The Hacker News
How to Apply MITRE ATT&CK to Your Organization
Discover the power of MITRE ATT&CK framework in defending your organization against cyber threats. Build a robust security strategy.
The Hacker News
Results Overview: 2022 MITRE ATT&CK Evaluation – Wizard Spider and Sandworm Edition
Results Overview: 2022 MITRE ATT&CK Evaluation – Wizard Spider and Sandworm Edition
The Hacker News
Threat hunting with MITRE ATT&CK and Wazuh
Wazuh is an open source unified XDR and SIEM platform. Wazuh comes with the MITRE ATT&CK module out-of-the-box and threat detection rules.
SecurityWeek
MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile
MITRE announces the release of ATT&CK v14, which brings enhancements related to detections, ICS, and mobile.
DarkReading
CardinalOps Launches MITRE ATT&CK Security Layers for Measuring Detection Posture
Enables enterprises to operationalize MITRE ATT&CK and build a multi-layered, threat-informed defense to eliminate gaps based on organizational risk and priorities.
The Hacker News
How to Interpret the 2023 MITRE ATT&CK Evaluation Results
How to Interpret the 2023 MITRE ATT&CK Evaluation Results | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.
Bleeping Computer
CISA releases free ‘Decider’ tool to help with MITRE ATT&CK mapping
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released 'Decider,' an open-source tool that helps defenders and security analysts quickly generate MITRE ATT&CK mapping reports.
DarkReading
CISA, MITRE Look to Take ATT&CK Framework Out of the Weeds
The Decider tool is designed to make the ATT&CK framework more accessible and usable for security analysts of every level, with an intuitive interface and simplified language.
Trend Micro
The Evolution of IoT Linux Malware Based on MITRE ATT&CK TTPs
In our study, we relied on the tactics, techniques, and procedures of MITRE ATT&CK to define the malware capabilities and characteristics of IoT Linux malware. We describe our findings and how IoT malware has been evolving.
DarkReading
Red Canary Provides First-Ever MITRE Engenuity™ ATT&CK® Evaluations for Managed Services
Red Canary, a leader in Managed Detection and Response (MDR), is one of 15 providers that participated in the first-ever MITRE Engenuity™ ATT&CK® Evaluations for Managed Services.
Trend Micro
MITRE Engenuity ATT&CK Tests
Trend Micro Vision One achieved a protection score of 100% in this year’s evaluation, proving once again that it is an invaluable tool that provides higher confidence detections for security operations teams.
DarkReading
Most Enterprise SIEMs Blind to MITRE ATT&CK Tactics
Organizations are largely deluded about their own security postures, according to an analysis, with the average SIEM failing to detect a whopping 76% of attacker TTPs.
Cyber Security News
AttackGen : AI-Based Incident Response Tool With MITRE ATT&CK Framework
In the ever-evolving landscape of cybersecurity, the need for advanced tools to simulate and test incident response is critical.
.webp)
Cyber Security News
How to Interpret the MITRE Engenuity ATT&CK® Evaluations For Enterprise
Independent tests are a vital resource as cybersecurity leaders and their teams evaluate vendors’ abilities to guard against increasingly.
CSO
Expel announces MDR for Kubernetes with MITRE ATT&CK framework alignment
Expel MDR for Kubernetes addresses three core layers of Kubernetes applications: configuration, control panel, and run-time security.
DarkReading
Top MITRE ATT&CK Techniques and How to Defend Against Them
A cheat sheet for all of the most common techniques hackers use, and general principles for stopping them.
CSO
New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs
The OSC&R Framework aims to help security professionals better understand and measure software supply chain risk.
DarkReading
MITRE Debuts ICS Threat Threat Modeling for Embedded Systems
EMB3D, like ATT&CK and CWE, seeks to provide a common understanding of cyber-threats to embedded devices and of the security mechanisms for addressing them.
Cyber Security News
5 Sandbox Tools for Phishing Analysis in 2024
Sandbox Tools for Phishing Analysis 2024: 1. Interactivity 2. RSPAMD Integration 3. Suricata Rule Engine 4. MITRE ATT&CK 5.Matrix 6. Phishing Tag.
Trend Micro
An In-Depth Look at ICS Vulnerabilities Part 2
In part two of our three-part series, we continue to analyze vulnerabilities using MITRE ATT&CK. We also look into the sectors affected and their risk levels.
