Podcasts about mitre att

Security leaders from Anthropic and AWS discuss how agentic AI is transforming cybersecurity functions to autonomously handle everything from code reviews to SOC operations.Topics Include:Agentic AI differs from traditional AI through autonomy and agencyTraditional AI handles single workflow nodes, agents collapse multiple stepsHigher model intelligence enables understanding of broader business contextsAgents make intelligent decisions across complex multi-step workflows processesEnterprise security operations are seeing workflow consolidation through GenAIOrganizations embedding GenAI directly into customer-facing production applicationsSoftware-as-a-service transitioning to service-as-software through AI agentsSecuring AI requires guardrails to prevent hallucinations in applicationsNew vulnerabilities appear at interaction points between system componentsAttackers target RAG systems and identity/authorization layers insteadLLMs hallucinate non-existent packages, attackers create malicious honeypotsGovernance frameworks must be machine-readable for autonomous agent reasoningAmazon investing in automated reasoning to prove software correctnessAnthropic uses Claude to write over 50% of codeAutomated code review systems integrated into CI/CD pipelinesSecurity design reviews use MITRE ATT&CK framework automationLow-risk assessments enable developers to self-approve security reviews40% reduction in application security team review workloadAnthropic eliminated SOC, replaced entirely with Claude-based automationIT support roles transitioning to engineering as automation replaces frontlineCompliance questionnaires fully automated using agentic AI workflowsISO 42001 framework manages AI deployment risks alongside securityExecutive risk councils evaluate AI risks using traditional enterprise processesAWS embeds GenAI into testing, detection, and user experienceFinding summarization helps L1 analysts understand complex AWS environmentsAmazon encourages teams to "live in the future" with AIInterview candidates expected to demonstrate Claude usage during interviewsSecurity remains biggest barrier to enterprise AI adoption beyond POCsVirtual employees predicted to arrive within next 12 monthsModel Context Protocol (MCP) creates new supply chain security risksParticipants:Jason Clinton – Chief Information Security Officer, AnthropicGee Rittenhouse – Vice President, Security Services, AWSHart Rossman – Vice President, Global Services Security, AWSBrian Shadpour – GM of Security and B2B Software Sales, AWSSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

In this episode of VikingCloud's CyberIntel, Brian Odian discusses the MITRE ATT&CK Framework.

Clue by Clue: Can You Name the Threat Actor? Out of the Woods: The Threat Hunting Podcast returns with a special edition live episode built to sharpen how threat hunters think about adversary behavior. Our hosts will walk through a real-world threat actor's activity one phase at a time, revealing tradecraft clues as the investigation unfolds. Listeners will have the chance to analyze the behavior and submit their best guess before the final reveal. This live, interactive session is grounded in real tradecraft and practical threat hunting techniques. You'll see how MITRE ATT&CK techniques map to observed activity, how vertical-specific targeting shapes decisions, and how behavioral patterns can point to attribution faster. What We'll Cover: Real adversary behavior – A phase-by-phase walkthrough of a known threat actor's campaign MITRE ATT&CK in context – How techniques are applied in real incidents Recognizing tradecraft patterns – What links certain behaviors across threat actors Sector-specific targeting – How industry focus shapes attacker decisions Interactive analysis – Submit your guess before the threat actor is revealed live Engage with the Community! Join our Discord server during the episode to follow the clues, connect with other hunters, and share your thoughts in real time. Don't miss this chance to train your instincts and challenge your threat hunting perspective. Join the discussion here: https://discord.gg/DR4mcW4zBr ---- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

