Well, first I of course think that the "burden of proof" would be on the person that insists that there is a problem. The one saying that this is a #CVE should provide the necessary details to explain "beyond reasonable doubt" that the identified problem is a vulnerability. There are no such details or explanations provided in the existing CVE. There is nothing there that identifies a vulnerability.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #50/2023 is out! It includes the following and much more:
➝ 🔓 🇺🇸 U.S. nuclear research lab #databreach impacts 45,000 people
➝ 🇩🇪 #Toyota Germany Says Customer Data Stolen in #Ransomware Attack
➝ 🔓 🏧 #Bitcoin ATM company Coin Cloud got hacked. Even its new owners don’t know how
➝ 🔓 🇺🇸 Norton #Healthcare discloses data breach after May ransomware attack
➝ 🇷🇺 Russian SVR-Linked #APT29 Targets #JetBrains TeamCity Servers in Ongoing Attacks
➝ 👥 #LockBit ransomware now poaching #BlackCat, NoEscape affiliates
➝ 🇻🇳 💻 #Microsoft seizes domains used to sell fraudulent #Outlook accounts
➝ 🇫🇷 💸 French police arrests Russian suspect linked to #Hive ransomware
➝ 🇨🇳 Chinese APT Volt Typhoon Linked to Unkillable SOHO Router #Botnet
➝ 🇺🇦 🇷🇺 Ukrainian military says it hacked #Russia's federal tax agency
➝ 🇨🇳 🚪 Researchers Unmask Sandman APT's Hidden Link to China-Based #KEYPLUG Backdoor
➝ 🇺🇦 📡 #Ukraine’s largest mobile communications provider down after apparent #cyberattack
➝ 🇪🇸 Kelvin Security hacking group leader arrested in #Spain
➝ 🔻 👮🏻♂️ #ALPHV ransomware site outage rumored to be caused by law enforcement
➝ 📹 🕵🏻♂️ #UniFi devices broadcasted private video to other users’ accounts
➝ 🇷🇺 🇪🇺 Russian Diplomat Expelled Amid EU Spy Purge Is Now An OSCE Election Observer In Serbia
➝ 🇺🇸 Harry Coker confirmed to be the next National Cyber Director
➝ 🇪🇸 🇺🇸 Spain expels two US spies for infiltrating secret service
➝ 📝 #MITRE Unveils EMB3D Threat Model for Embedded Devices Used in Critical Infrastructure
➝ 🩹 #ICS Patch Tuesday: Electromagnetic Fault Injection, Critical Redis Vulnerability
➝ 🦠 🇵🇸 New Pierogi++ #Malware by #Gaza Cyber Gang Targeting Palestinian Entities
➝ 🦠 🇮🇷 Iranian State-Sponsored #OilRig Group Deploys 3 New Malware Downloaders
➝ 🦠 🇩🇪 New MrAnon Stealer Malware Targeting German Users via Booking-Themed #Scam
➝ 🍪 #Google's New Tracking Protection in Chrome Blocks Third-Party #Cookies
➝ 🐛 👨🏻💻 #Zoom Unveils Open Source Vulnerability Impact Scoring System
➝ 🩹 🧱 #Sophos backports RCE fix after attacks on unsupported #firewalls
➝ 🔓 🧱 Over 1,450 #pfSense servers exposed to RCE attacks via bug chain
➝ 🩹 🍏 #Apple Ships iOS 17.2 With Urgent Security #Patches
➝ 🐛 Over 30% of #Log4J apps use a vulnerable version of the library
📚 This week's recommended reading is: "Black Hat Python, 2nd Edition: Python Programming for Hackers and Pentesters (2nd Edition)" by Justin Seitz and Tim Arnold
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
MITRE just published the Sensor Mappings to ATT&CK Project (SMAP). SMAP builds on MITRE ATT&CK Data Sources by connecting the conceptual data source representations of information that can be collected to concrete logs, sensors, and other security capabilities that provide that type of data. #MITRE#ThreatIntel#BlueTeam
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #44/2023 is out! It includes the following and much more:
➝ 🔓 #Okta hit by another #breach, this one stealing employee data from 3rd-party vendor
➝ 🔓 💸 #LastPass breach linked to theft of $4.4 million in crypto
➝ 🇮🇳 #India's Biggest Data Leak So Far? Covid-19 Test Info of 81.5Cr Citizens With ICMR Up for Sale
➝ 🔓 ✈️ #Lockbit ransomware group claims to have hacked #Boeing
➝ 🇳🇱 ⚖️ Dutch hacker jailed for extortion, selling stolen data on RaidForums
➝ 🇷🇺 🇺🇸 Russian Reshipping Service ‘SWAT USA Drop’ Exposed
➝ 🇮🇷 🦠 Iranian Cyber Spies Use ‘#LionTail’ Malware in Latest Attacks
➝ 📉 Security researchers observed ‘deliberate’ takedown of notorious #Mozi#botnet
➝ 🇮🇳 📱 Apple warns Indian opposition leaders of state-sponsored #iPhone attacks
➝ 🌍 Four dozen countries declare they won’t pay #ransomware ransoms
➝ 🇷🇺 How #Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate #Cybercrime
➝ 🇪🇺 EU digital ID reforms should be ‘actively resisted’, say experts
➝ 🇷🇺 🇺🇦 #FSB arrests Russian hackers working for Ukrainian cyber forces
➝ 🇺🇸 FTC orders non-bank financial firms to report breaches in 30 days
➝ 🇨🇦 📱 #Canada Bans #WeChat and #Kaspersky Apps On Government Devices
➝ 🇺🇸 #SEC Charges #SolarWinds and Its #CISO With Fraud and Cybersecurity Failures
➝ 🇺🇸 🤖 #Biden Wants to Move Fast on AI Safeguards and Will Sign an Executive Order to Address His Concerns
➝ 🦠 📱 #Avast confirms it tagged Google app as #malware on Android phones
➝ 🦠 🇰🇵 North Korean Hackers Targeting Crypto Experts with #KANDYKORN#macOS Malware
➝ 👥 💸 EleKtra-Leak #Cryptojacking Attacks Exploit #AWS IAM Credentials Exposed on #GitHub
➝ 🦠 🐍 Trojanized #PyCharm Software Version Delivered via #Google Search Ads
➝ ✅ 🤖 #GooglePlay adds security audit badges for Android #VPN apps
➝ 🔐 Microsoft pledges to bolster security as part of ‘Secure Future’ initiative
➝ 🆕 FIRST Releases #CVSS 4.0 Vuln Scoring Standard
➝ 🆕 #MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile
➝ ⛔️ 🦠 #Samsung Galaxy gets new Auto Blocker anti-malware feature
➝ 🍏 🔐 #Apple Improves #iMessage Security With Contact Key Verification
➝ 🔓 Researchers Find 34 #Windows Drivers Vulnerable to Full Device Takeover
➝ 🔓 🪶 3,000 #Apache#ActiveMQ servers vulnerable to RCE attacks exposed online
➝ 🗣️ #Atlassian CISO Urges Quick Action to Protect #Confluence Instances From Critical #Vulnerability
➝ 🔓 🩸 “This vulnerability is now under mass exploitation.” #CitrixBleed bug bites hard
➝ 🐛 💰 HackerOne paid ethical hackers over $300 million in #bugbounties
📚 This week's recommended reading is: "Permanent Record" by Edward Snowden
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
If anyone on the #MITRE#CVE program can be reached: the cveform.mitre.org is no longer accessible to blind or visually impaired users, the CAPTCHA is visual only, and there's no audio or other option. Isn't that an ADA violation?
MITRE ATT&CK is a great resource but the groups page (intrusion sets, threat actor groups, Advanced Persistent Threats) is outdated. For example, none of the new Microsoft threat actor naming taxonomy are included (yet). If we contribute a little bit each day (even 5 minutes worth of research), we could make it a one-stop resource. Link:https://attack.mitre.org/resources/contribute/
Have a look at this email I got. Obviously #phishing right? The blurred out parts are weird identifiers. I've never heard of "questionmark.com" and don't have an account with them.