Trend Micro
An In-Depth Look at ICS Vulnerabilities Part 1
In this blog series our team examined various ICS vulnerabilities using the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) for ICS.
Trend Micro
Decoding Turla: Trend Micro's MITRE Performance
This year, the MITRE Engenuity ATT&CK evaluation tested cybersecurity vendors against simulated attack scenarios mimicking the adversary group “Turla.” Learn about Trend Micro's 100% successful protection performance.
DarkReading
MITRE ATT&CKED: InfoSec's Most Trusted Name Falls to Ivanti Bugs
The irony is lost on few, as a Chinese threat actor used eight MITRE techniques to breach MITRE itself — including exploiting the Ivanti bugs that attackers have been swarming on for months.
The Hacker News
Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites
A critical flaw in the hugely popular LiteSpeed Cache plugin for WordPress is being exploited in the wild to create rogue admin accounts, granting att
CyberScoop
How to improve threat detection in ICS environments - CyberScoop
A new report evaluates an end-to-end cyberattack on industrial control systems and offers solutions for threat detection capabilities.
Trend Micro
Expanding Attack Blueprints 2022 Annual Cybersecurity Report
In this blog entry, we shine a spotlight on some of the most critical cybersecurity concerns of 2022, which we discuss in full in our annual cybersecurity report, “Rethinking Tactics: 2022 Annual Security Report.”
Infosecurity News
Experts Warn of Surge in Multipurpose Malware
The average malware variant now utilizes 11 TTPs
CSO
Malware authors leverage more attack techniques that enable lateral movement
Malware authors and cybercriminal groups are making sophisticated techniques practical for threat actors to use more widely, changing threat models.
Trend Micro
Examining the Activities of the Turla APT Group
We examine the campaigns of the cyberespionage group known as Turla over the years, with a special focus on the key MITRE techniques and the corresponding IDs associated with the threat actor group.
CSO
Surge in "hunter-killer" malware poses significant challenge to security teams
Adversaries step up attacks that disable enterprise defenses.
The Hacker News
How to Think Like a Hacker and Stay Ahead of Threats
Think you're protected from cyber attacks? Hackers are always finding new ways to exploit vulnerabilities. Learn to think like a hacker and stay ahead
DataBreaches
New Picus Red Report warns of “Swiss Army knife” malware
The versatility of the latest malware is demonstrated by the fact that a third of the total sample analyzed by Picus Labs is capable of exhibiting more than...
SecurityWeek
The Importance of Open Source to an XDR Architecture
XDR architecture must be broad and deep so that organizations can get the most value out of their existing best-of-breed security solutions, including their free, open-source tools.
SecurityWeek
Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressive
A malware tactic dubbed ‘hunter-killer’ is growing and may become the standard approach for advanced attacks.
Infosecurity News
2023 Cyber Threats: 26,000+ Vulnerabilities, 97 Beyond CISA List
The Qualys report also showed over 7000 vulnerabilities had proof-of-concept exploit code
Bleeping Computer
Wazuh - The free and open source XDR platform
Wazuh is a free and open source security platform that provides unified SIEM and XDR protection. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. Wazuh is one of the fastest growing open source security solutions, with over 10 million downloads per year.
Bleeping Computer
New CISA tool detects hacking activity in Microsoft cloud services
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released a new open-source incident response tool that helps detect signs of malicious activity in Microsoft cloud environments.
The Hacker News
MITRE Unveils EMB3D: A Threat-Modeling Framework for Embedded Devices
MITREcorp has launched EMB3D, a new threat-modeling framework for embedded devices used in critical infrastructure.
Bleeping Computer
US govt: Iranian hackers breached federal agency using Log4Shell exploit
The FBI and CISA revealed in a joint advisory published today that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining malware.
SecurityWeek
Organizations Warned of Top 10 Cybersecurity Misconfigurations Seen by CISA, NSA
CISA and the NSA are urging network defenders and software developers to address the top ten cybersecurity misconfigurations.
SecurityWeek
Governments Issue Warning After Play Ransomware Hits Hundreds of Organizations
US and Australian government agencies warn organizations of the Play ransomware group’s double-extortion tactics.
CyberScoop
Can these researchers help defend satellite systems targeted by hackers?
Despite growing cyberattacks on satellite networks, efforts to protect communication systems in space remain nascent.