⬥GUEST⬥Allie Mellen, Principal Analyst,  Forrester | On LinkedIn: https://www.linkedin.com/in/hackerxbella/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On ITSPmagazine: https://www.itspmagazine.com/sean-martin⬥EPISODE NOTES⬥In this episode, Allie Mellen, Principal Analyst on the Security and Risk Team at Forrester, joins Sean Martin to discuss the latest results from the MITRE ATT&CK Ingenuity Evaluations and what they reveal about detection and response technologies.The Role of MITRE ATT&CK EvaluationsMITRE ATT&CK is a widely adopted framework that maps out the tactics, techniques, and procedures (TTPs) used by threat actors. Security vendors use it to improve detection capabilities, and organizations rely on it to assess their security posture. The MITRE Ingenuity Evaluations test how different security tools detect and respond to simulated attacks, helping organizations understand their strengths and gaps.Mellen emphasizes that MITRE's evaluations do not assign scores or rank vendors, which allows security leaders to focus on analyzing performance rather than chasing a “winner.” Instead, organizations must assess raw data to determine how well a tool aligns with their needs.Alert Volume and the Cost of Security DataOne key insight from this year's evaluation is the significant variation in alert volume among vendors. Some solutions generate thousands of alerts for a single attack scenario, while others consolidate related activity into just a handful of actionable incidents. Mellen notes that excessive alerting contributes to analyst burnout and operational inefficiencies, making alert volume a critical metric to assess.Forrester's analysis includes a cost calculator that estimates the financial impact of alert ingestion into a SIEM. The results highlight how certain vendors create a massive data burden, leading to increased costs for organizations trying to balance security effectiveness with budget constraints.The Shift Toward Detection and Response EngineeringMellen stresses the importance of detection engineering, where security teams take a structured approach to developing and maintaining high-quality detection rules. Instead of passively consuming vendor-generated alerts, teams must actively refine and tune detections to align with real threats while minimizing noise.Detection and response should also be tightly integrated. Forrester's research advocates linking every detection to a corresponding response playbook. By automating these processes through security orchestration, automation, and response (SOAR) solutions, teams can accelerate investigations and reduce manual workloads.Vendor Claims and the Reality of Security ToolsWhile many vendors promote their performance in the MITRE ATT&CK Evaluations, Mellen cautions against taking marketing claims at face value. Organizations should review MITRE's raw evaluation data, including screenshots and alert details, to get an unbiased view of how a tool operates in practice.For security leaders, these evaluations offer an opportunity to reassess their detection strategy, optimize alert management, and ensure their investments in security tools align with operational needs.For a deeper dive into these insights, including discussions on AI-driven correlation, alert fatigue, and security team efficiency, listen to the full episode.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/hackerxbella_go-beyond-the-mitre-attck-evaluation-to-activity-7295460112935075845-N8GW/Blog | Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes: https://www.forrester.com/blogs/go-beyond-the-mitre-attck-evaluation-to-the-true-cost-of-alert-volumes/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

⬥GUEST⬥Allie Mellen, Principal Analyst,  Forrester | On LinkedIn: https://www.linkedin.com/in/hackerxbella/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On ITSPmagazine: https://www.itspmagazine.com/sean-martin⬥EPISODE NOTES⬥In this episode, Allie Mellen, Principal Analyst on the Security and Risk Team at Forrester, joins Sean Martin to discuss the latest results from the MITRE ATT&CK Ingenuity Evaluations and what they reveal about detection and response technologies.The Role of MITRE ATT&CK EvaluationsMITRE ATT&CK is a widely adopted framework that maps out the tactics, techniques, and procedures (TTPs) used by threat actors. Security vendors use it to improve detection capabilities, and organizations rely on it to assess their security posture. The MITRE Ingenuity Evaluations test how different security tools detect and respond to simulated attacks, helping organizations understand their strengths and gaps.Mellen emphasizes that MITRE's evaluations do not assign scores or rank vendors, which allows security leaders to focus on analyzing performance rather than chasing a “winner.” Instead, organizations must assess raw data to determine how well a tool aligns with their needs.Alert Volume and the Cost of Security DataOne key insight from this year's evaluation is the significant variation in alert volume among vendors. Some solutions generate thousands of alerts for a single attack scenario, while others consolidate related activity into just a handful of actionable incidents. Mellen notes that excessive alerting contributes to analyst burnout and operational inefficiencies, making alert volume a critical metric to assess.Forrester's analysis includes a cost calculator that estimates the financial impact of alert ingestion into a SIEM. The results highlight how certain vendors create a massive data burden, leading to increased costs for organizations trying to balance security effectiveness with budget constraints.The Shift Toward Detection and Response EngineeringMellen stresses the importance of detection engineering, where security teams take a structured approach to developing and maintaining high-quality detection rules. Instead of passively consuming vendor-generated alerts, teams must actively refine and tune detections to align with real threats while minimizing noise.Detection and response should also be tightly integrated. Forrester's research advocates linking every detection to a corresponding response playbook. By automating these processes through security orchestration, automation, and response (SOAR) solutions, teams can accelerate investigations and reduce manual workloads.Vendor Claims and the Reality of Security ToolsWhile many vendors promote their performance in the MITRE ATT&CK Evaluations, Mellen cautions against taking marketing claims at face value. Organizations should review MITRE's raw evaluation data, including screenshots and alert details, to get an unbiased view of how a tool operates in practice.For security leaders, these evaluations offer an opportunity to reassess their detection strategy, optimize alert management, and ensure their investments in security tools align with operational needs.For a deeper dive into these insights, including discussions on AI-driven correlation, alert fatigue, and security team efficiency, listen to the full episode.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/hackerxbella_go-beyond-the-mitre-attck-evaluation-to-activity-7295460112935075845-N8GW/Blog | Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes: https://www.forrester.com/blogs/go-beyond-the-mitre-attck-evaluation-to-the-true-cost-of-alert-volumes/⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast: 

