MITRE Updates List of 25 Most Dangerous Software Vulnerabilities

November 21, 2024 at 08:45AM MITRE has updated its CWE Top 25 Most Dangerous Software Weaknesses list, highlighting cross-site scripting (XSS) as the most critical vulnerability. The announcement was featured in a post on SecurityWeek. **Meeting Notes Takeaways:** 1. **Update Release:** MITRE has published an updated list of the CWE Top 25 Most Dangerous Software … Read more

MITRE shares 2024’s top 25 most dangerous software weaknesses

November 20, 2024 at 03:43PM MITRE released its annual list of the top 25 common software weaknesses, highlighting vulnerabilities behind 31,000 disclosures from June 2023 to June 2024. These flaws can be exploited by attackers to gain control over systems or steal data. Organizations are encouraged to prioritize addressing these vulnerabilities in their security strategies. … Read more

MITRE Launches AI Incident Sharing Initiative

October 4, 2024 at 05:17PM MITRE’s Center for Threat-Informed Defense launched the AI Incident Sharing initiative, collaborating with over 15 companies to enhance community knowledge of threats and defenses for AI-enabled systems. The Secure AI project aims to facilitate secure collaboration on AI incidents and has extended the ATLAS threat framework to address generative AI-enabled … Read more

MITRE Adds Mitigations to EMB3D Threat Model

October 2, 2024 at 09:54AM MITRE expanded the EMB3D Threat Model, providing crucial mitigations to combat threats to embedded devices. This update aims to assist organizations in addressing security challenges. The development was featured in SecurityWeek. Based on the meeting notes, it seems that MITRE has enhanced its EMB3D Threat Model by including crucial mitigations … Read more

Dark Reading News Desk Live From Black Hat USA 2024

August 7, 2024 at 06:43AM The Dark Reading team presents live coverage of Black Hat USA 2024 from Mandalay Bay on Aug. 7-8. The event features top cybersecurity experts discussing AI, national cybersecurity strategies, upcoming trends, and more. Join the live stream or watch on YouTube for insights from industry leaders and in-depth coverage of … Read more

VMware Abused in Recent MITRE Hack for Persistence, Evasion

May 23, 2024 at 10:17AM MITRE detailed a recent cyberattack where state-sponsored hackers exploited zero-day vulnerabilities to access its NERVE environment. The attackers abused VMware systems for persistence and detection evasion, deploying backdoors and web shells. MITRE identified the threat actor and shared mitigation scripts for other organizations to safeguard their VMware environments. Key takeaways … Read more

MITRE EMB3D Threat Model Officially Released

May 14, 2024 at 06:54AM MITRE publicly released its EMB3D threat model for embedded devices in critical infrastructure and other sectors. Developed in collaboration with industry partners, the framework aims to improve the security of these devices by mapping threats to their features and properties. It aligns with existing models and will be continuously updated … Read more

MITRE’s Cyber Resiliency Engineering Framework Aligns With DoD Cyber Maturity Model Cert

April 26, 2024 at 05:44PM MITRE’s CREF Navigator now includes the US Department of Defense’s CMMC, helping DIB engineers strengthen supply chain resilience against cyber attacks. The tool aligns with NIST SP 800-171 and CMMC Level 3, providing a searchable, visualized framework for informed decision-making in cyber solutions. The freely available tool can be customized … Read more

CISO Corner: Evil SBOMs; Zero-Trust Pioneer Slams Cloud Security; MITRE’s Ivanti Issue

April 26, 2024 at 03:50PM CISO Corner is Dark Reading’s weekly digest for security leaders. This issue covers topics like Cloud Security truths, MITRE ATT&CK’s breach, OWASP’s LLM Top 10, SBOMs’ vulnerability census, cybersecurity pros’ licensure laws, J&J spin-off CISO’s security program, and suggestions for post-SolarWinds SEC disclosures. The articles provide insight and advice for … Read more

MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days

April 22, 2024 at 06:21AM MITRE’s R&D network was hacked using zero-day vulnerabilities in an Ivanti product by a foreign state-sponsored threat actor. The attack, identified in January and affecting the NERVE network, prompted MITRE to take the environment offline and investigate. The organization has duly shared attack techniques and mitigation recommendations. Exploitations of the … Read more