This free guide helps you avoid the pitfalls. Learn the hidden costs, real-world tradeoffs, and decision framework to confidently answer: build or buy? Includes battle-tested tips from Checkr, Convirza & more. |
|
|
#199: An ATT&CK Review and into the Blogosphere |
|
|
Cheers!
Austin Miller
Editor-in-Chief |
|
|
Reflecting on MITRE ATT&CK |
Making our way through the MITRE ATT&CK's Top Ten most exploited techniques over the last 9 weeks has been fun. We're almost ready to dive into the most exploited T-number, but we thought it'd be good to stop and smell the adversarial roses for a minute first - just make sure you've been paying attention. These T-numbers are on the test, so make sure to go back and check out #10 through #2 in the list below:
- #2: T1059
- #3: T1333
- #4: T1071
- #5: T1562
- #6: T1486
- #7: T1082
- #8: T1547
- #9: T1506
- #10: T1005 We have five copies of Glen Singh's Kali Linux book to give away. Leave a comment in order to win a virtual copy! |
A reflection on this year's events |
|
|
Apple's AirPlay Vulnerabilities Expose Devices to Hijacking Risks: Researchers at cybersecurity firm Oligo have identified 23 significant security flaws in Apple's AirPlay system, collectively dubbed "AirBorne." These vulnerabilities could allow hackers to hijack devices connected to the same Wi-Fi network, affecting both Apple's native AirPlay protocol and third-party implementations. The discovery underscores the need for prompt security updates to protect users relying on AirPlay-compatible gadgets. Oligo's analysis reveals that the vulnerabilities stem from issues in the AirPlay protocol's implementation, allowing for zero-click remote code execution (RCE) attacks. The flaws are particularly concerning due to their wormable nature, enabling potential rapid spread across devices.
U.S. Charges 16 Russians Linked to DanaBot Malware Operation: The U.S. Department of Justice has charged 16 Russian nationals associated with the DanaBot malware operation, a sophisticated tool used globally for cybercrime, espionage, and wartime attacks. DanaBot infected over 300,000 systems and was sold to other hackers via an affiliate model. Notably, it was used in state-linked espionage, including attacks on Ukraine’s defense institutions during the Russian invasion. DanaBot is a modular banking Trojan that has evolved to include functionalities such as credential theft, remote access, and data exfiltration. Its architecture allows for dynamic updates, making it adaptable to various malicious activities. Additional commentary at WeLiveSecurity.
Budget Cuts to U.S. Cybersecurity Agency Raise Concerns Amid Rising Threats: Security experts warn that proposed 17% budget cuts to the Cybersecurity and Infrastructure Security Agency (CISA) could leave the U.S. vulnerable to retaliatory cyberattacks, especially as Chinese cyberattacks surge. The cuts would lead to the dismissal of 130 employees and cancellation of key contracts, compromising national cyberdefense at a time of heightened threat. Analysts express concern that the reduction in CISA's budget and workforce will hinder the agency's ability to coordinate threat intelligence sharing and respond effectively to cyber incidents, particularly those targeting critical infrastructure. See commentary by Dark Reading.
Anthropic Implements Stricter Safeguards for New AI Model Amid Biosecurity Concerns: Anthropic has released Claude Opus 4, its most advanced AI model, under heightened safety measures due to concerns it could assist in bioweapons development. Internal testing indicated that the model significantly outperformed earlier versions in guiding potentially harmful activities. As a result, Anthropic activated its Responsible Scaling Policy, applying stringent safeguards including enhanced cybersecurity and anti-jailbreak measures. The Responsible Scaling Policy includes AI Safety Level 3 (ASL-3) measures, such as prompt classifiers to detect harmful queries, a bounty program for vulnerability detection, and enhanced monitoring to prevent misuse of the AI model. See Anthropic News.
Russian Hackers Target Western Firms Supporting Ukraine, U.S. Intelligence Reports: Hackers affiliated with Russian military intelligence have been targeting Western technology, logistics, and transportation firms involved in aiding Ukraine. The cyber campaign sought to obtain intelligence on military and humanitarian aid shipments, using tactics like spearphishing and exploiting vulnerabilities in small office and home networks. Over 10,000 internet-connected cameras near Ukrainian borders and other key transit points were targeted. The attackers, linked to the group "Fancy Bear," employed advanced persistent threat (APT) techniques, including the exploitation of unsecured IoT devices and spearphishing campaigns, to infiltrate networks and gather intelligence on aid logistics. See the NSA report (PDF).
|
|
|
MITRE ATT&CK - Explained: This comprehensive guide breaks down the MITRE ATT&CK framework, detailing its components such as tactics, techniques, and procedures. It also compares ATT&CK with the Cyber Kill Chain model, highlighting how ATT&CK provides a more flexible approach to understanding adversary behaviors across different platforms.
Understanding the use cases of the MITRE ATT&CK Framework: Tailored for newcomers, this blog offers a step-by-step approach to utilizing the MITRE ATT&CK framework. It emphasizes the benefits of integrating ATT&CK into cybersecurity practices, such as improved threat detection, incident management, and communication among security professionals.
Integrating MITRE ATT&CK with SIEM Tools: This article explores how to integrate the MITRE ATT&CK framework with Security Information and Event Management (SIEM) systems, specifically Microsoft Sentinel. It discusses features like the MITRE ATT&CK Blade, rule creation, and tagging, providing insights into enhancing detection and response capabilities.
Demystifying the MITRE ATT&CK Framework: This blog offers a clear explanation of the MITRE ATT&CK framework, discussing its role in understanding cyber-attack patterns and applying appropriate mitigation strategies. It emphasizes the framework's value in improving an organization's cybersecurity posture and adapting to evolving threats.
|
|
|
Upcoming events for _secpros this year |
Here are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!
DSEI (9th-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.
Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.
Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.
|
|
|
Copyright (C) 2025 Packt Publishing. All rights reserved. Our mailing address is: Packt Publishing, Grosvenor House, 11 St Paul's Square, Birmingham, West Midlands, B3 1RB, United Kingdom
Want to change how you receive these emails? You can update your preferences or unsubscribe. |
|
|
|