Enjoying the content? Let us know your feedback!In this episode, we'll be exploring a particularly intriguing file types: polyglot files. These digital shapeshifters have become a powerful tool in the arsenal of cyber attackers, capable of bypassing security measures, confusing systems, and delivering malicious payloads in ways that are both creative and devastating.Over the next  20 to 30 minutes or so, we'll break down what polyglot files are, how they work, and why they're so dangerous. We'll also examine some real-world examples where polyglot files were used in cyberattacks. We will reference the MITRE ATT&CK framework to understand how these techniques fit into the broader landscape of adversarial tactics. Finally, we'll discuss mitigation strategies and close with a cybersecurity myth that needs bustingBefore we dive into the main topic, lets glance what is happening on the security front:UEFI Secure Boot bypass vulnerability- https://en.wikipedia.org: Polyglot- https://attack.mitre.org: Masquerading- https://arxiv.org: Where the Polyglots Are: How Polyglot Files Enable Cyber Attack Chains and Methods for Detection & Disarmament- https://medium.com: Polyglot Files A Hackers Best Friend- https://www.bleepingcomputer.com: New polyglot malware hits aviation, satellite communication firmsBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Enjoying the content? Let us know your feedback!In today's episode, we're diving deep into Data Exfiltration; one of the most serious threats facing organizations today.We'll break down exactly what data exfiltration is, where it fits in the MITRE ATT&CK framework, the tools and techniques attackers use, and, most importantly, how organizations can defend themselves. We'll also cover real-world examples, including publicly known cases that had major consequences.So, whether you're a seasoned security professional or just starting out in the field, stick around as we unravel the methods attackers use and how to stop them.First lets look at one of the trending security news this week, and that is:News: Caldera Vulnerability- https://github.com/mitre/caldera: Security Notice- https://nvd.nist.gov: CVE-2025-27364- https://medium.com: MITRE Caldera Security Advisory — Remote Code Execution (CVE-2025–27364)- https://www.mitre.org: CalderaBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

In this episode of the PowerShell Podcast, we sit down with Miriam Wiesner, a Senior Security Research Program Manager at Microsoft, to dive into the fascinating world of security and identity hygiene. Miriam shares her expertise on the GraphAPI and the critical importance of maintaining proper identity hygiene in today's digital landscape. We explore the day-to-day life of a security researcher and discuss how tools like script block logging can provide invaluable insights. Miriam also highlights the power of Kusto for analyzing data and solving complex challenges in the security space. In addition to technical insights, Miriam opens up about the challenges of maintaining a healthy work-life balance, offering a candid look at the human side of working in a demanding and impactful field. Guest Bio and links: Miriam C. Wiesner is a Sr. Security Research Program Manager at Microsoft with over 15 years of experience in IT and IT Security. She has held various positions, including Administrator/System Engineer, Software Developer, Premier Field Engineer, Program Manager, and Security Consultant and Pentester. She is also a renowned creator of open-source tools based in PowerShell, including EventList and JEAnalyzer. She was invited multiple times to present her research behind her tools at many international conferences like Black Hat (USA, Europe & Asia), PSConf EU, MITRE ATT&CK workshop, and more. Miriam is the author of the book "PowerShell Automation and Scripting for CyberSecurity: Hacking and Defense for Red and Blue Teamers." Outside of work, Miriam is a dedicated wife and mother, residing with her family near Nuremberg, Germany. Previous episode with Miriam - https://www.youtube.com/watch?v=0Csw8YYGyCg&pp=ygUObWlyaWFtIHdpZXNuZXI%3D Practical PowerShell Empowerment For Protectors - https://www.youtube.com/watch?v=JgqbR-7O7TI&pp=ygUObWlyaWFtIHdpZXNuZXI%3D Echoes of Intrusion: Demystifying commonly used MS Graph API Attacks - https://www.youtube.com/watch?v=YDK5xYx1rKg&t=677s&pp=ygUObWlyaWFtIHdpZXNuZXI%3D PowerShell ❤️ the Blue Team - https://devblogs.microsoft.com/powershell/powershell-the-blue-team/ https://techcommunity.microsoft.com/blog/microsoftsentinelblog/the-power-of-data-collection-rules-detect-disabling-windows-defender-real-time-p/4236540 PowerShell Podcast Home page: https://www.pdq.com/resources/the-powershell-podcast/ Listen to the PowerShell Podcast: https://powershellpodcast.podbean.com/    

