Vulnerabilities MITRE Updates List of 25 Most Dangerous Software Vulnerabilities MITRE has released an updated CWE Top 25 Most Dangerous Software Weaknesses list, with cross-site scripting (XSS) at the top. Ionut ArghireNovember 21, 2024
Artificial Intelligence MITRE Announces AI Incident Sharing Project MITRE’s AI Incident Sharing initiative helps organizations receive and hand out data on real-world AI incidents. Ionut ArghireOctober 7, 2024
ICS/OT MITRE Adds Mitigations to EMB3D Threat Model MITRE has expanded the EMB3D Threat Model with essential mitigations to help organizations address threats to embedded devices. Ionut ArghireOctober 2, 2024
Incident Response VMware Abused in Recent MITRE Hack for Persistence, Evasion MITRE has shared information on how China-linked hackers abused VMware for persistence and detection evasion in the recent hack. Eduard KovacsMay 23, 2024
IoT Security MITRE EMB3D Threat Model Officially Released MITRE announced the public availability of the EMB3D threat model for embedded devices used in critical infrastructure. Eduard KovacsMay 14, 2024
Nation-State MITRE Hack: China-Linked Group Breached Systems in December 2023 MITRE has shared more details on the recent hack, including the new malware involved in the attack and a timeline of the attacker’s activities. Eduard KovacsMay 7, 2024
Nation-State MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days MITRE R&D network hacked in early January by a state-sponsored threat group that exploited an Ivanti zero-day vulnerability. Eduard KovacsApril 22, 2024
Vulnerabilities CVE and NVD – A Weak and Fractured Source of Vulnerability Truth MITRE is unable to compile a list of all new vulnerabilities, and NIST is unable to subsequently, and consequently, provide an enriched database of... Kevin TownsendApril 3, 2024
Malware & Threats Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressive A malware tactic dubbed ‘hunter-killer’ is growing, based on an analysis of more than 600,000 malware samples. This may become the standard approach for... Kevin TownsendFebruary 13, 2024
ICS/OT MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure MITRE and partners unveil EMB3D, a new threat model designed for critical infrastructure embedded devices. Eduard KovacsDecember 13, 2023
ICS/OT MITRE and CISA Release Open Source Tool for OT Attack Emulation MITRE and CISA introduce Caldera for OT, a new extension to help security teams emulate attacks targeting operational technology systems. Ionut ArghireSeptember 5, 2023
Application Security MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses Use-after-free and OS command injection vulnerabilities reach the top five most dangerous software weaknesses in the 2023 CWE Top 25 list. Ionut ArghireJune 30, 2023