactics and techniques based on real-world observations."The data source object features the name of the data source as well as key details and metadata, including an ID, a definition, where it can be collected, what platform(s) it can be found on, and the data components highlighting relevant values/properties that comprise the data source," MITRE ATT&CK Content Lead Amy L. Robertson and cybersecurity engineers Alexia Crumpton and Chris Ante explained.

MITRE ATT&CK has become the go-to framework in understanding and visualizing cyber threats and risk. Tips on how to use it as part of your cyber skills strategy.

MITRE's 2021 Top 25 Most Dangerous Software Weaknesses is a list of the most common software issues that can be and are exploited by cyber adversaries. The result is a list of 25 software weaknesses from 'Out-of-bounds Write' to 'Improper Neutralization of Special Elements used in a Command'.

MITRE has shared this year's top 25 list of most common and dangerous weaknesses plaguing software throughout the previous two years. Software weaknesses are flaws, bugs, vulnerabilities, and various other types of errors impacting a software solution's code, architecture, implementation, or design, potentially exposing systems it's running on to attacks.

MITRE Engenuity today released results from its first round of independent ATT&CK Evaluations for Industrial Control Systems. The evaluations examined how cybersecurity products from five ICS vendors detected the threat of Russian-linked Triton malware.

MITRE's Centre for Threat-Informed Defence and Microsoft have jointly rolled out Security Stack Mappings for Azure, aimed at bringing the former's Adversarial Tactics, Techniques, and Common Knowledge framework into the latter's cloud platform - with rival platforms to follow. The deal made Azure the first cloud platform to actively link to ATT&CK by mapping in-built security controls to the framework.

D3FEND, a framework for cybersecurity professionals to tailor defenses against specific cyber threats is now available through MITRE. NSA funded MITRE's research for D3FEND to improve the cybersecurity of National Security Systems, the Department of Defense, and the Defense Industrial Base. The D3FEND technical knowledge base of defensive countermeasures for common offensive techniques is complementary to MITRE's ATT&CK, a knowledge base of cyber adversary behavior.

The project, called D3FEND, is available through the non-profit MITRE Corporation as a catalog of defensive cybersecurity techniques and their relationships to offensive/adversary techniques. The primary goal of the initial D3FEND release is to help standardize the vocabulary used to describe defensive cybersecurity technology functionality.