DarkReading
Chinese Hackers Deployed Backdoor Quintet to Down MITRE
MITRE's hackers made use of at least five different Web shells and backdoors as part of their attack chain.
Infosecurity News
Stealthy “Hunter-Killer” Malware Detections Surge 333% Annually
Picus Security sees huge uptick in malware designed to detect and disrupt security tooling
ThreatPost
What the Rise in Cyber-Recon Means for Your Security Strategy
Expect many more zero-day exploits in 2022, and cyberattacks using them being launched at a significantly higher rate, warns Aamir Lakhani, researcher at FortiGuard Labs.
DataBreaches
HC3: Analyst Note: LokiBot Malware
Report: 202309291200 Executive Summary Active since 2015 and among the most prevalent and persistent strains of malware families since 2018, LokiBot has...
DataBreaches
HC3: Analyst Note: 8Base Ransomware
November 1, 2023 TLP:CLEAR Report: 202311011500 Executive Summary A recent attack on a U.S.-based medical facility in October 2023 highlights the potential...
DataBreaches
CISA Alert: Daixin Team
Alert (AA22-294A) #StopRansomware: Daixin Team Download the PDF version of this report: pdf, 591 KB Technical Details Note:...
Bleeping Computer
US federal agency hacked using old Telerik bug to steal data
Last year, a U.S. federal agency's Microsoft Internet Information Services (IIS) web server was hacked by exploiting a critical .NET deserialization vulnerability in the Progress Telerik UI for ASP.NET AJAX component.
Bleeping Computer
NSA and CISA reveal top 10 cybersecurity misconfigurations
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) revealed today the top ten most common cybersecurity misconfigurations discovered by their red and blue teams in the networks of large organizations.
DarkReading
Spotlight on 2023 Dan Kaminsky Fellow: Dr. Gus Andrews
As the second Kaminsky Fellow, Dr. Andrews will study the use of threat intelligence to track campaigns against the human rights community.
The Hacker News
Protecting your business with Wazuh: The open source security platform
Wazuh open-source platform combines XDR & SIEM capabilities to protect businesses from evolving threats.
Cyber Security News
How All-in-One Cybersecurity Platform Cynet Makes MSPs Rich & Their Clients Secure
Managed service providers (MSPs) are on the front lines of soaring demand for cybersecurity services as cyberattacks increase in volume and sophistication.
SecurityWeek
Cybrary Raises $25 Million to Tackle Cybersecurity Workforce Training
Cybersecurity training firm Cybrary has secured $25 million in a Series C funding round, and announced that Mandiant CEO Kevin Mandia will join its board of directors.
CyberScoop
Combatting emerging-malware aimed at industrial control systems
New report offers insights on CHERNOVITE and the PIPEDREAM malware that threatens industrial control systems.
Infosecurity News
How Cyber Threat Intelligence Practitioners Should Leverage Automation and AI
The Cyber Threat Intelligence Summit discussed how automation and generative AI could help CTI practitioners tackle the overload of data they have to process
SecurityWeek
Think Like a Criminal: Knowing Popular Attack Techniques to Stop Bad Actors Faster
Analyzing the attack goals of adversaries is important to be able to better align defenses against the speed of changing attack techniques.
The Hacker News
Combined Security Practices Changing the Game for Risk Management
Learn how SecurityHQ's innovative SHQ Response Platform is revolutionizing risk management, with insights from Deodatta Wandhekar.
DarkReading
ThreatConnect Extends Threat Intelligence Platform to Enable Threat Intelligence Operations (TI Ops)
ThreatConnect announced today the release of ThreatConnect Platform v7.0, the industry's first threat intelligence platform designed specifically for TI Ops.
SecurityWeek
MITRE EMB3D Threat Model Officially Released
MITRE announced the public availability of the EMB3D threat model for embedded devices used in critical infrastructure.
Security Affairs
New Matanbuchus Campaign drops Cobalt Strike beacons
Matanbuchus malware-as-a-service (Maas) has been observed spreading through phishing campaigns, dropping Cobalt Strike beacons. Threat intelligence firm Cyble has observed a malware-as-a-service (Maas), named Matanbuchus, involved in malspam attacks dropping Cobalt Strike beacons. Matanbuchus is a malware loader that first appeared on the threat landscape in February 2021, when it was offered for rent on Russian-speaking […]
DarkReading
Security Teams Prep Too Slowly for Cyberattacks
Training and crisis scenarios find that defenders take months, not days, to learn about the latest attack techniques, exposing organizations to risk.