Something new for this episode, AI generated content! This is part one of a two part test with the incorporation of AI generated content. In this episode I used Google NotebookLM to generated the Ai conversation you'll hear, after my normal intro. I am really interested in your feedback on what you think, good or bad. Watch out for part two, coming soon. Brought to you by www.ciaopspatron.com   Resources @directorcia Join my shared channel CIAOPS merch store Become a CIAOPS Patron CIAOPS Blog CIAOPS Brief CIAOPSLabs Support CIAOPS Your Workday Reimagined: Using Microsoft 365 Copilot in IT – https://www.youtube.com/watch?v=-jV67ObIiS4  Strategy to Execution: Operationalizing Microsoft Defender CSPM – https://techcommunity.microsoft.com/blog/microsoftdefendercloudblog/strategy-to-execution-operationalizing-microsoft-defender-cspm/4357354  Unplug this holiday season with these Microsoft 365 features – https://techcommunity.microsoft.com/blog/Microsoft365InsiderBlog/unplug-this-holiday-season-with-these-microsoft-365-features/4355248?  New Microsoft Purview features help protect and govern your data in the era of AI – https://www.microsoft.com/en-us/security/blog/2024/12/10/new-microsoft-purview-features-help-protect-and-govern-your-data-in-the-era-of-ai/  Convincing a billion users to love passkeys: UX design insights from Microsoft to boost adoption and security – https://www.microsoft.com/en-us/security/blog/2024/12/12/convincing-a-billion-users-to-love-passkeys-ux-design-insights-from-microsoft-to-boost-adoption-and-security/  Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine – https://www.microsoft.com/en-us/security/blog/2024/12/11/frequent-freeloader-part-ii-russian-actor-secret-blizzard-using-tools-of-other-groups-to-attack-ukraine/  Microsoft Defender XDR demonstrates 100% detection coverage across all cyberattack stages in the 2024 MITRE ATT&CK® Evaluations: Enterprise – https://www.microsoft.com/en-us/security/blog/2024/12/11/microsoft-defender-xdr-demonstrates-100-detection-coverage-across-all-cyberattack-stages-in-the-2024-mitre-attck-evaluations-enterprise/  Take control during screen sharing in Teams for the web – https://techcommunity.microsoft.com/blog/Microsoft365InsiderBlog/take-control-during-screen-sharing-in-teams-for-the-web/4354595  What's new in Microsoft Entra – November 2024 – https://www.youtube.com/watch?v=NESTW0B1nAQ  Explore our latest Microsoft Security training on Microsoft Learn – https://techcommunity.microsoft.com/blog/microsoftsecurityandcompliance/explore-our-latest-microsoft-security-training-on-microsoft-learn/4351939  Boost productivity with Copilot in OneDrive – https://www.youtube.com/watch?v=c7wEqbKDQMg  Explore new Microsoft Entra capabilities at Gartner Identity & Access Management Summit 2024 – https://www.microsoft.com/en-us/security/blog/2024/12/04/explore-new-microsoft-entra-capabilities-at-gartner-identity-access-management-summit-2024/  Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage – https://www.microsoft.com/en-us/security/blog/2024/12/04/frequent-freeloader-part-i-secret-blizzard-compromising-storm-0156-infrastructure-for-espionage/  Three new ways small and medium-sized businesses can purchase Microsoft 365 Copilot – https://www.microsoft.com/en-us/microsoft-365/blog/2024/12/02/three-new-ways-small-and-medium-sized-businesses-can-purchase-microsoft-365-copilot/  Safeguarding AI against ‘jailbreaks' and other prompt attacks – https://news.microsoft.com/source/?post_type=features&p=8732  Update on nested app authentication and deprecation of Exchange Online legacy tokens – https://techcommunity.microsoft.com/blog/exchange/update-on-nested-app-authentication-and-deprecation-of-exchange-online-legacy-to/4351951  Gather and create notes with Copilot in your personal OneNote notebooks directly on the page – https://techcommunity.microsoft.com/blog/microsoft365insiderblog/gather-and-create-notes-with-copilot-in-your-personal-onenote-notebooks-directly/4294053  After hours The World According To Kaleb On Tour | Official Trailer | Prime Video – https://www.youtube.com/watch?v=dqAXVQZ6jww   