But what if I visit that site. LOL I really wish #MITREEngenuity was here on mastodon (they still hang out on Twixxer)
Because this is relaced to placeholder@mitre-engenuity.org. And I do recognize them. #MITRE
This appears to be their assessment provider sending out odd request for people who don't even know they have accounts to update them with weird identifiers. LOL I wouldn't hold it against your MITRE.
A screenshot of the page the supposed #phishing screenshot lead to. This is legitmate probably and belongs to MIRE Engenuity's assessment platform.
@shellsharks So my team has been thinking of a few ways of mapping controls to TTPs. Best route for now seems to take our Single Process Inventory (SPI) and find correlating controls in place.
Then using MITRE D3FEND, take ATT&CK techniques in our reporting and map to D3FEND techniques that make logical sense for us to implement. Ex. T1134 - Access Token Manipulation has some D3FEND techniques like System Call Analysis, Process Spawn Analysis, Mandatory Access Control. https://d3fend.mitre.org/offensive-technique/attack/T1134/
NIST 800-53 Rev. 5 also includes a spreadsheet for mapping controls to TTPs although it's kept very vague. They do include a Navigator layer which can be useful to overlay with whatever ATT&CK techniques you're focused on.
@abraxas3d@ruchowdh@scipy2023@SciPyConf@osi thanks, I am familiar with some of the work from #MITRE from my day job but would be curious to know more about what @osi is doing in this space
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #26/2023 is out! It includes, but not only:
➝ 🦠 🇺🇸 Schools say US teachers’ retirement fund was breached by #MOVEit hackers
➝ 🇨🇳 🇺🇸 Chinese spy #balloon did not collect information over US, #Pentagon says
➝ 🇨🇳 🦠 #TSMC Says Supplier Hacked After #Ransomware Group Claims Attack on Chip Giant
➝ 🇷🇺 Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks
➝ 🇷🇺 🛰️ Hackers attack Russian #satellite telecom provider, claim affiliation with #WagnerGroup
➝ 🇬🇧 ⚕️ More than a million #NHS patients’ details compromised after cyber attack
➝ 📊 🐛 #MITRE releases new list of top 25 most dangerous software #bugs
➝ 🇷🇺 Pro-Russia DDoSia hacktivist project sees 2,400% membership increase
➝ 💻 🛡️ #Brave Browser boosts privacy with new local resources restrictions
➝ 🦠 🏦 Anatsa Banking #Trojan Targeting Users in US, UK, Germany, Austria, and Switzerland
➝ 🇺🇸 💵 White House releases cybersecurity budget priorities for FY 2025
➝ 🇺🇸 🇧🇷 8Base Ransomware Spikes in Activity, Threatens U.S. and Brazilian Businesses
➝ 🇬🇧 🔐 #Apple speaks out against bill that could mandate #CSAM scanning in iMessage
➝ 🇵🇭 2,700 People Tricked Into Working for Cybercrime Syndicates Rescued in #philippines
➝ 🇩🇪 ⚡️ #Siemens Energy confirms data breach after MOVEit data-theft attack
➝ 🕵🏻♂️ 📱 #LetMeSpy, a phone tracking app spying on thousands, says it was hacked
➝ 🦠 💰 Prominent #cryptocurrency exchange infected with previously unseen Mac #malware
➝ 🤖 📝 #LLMs and #IncidentResponse? It Starts with Summarization
➝ 🇺🇸 👨🏻🎓Hackers steal data of 45,000 New York City students in MOVEit breach
➝ 🇨🇦 ⛽️ Suncor Energy cyberattack impacts Petro-Canada gas stations
➝ 🦠 🕹️ Trojanized Super Mario Game Installer Spreads SupremeBot Malware
➝ 🇩🇪 💾 SSD missing from #SAP datacenter turns up on #eBay, sparking security investigation