DarkReading
Cybereason Secures $100M in Funding Led by SoftBank Corp.
Cybereason announces additional funding led by Softbank Corp.
Cyber Security News
New File Analysis Add-on with Microsoft 365 Defender Enable Deeper Insights
Microsoft has taken another step towards security which has revolutionized the way security professionals use Microsoft 365 Defender across devices as well as cloud applications.
DataBreaches
HC3: Analyst Note: BlackSuit Ransomware
November 6, 2023 TLP:CLEAR Report: 202311061700 Executive Summary A relatively new ransomware group and strain known as BlackSuit, with significant...
SecurityWeek
MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure
MITRE and partners unveil EMB3D, a new threat model designed for critical infrastructure embedded devices.
SecurityWeek
MITRE and CISA Release Open Source Tool for OT Attack Emulation
MITRE and CISA introduce Caldera for OT, a new extension to help security teams emulate attacks targeting operational technology systems.
Cyber Security News
Ukraine Warns of Massive Cyberattack Targeting Telecommunications
The Computer Emergency Response Team of Ukraine (CERT-UA) warns of massive cyberattacks targeting telecommunication operators. According to the report, CERT-UA received information from a participant in the information exchange on the mass mailing of e-mails among media organizations of Ukraine including radio stations, newspapers, news agencies, etc titled "LIST of links to interactive maps".
Infosecurity News
MITRE Launches Critical Infrastructure Threat Model Framework
MITRE’s EMB3D provides industrial manufacturers with a shared understanding to mitigate cyber threats
Infosecurity News
LockBit Makes $91m From US Victims in Two Years
Allied security agencies reveal figure in new advisory
Trend Micro
Zero Day Threat Protection for Your Network
Explore the world of zero day threats and gain valuable insight into the importance of proactive detection and remediation.
Trend Micro
A Closer Look at ChatGPT's Role in Automated Malware Creation
This blog entry explores the effectiveness of ChatGPT's safety measures, the potential for AI technologies to be misused by criminal actors, and the limitations of current AI models.
Trend Micro
This Week in Security News - December 10, 2021
This week, read about Trend Micro’s predictions for security in the coming year. Also, learn about the Biden administration’s latest initiatives for curtailing attacks on the transport infrastructure.
DarkReading
New Cross-Industry Group Launches Open Cybersecurity Framework
Eighteen companies, led by Amazon and Splunk, announced the OCSF framework to provide a standard way for sharing threat detection telemetry among different monitoring tools and applications.
Bleeping Computer
Microsoft Sentinel adds threat monitoring for GitHub repos
Microsoft says its cloud-native SIEM (Security Information and Event Management) platform now allows to detect potential ransomware activity using the Fusion machine learning model.
Infosecurity News
Credentials Account For Over Half of Cloud Compromises
Google Cloud figures also point to misconfiguration
Infosecurity News
Acronis Launches EDR Solution with Potential for AI Integration
Acronis EDR is integrated into its Cyber Protect Cloud solution along with backup and data recovery functionalities
CSO
Top cybersecurity product news of the week
New product and service announcements from Wiz, Palo Alto Networks, Sophos, SecureAuth, Kasada, Lacework, Noname Security, and more.
DarkReading
ThreatConnect Closes 2022 with Accelerated Growth in Threat Intelligence Operations (TI Ops)
ThreatConnect, maker of leading threat intelligence operations (TI Ops) and risk quantification solutions, announced today the company's accelerated growth through 2022 and market leading position heading into 2023.
Security Affairs
North Korea-linked APT spreads tainted versions of PuTTY via WhatsApp
North Korea-linked threat actor UNC4034 is spreading tainted versions of the PuTTY SSH and Telnet client. In July 2022, Mandiant identified a novel spear phish methodology that was employed by North Korea-linked threat actor UNC4034. The attackers are spreading tainted versions of the PuTTY SSH and Telnet client. The attack chain starts with a fake […]
Cyber Security News
CSA Released Conti Ransomware With Domains in Ransomware Attack
Cyber threat actors that were responsible for over 1000 recorded conti ransomware attacks remain active still. Tricot and Cobalt Strike are the two most significant attack vectors.
