Security News

SECURE Magazine issue 70 released(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Financial services need to prioritize API security to protect their customersNoname Security and Alissa Knight, Partner at Knight Ink and recovering hacker, announced a research which unveils a number of vulnerabilities in the banking, cryptocurrency exchange, and FinTech industries.

MITRE shared a list of the topmost dangerous programming, design, and architecture security flaws plaguing hardware this year. This list is the result of the not-for-profit MITRE organization collaborating within the Hardware CWE Special Interest Group, a community of individuals representing organizations from "Hardware design, manufacturing, research, and security domains, as well as academia and government."

Remote access security strategy under scrutiny as hybrid/remote working persistsA report by Menlo Security highlights growing concerns about securing users as the trend for hybrid and remote working is set to remain. In a recent report, Allianz Global Corporate & Specialty analyzes the latest risk developments around ransomware and outlines how companies can strengthen their defenses with good cyber hygiene and IT security practices.

MITRE Corporation has released the tenth version of ATT&CK, its globally accessible knowledge base of cyber adversary tactics and techniques based on real-world observations."The data source object features the name of the data source as well as key details and metadata, including an ID, a definition, where it can be collected, what platform(s) it can be found on, and the data components highlighting relevant values/properties that comprise the data source," MITRE ATT&CK Content Lead Amy L. Robertson and cybersecurity engineers Alexia Crumpton and Chris Ante explained.

MITRE ATT&CK has become the go-to framework in understanding and visualizing cyber threats and risk. Tips on how to use it as part of your cyber skills strategy.

MITRE's 2021 Top 25 Most Dangerous Software Weaknesses is a list of the most common software issues that can be and are exploited by cyber adversaries. The result is a list of 25 software weaknesses from 'Out-of-bounds Write' to 'Improper Neutralization of Special Elements used in a Command'.

MITRE has shared this year's top 25 list of most common and dangerous weaknesses plaguing software throughout the previous two years. Software weaknesses are flaws, bugs, vulnerabilities, and various other types of errors impacting a software solution's code, architecture, implementation, or design, potentially exposing systems it's running on to attacks.

MITRE Engenuity today released results from its first round of independent ATT&CK Evaluations for Industrial Control Systems. The evaluations examined how cybersecurity products from five ICS vendors detected the threat of Russian-linked Triton malware.

MITRE's Centre for Threat-Informed Defence and Microsoft have jointly rolled out Security Stack Mappings for Azure, aimed at bringing the former's Adversarial Tactics, Techniques, and Common Knowledge framework into the latter's cloud platform - with rival platforms to follow. The deal made Azure the first cloud platform to actively link to ATT&CK by mapping in-built security controls to the framework.

D3FEND, a framework for cybersecurity professionals to tailor defenses against specific cyber threats is now available through MITRE. NSA funded MITRE's research for D3FEND to improve the cybersecurity of National Security Systems, the Department of Defense, and the Defense Industrial Base. The D3FEND technical knowledge base of defensive countermeasures for common offensive techniques is complementary to MITRE's ATT&CK, a knowledge base of cyber adversary behavior.