Collaborate Disseminate
Cybercrime reporter Thomas Brewster has written a fascinating exposé of the activities of Mitre Corporation, which has taken on some eyebrow-raising projects for the US government.
Continue reading Mitre, the creepy company checking your fingerprints on Facebook for the US Government
MITRE’s Center for Technology & National Security (CTNS), created to enhance MITRE’s engagement with senior government leadership, named five highly esteemed national security officials to its newly established advisory board. The new advisory boa… Continue reading MITRE’s CTNS names five national security officials to its newly established advisory board
Guardicore unveiled new capabilities for its open source Infection Monkey breach and attack simulation tool, used by thousands to review and analyze how their environments may be vulnerable to lateral movement and attacks. The latest version of Guardic… Continue reading Guardicore Infection Monkey now maps its actions to MITRE ATT&CK knowledge base
MITRE has been doing exceptional work in advancing cybersecurity as a public good, and it is an excellent resource for security professionals. Possibly best known for their ATT&CK Framework, a rich source of adversarial tactics and techniques and t… Continue reading MITRE Releases an Update to The Common Weakness Enumeration (CWE)
U.S. military assistance to Ukraine sparked an impeachment inquiry, but U.S. cybersecurity aid to the Eastern European country continues to flow, unimpeded and under the radar. The State Department on Tuesday announced an additional $8 million in cybersecurity funding for Ukraine, whose electric utilities sector has twice been struck by Russia-linked hackers in recent years. One of those cyberattacks, in 2015, plunged a a quarter of a million Ukrainians into darkness. Ever since then, Washington has tried to ramp up Ukraine’s cyberdefenses with funding and strategic advice, including through a project to help Ukraine develop a national cybersecurity strategy. Some of the new funding will be used for building out Kyiv’s legal and regulatory framework for improving cyberdefenses, the State Department said. The new money is on top of the $10 million in cybersecurity aid the U.S. previously pledged to Ukraine. MITRE Corp., a federally funded not-for-profit, has been contracted […]
The post State Department pledges $8 million more in cybersecurity aid to Ukraine appeared first on CyberScoop.
Continue reading State Department pledges $8 million more in cybersecurity aid to Ukraine
Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each ep… Continue reading Podcast Episode 3: How the MITRE ATT&CK Framework Can Improve Your Defenses
The Mitre Corporation has released version 4.0 of the Common Weakness Enumeration (CWE) list, which has been expanded to include hardware security weaknesses. About CWE The Common Weakness Enumeration (CWE) is a category system for weaknesses and vulne… Continue reading CWE list now includes hardware security weaknesses
Not all attackers are trying to exfiltrate data. In security, we’re all familiar with CIA triad—confidentiality, availability, and integrity. While Exfiltration describes adversarial behavior with the goal of violating confidentiality, atta… Continue reading The MITRE ATT&CK Framework: Impact
The Eastern European hacking group FIN7 has stolen an estimated $1 billion in recent years by sweeping up payment card data processed by hotels and other organizations. The fortune amassed by FIN7, despite the arrest of some of its senior members, has made it one of the most potent criminal threats to organizations around the world. Changes the group has made to its hacking tools in recent months have meant more breaches, and likely more money, for FIN7. Now, a U.S. government-funded organization is trying to put a dent in FIN7 hacks by evaluating the group’s attack techniques against widely used cybersecurity software. Vendors will be assessed on their ability to block FIN7-like intrusions and, with the results made public next year, hopefully improve their products. While FIN7 is the subject of the evaluation, the attack techniques tested will “be applicable across a broad spectrum of adversaries,” said Frank Duff, […]
The post Can software vendors block a notorious criminal group’s attacks? MITRE wants to find out appeared first on CyberScoop.
The only ‘solution’ I thought of is linking a CVE to a CWE and then to a CAPEC (Method found in this link: How to find CAPEC items related to a CVE) but I am unable to get from a CAPEC attack pattern to a technique/tactic in the ATT&CK… Continue reading Is there a way to map each CVE to a technique/tactic in the mitre ATT&CK matrix?