November 20, 2024 at 03:43PM MITRE released its annual list of the top 25 common software weaknesses, highlighting vulnerabilities behind 31,000 disclosures from June 2023 to June 2024. These flaws can be exploited by attackers to gain control over systems or steal data. Organizations are encouraged to prioritize addressing these vulnerabilities in their security strategies. … Read more
October 4, 2024 at 05:17PM MITRE’s Center for Threat-Informed Defense launched the AI Incident Sharing initiative, collaborating with over 15 companies to enhance community knowledge of threats and defenses for AI-enabled systems. The Secure AI project aims to facilitate secure collaboration on AI incidents and has extended the ATLAS threat framework to address generative AI-enabled … Read more
October 2, 2024 at 09:54AM MITRE expanded the EMB3D Threat Model, providing crucial mitigations to combat threats to embedded devices. This update aims to assist organizations in addressing security challenges. The development was featured in SecurityWeek. Based on the meeting notes, it seems that MITRE has enhanced its EMB3D Threat Model by including crucial mitigations … Read more
August 7, 2024 at 06:43AM The Dark Reading team presents live coverage of Black Hat USA 2024 from Mandalay Bay on Aug. 7-8. The event features top cybersecurity experts discussing AI, national cybersecurity strategies, upcoming trends, and more. Join the live stream or watch on YouTube for insights from industry leaders and in-depth coverage of … Read more
May 23, 2024 at 10:17AM MITRE detailed a recent cyberattack where state-sponsored hackers exploited zero-day vulnerabilities to access its NERVE environment. The attackers abused VMware systems for persistence and detection evasion, deploying backdoors and web shells. MITRE identified the threat actor and shared mitigation scripts for other organizations to safeguard their VMware environments. Key takeaways … Read more
May 14, 2024 at 06:54AM MITRE publicly released its EMB3D threat model for embedded devices in critical infrastructure and other sectors. Developed in collaboration with industry partners, the framework aims to improve the security of these devices by mapping threats to their features and properties. It aligns with existing models and will be continuously updated … Read more
April 26, 2024 at 05:44PM MITRE’s CREF Navigator now includes the US Department of Defense’s CMMC, helping DIB engineers strengthen supply chain resilience against cyber attacks. The tool aligns with NIST SP 800-171 and CMMC Level 3, providing a searchable, visualized framework for informed decision-making in cyber solutions. The freely available tool can be customized … Read more
April 26, 2024 at 03:50PM CISO Corner is Dark Reading’s weekly digest for security leaders. This issue covers topics like Cloud Security truths, MITRE ATT&CK’s breach, OWASP’s LLM Top 10, SBOMs’ vulnerability census, cybersecurity pros’ licensure laws, J&J spin-off CISO’s security program, and suggestions for post-SolarWinds SEC disclosures. The articles provide insight and advice for … Read more
April 22, 2024 at 06:21AM MITRE’s R&D network was hacked using zero-day vulnerabilities in an Ivanti product by a foreign state-sponsored threat actor. The attack, identified in January and affecting the NERVE network, prompted MITRE to take the environment offline and investigate. The organization has duly shared attack techniques and mitigation recommendations. Exploitations of the … Read more
April 21, 2024 at 10:04PM MITRE revealed it was the victim of a cyber attack, despite its strong security measures. The Akira ransomware, deployed by Russian-linked groups, is still a threat, exploiting old vulnerabilities in Cisco software. Important security flaws, including sensitive data exposure and credentials theft, were discovered in various critical systems. Cerebral, an … Read more