Security Affairs
Daixin Team group claimed the hack of North Texas Municipal Water District
The Daixin Team group claims to have hacked the North Texas Municipal Water District (US) and threatened to leak the stolen data.
CSO
Enterprises aren’t betting big on API controls yet, says study
Akamai’s latest study finds organizations are not prepared for API-based attacks as most report scant controls.
Infosecurity News
MITRE Reveals Ivanti Breach By Nation State Actor
Non-profit MITRE says a sophisticated state group breached its network via two chained Ivanti zero-days
Infosecurity News
MITRE and CISA Release OT Attack Emulation Tool
The open source tool will enable cyber teams to consistently test and boost the defenses of ICS environments
Security Affairs
GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image
A malware campaign tracked as GO#WEBBFUSCATOR used an image taken from NASA’s James Webb Space Telescope (JWST) as a lure. Securonix Threat researchers uncovered a persistent Golang-based malware campaign tracked as GO#WEBBFUSCATOR that leveraged the deep field image taken from the James Webb telescope. The phishing emails contain a Microsoft Office attachment that includes an external reference […]
Infosecurity News
Lazarus Group Targeting Microsoft Web Servers to Launch Espionage Malware
Researchers detail the DLL side-loading technique used to deploy malware that facilitates credential theft and lateral movement
Cyber Security News
Top 10 Best Cyber Attack Simulation Tools - 2023
Cyber Attack Simulation Tools: 1. BreachLock 2. Foreseeti 3. Infection Monkey 4. AttackIQ 5. XM Cyber 6. Cymulate 7. Randori 8. CALDERA
CSO
FBI warns Black Basta ransomware impacted over 500 organizations worldwide
CISA advisory includes indicators of compromise and TTPs that can be used for threat hunting.
DarkReading
Threat Actor Names Proliferate, Adding Confusion
Goodbye, Phosphorus! Hello, Mint Sandstorm. Microsoft adopts two-word monikers for threat groups, but do we really need more?
CyberSecurity Dive
Mitre R&D network hit by Ivanti zero-day exploits
Exploits of Ivanti VPN products have hit roughly 1,700 organizations. To Mitre, guidance from the vendor and government fell short.
SecurityWeek
CISA Releases Cybersecurity Guidance for Healthcare, Public Health Organizations
New CISA guidance details cyber threats and risks to healthcare and public health organizations and recommends mitigations.
DarkReading
OPSWAT Presents New Malware Analysis Capabilities for Operational Technology at Black Hat USA 2022
Product enhancements to offer full IT and OT threat intelligence services for OPSWAT customers.
Security Affairs
Threat actors leverages DLL-SideLoading to spread Qakbot malware
Qakbot malware operators are using the Windows Calculator to side-load the malicious payload on target systems. Security expert ProxyLife and Cyble researchers recently uncovered a Qakbot campaign that was leveraging the Windows 7 Calculator app for DLL side-loading attacks. Dynamic-link library (DLL) side-loading is an attack method that takes advantage of how Microsoft Windows applications handle DLL […]
Bleeping Computer
CISA: LockBit ransomware extorted $91 million in 1,700 U.S. attacks
U.S. and international cybersecurity authorities said in a joint LockBit ransomware advisory that the gang successfully extorted roughly $91 million following approximately 1,700 attacks against U.S. organizations since 2020.
Cyber Security News
Hackers Exploiting Critical Citrix NetScaler Zero-day Flaw To Deploy Webshells
Threat actors exploited an unauthenticated, remote code execution vulnerability to drop these webshells on the environment.
SecurityWeek
Critical Infrastructure Organizations Warned of Snatch Ransomware Attacks
FBI and CISA are warning critical infrastructure organizations of ongoing Snatch ransomware attacks, which also involve data exfiltration.
SecurityWeek
MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days
MITRE R&D network hacked in early January by a state-sponsored threat group that exploited an Ivanti zero-day vulnerability.
Bleeping Computer
New Raspberry Robin worm uses Windows Installer to drop malware
Red Canary intelligence analysts have discovered a new Windows malware with worm capabilities that spreads using external USB drives.
The Hacker News
Identity Threat Detection and Response: Rips in Your Identity Fabric
Unlock the power of Identity Threat Detection & Response (ITDR) to defend against sophisticated SaaS threats.
Loading more articles....