Collaborate Disseminate
MITRE released an ATT&CK knowledge base of the tactics and techniques that cyber adversaries use when attacking ICS that operate some of the nation’s most critical infrastructures including energy transmission and distribution plants, oil refineri… Continue reading ATT&CK for ICS: Knowledge base of techniques used by cyber adversaries
In episode 94 of our monthly show for November 2019: The 25 most dangerous vulnerabilities, the privacy of new “smart cities”, and which search engine keeps your searches more private? It’s DuckDuckGo vs. Google! ** Show notes and lin… Continue reading Top 25 Most Dangerous Vulnerabilities, Smart City Privacy, DuckDuckGo vs. Google
The Common Weakness Enumeration (CWE), a community-developed compilation of the most critical errors leading to vulnerabilities in software, has lowered SQL Injection from its #1 spot as the most dangerous attack technique. SQL Injection, one of the ol… Continue reading SQL Injection loses #1 spot as most dangerous attack technique
MITRE has launched a tech foundation to advance its mission of solving problems for a safer world by working with the private sector to strengthen critical infrastructure. The foundation provides MITRE a new pathway to work with industry, academia, and… Continue reading MITRE Engenuity to strengthen critical infrastructure
Everyone involved in the triage, investigation and response to security incidents battles the same adversary: Time. Whether you are…
The post Incorporating the MITRE ATT&CK Framework into Your SOAR to Deliver Faster Investigations an… Continue reading Incorporating the MITRE ATT&CK Framework into Your SOAR to Deliver Faster Investigations and Improved Visibility
The Common Vulnerabilities and Exposures (CVE) system is 20 years old this week. Continue reading Happy Birthday, CVE!
A document that cybersecurity professionals consult in analyzing hacking groups will soon expand to include attack techniques used against industrial control systems, a recognition of the growing number of adversaries that target critical infrastructure. The goal is to help organizations understand and defend against disruptive cyberattacks like the one that cut power for some 225,000 people in Ukraine in 2015. That means filling in gaps in the cybersecurity community’s knowledge base of the hacking methods that are unique to industrial environments as well as those that also apply to IT networks. The document, known as the “ATT&CK” framework, should account for the “full gamut of adversary behavior,” said Otis Alexander, one of the lead cybersecurity engineers who helps maintain it at MITRE Corp., a federally funded not-for-profit organization. The updated framework could be available to network defenders as soon as December. It will cover attacks against ICS protocols and ways in which hackers might hinder incident response, Alexander said at MITRE’s ATT&CKcon conference […]
The post How would MITRE’s popular cyberattack framework apply to industrial control systems? appeared first on CyberScoop.
An in-depth study of reported bugs has produced a list of the top 25 bug categories in software today – with some old familiar names topping the list. Continue reading No surprises in the top 25 most dangerous software errors
SentinelOne, the autonomous endpoint protection company, announced new EDR capabilities that take its integration with the MITRE ATT&CK framework to the next level. Delivered via SentinelOne’s single agent, single codebase, single console architec… Continue reading SentinelOne integrates the MITRE framework with its ActiveEDR and Ranger IoT capabilities
Permalink
The post SANS Blue Team Summit 2019, Jamie Williams’ ‘To Blue With ATT&CK-Flavored Love’ appeared first on Security Boulevard.
Continue reading SANS Blue Team Summit 2019, Jamie Williams’ ‘To Blue With ATT&CK-Flavored Love’