Updates to Techniques, Groups, and Software for Enterprise, Mobile, and ICS are included in the October 2022 (v12) ATT&CK release. The addition of detections to ATT&CK for ICS and the inclusion of Campaigns are the two biggest updates in ATT&CK v12. The ATT&CK for ICS detections are tied to particular Data Sources and Data Components,… Continue reading ATT&CK v12 is now accessible! Revisions – October 2022
Month: October 2022
Google Announcing GUAC, a great pairing with SLSA (and SBOM)!
The industry is collectively aware of the importance of supply chain security. Recent events include a sharp increase in software supply chain attacks, a catastrophic severity and breadth Log4j vulnerability, and even an Executive Order on Cybersecurity.In light of this, Google is looking for contributors to the GUAC open source project (pronounced like the dip).… Continue reading Google Announcing GUAC, a great pairing with SLSA (and SBOM)!
Canarytokens. org – Rapid, Free, Mass Detection
IntroductionWeb bugs, the transparent images that monitor email opening, are probably already familiar to you. They operate by inserting a special URL in the image tag of a page and keeping an eye on incoming GET requests. Imagine doing that instead for file reads, database searches, process executions, log file patterns, Bitcoin transactions, or even… Continue reading Canarytokens. org – Rapid, Free, Mass Detection
Micro Emulation Plans by MITRE-Engenuity
We enjoy imitating the opposition. In fact, it’s so important that they’ve written, spoken, trained on it, and are still developing and disseminating more emulation plans (including one of the first public Adversary Emulation Plans). However, many organisations are unable to overcome the entry barrier due to the expense and complexity involved in developing or even carrying out the majority of adversary emulation plans. The Center for Threat-Informed Defense (Center) collaborated with AttackIQ, Inc., Booz Allen Hamilton, Inc., Citigroup Technology, Inc., Ernst & Young U.S. LLP, Fujitsu, HCA — Information Technology & Services, Inc., IBM Corporation, Microsoft Corporation, and Verizon Business Services to create Micro Emulation Plans in an effort to make adversary emulation accessible to a wider audience. By using simple to use executable binaries that any user can use, these emulation plans re-imagine adversary emulation to focus on very specific threat-informed defensive objectives. Currently Used Adversary EmulationThe four general steps that make up an operation when it comes to adversary emulation today are cyber threat intelligence (CTI) research,… Continue reading Micro Emulation Plans by MITRE-Engenuity
Critical Fortinet auth bypass bug has an exploit available; apply the patch now
A critical authentication bypass flaw affecting Fortinet’s FortiOS, FortiProxy, and FortiSwitchManager appliances now has proof-of-concept exploit code available. Attackers can get around the authentication process on the administrative interface of FortiGate firewalls, FortiProxy web proxies, and FortiSwitch Manager (FSWM) on-premise management instances thanks to this security flaw (CVE-2022-40684). Last Thursday, Fortinet released security updates to… Continue reading Critical Fortinet auth bypass bug has an exploit available; apply the patch now
Organizations in Poland and Ukraine are affected by the new “Prestige” ransomware.
The Microsoft Threat Intelligence Center (MSTIC) has found evidence of a novel ransomware campaign using a hitherto unidentified ransomware payload that targets businesses in the logistics and transportation sectors in Poland and Ukraine. On October 11, we saw the introduction of this new ransomware, which refers to itself in its ransom note as “Prestige ransomware,”… Continue reading Organizations in Poland and Ukraine are affected by the new “Prestige” ransomware.
Cloud Web Application and API Protection Magic Quadrant
The market for protecting cloud web applications and APIs is expanding quickly. You can use this Magic Quadrant to find cloud WAAP providers that provide simple controls and specialised defences against sophisticated bots and changing API attacks.Planning assumptions for the futureCloud web application and API protection platform (WAAP) services over WAAP appliances and IaaS-native WAAP… Continue reading Cloud Web Application and API Protection Magic Quadrant
Serverless Top security best practices
Describe serverless.A cloud execution model is serverless computing. It enables users and developers to create and use applications and services without having to worry about servers. Applications are created more quickly, launched only when necessary, and infrastructure management is no longer necessary. Servers do still exist in serverless, but they are removed from the process… Continue reading Serverless Top security best practices
Voice of the Customer: Web Application and API Protection, Gartner Peer Insights
What is API and Web Application Protection?Web application and API protection (WAAP), according to Gartner, is the evolution of the web application firewall (WAF) market, which now includes four core features in addition to WAF: distributed denial of service (DDoS) defence, bot management, and API defence. Beginning with cloud-delivered WAF services that were simpler to… Continue reading Voice of the Customer: Web Application and API Protection, Gartner Peer Insights
MITRE ATT&CK® Released Updates in Apr 2022 With Additional Techniques and Structuring
The Techniques, Groups, and Software for Enterprise, Mobile, and ICS are updated in the April 2022 (v11) ATT&CK release. The most significant modifications are the reorganisation of Detections, which are now connected to Data Source and Data Component objects in Enterprise ATT&CK, the beta release of ATT&CK for Mobile using sub-techniques, and the addition of… Continue reading MITRE ATT&CK® Released Updates in Apr 2022 With Additional Techniques and Structuring