Eric Carter of Sysdig joins Corey to tackle the evolving landscape of cloud security, particularly in AWS environments. As attackers leverage automation to strike within minutes, Sysdig focuses on real-time threat detection and rapid response. Tools like Runtime Insights and open-source Falco help teams identify and mitigate misconfigurations, excessive permissions, and stealthy attacks, while Kubernetes aids in limiting lateral movement. Eric introduced the “10-minute benchmark” for defense, combining automation and human oversight. Adapting to constant change, Sysdig integrates frameworks like MITRE ATT&CK to stay ahead of threats. Corey and Eric also discuss Sysdig's conversational AI security analyst, which simplifies decision-making.Show Highlights(0:00) Intro(0:32) Sysdig sponsor read(0:51) What they do at Sysdig(3:28) When you need a human in the loop vs when AI is useful(5:12) How AI may affect career progression for cloud security analysts(8:18) The importance of security for AI(12:18) Sysdig sponsor read(12:39) Security practices in AWS(15:19) How Sysdig's security reports have shaped Corey's thinking(18:10) Where the cloud security industry is headed(20:03) Cloud security increasingly feeling like an arms race between attackers and defenders(23:33) Frustrations with properly configuring leased permissions(28:17) How to keep up with Eric and SysdigAbout Eric CarterEric is an AWS Cloud Partner Advocate focused on cultivating Sysdig's technology cloud and container partner ecosystem. Eric has spearheaded marketing efforts for enterprise technology solutions across various domains, such as security, monitoring, storage, and backup. He is passionate about working with Sysdig's alliance partners, and outside of work, enjoys performing as a guitarist in local cover bands.LinksSysdig's website: https://sysdig.com/Sysdig's AWS Cloud Security: https://sysdig.com/ecosystem/aws/Sysdig's 5 Steps to Securing AWS Cloud Infrastructure: https://sysdig.com/content/c/pf-5-steps-to-securing-aws-cloud-infrastructure?x=Xx8NSJSponsorSysdig: https://www.sysdig.com 

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.MFASweep is a PowerShell script that attempts to log in to various Microsoft services using a provided set of credentials and will attempt to identify if MFA is enabled. CVE2CAPEC is a tool developed by Galeax that automates the process of mapping Common Vulnerabilities and Exposures (CVEs) to Common Weakness Enumerations (CWEs), Common Attack Pattern Enumeration and Classification (CAPEC), and MITRE ATT&CK Techniques.This tool helps security researchers identify vulnerabilities within macOS's sandbox restrictions, particularly targeting XPC services in the PID domain marked as "Application" services, which often lack adequate protection.Zscaler's recent blog discusses how North Korean IT professionals are increasingly finding remote work in Western companies, often under disguised identities.In a recent campaign, GootLoader malware has been targeting Bengal cat enthusiasts in Australia using SEO poisoning tactics.After a multi-month absence, the malware loader FakeBat—also known as Eugenloader or PaykLoader—has resurfaced, distributing malware through Google Ads, with a recent campaign exploiting ads for the popular app Notion.Over the past five years, Sophos has been engaged in a complex battle against Chinese state-sponsored cyber adversaries targeting its firewall products. This prolonged engagement, detailed in Sophos' "Pacific Rim" report, reveals a series of sophisticated attacks aimed at exploiting vulnerabilities in internet-facing devices, particularly those within critical infrastructure sectors across South and Southeast Asia.

Send us a textWhat if you could pivot from a career in intelligence analysis to becoming a cybersecurity expert, all by leveraging self-taught skills and open-source intelligence? Join us as Scott Small reveals his inspiring journey, transitioning from dealing with physical security threats to mastering cybersecurity. He shares the invaluable role of supportive hiring managers and highlights how programming in Python opened doors in the private sector, showcasing the diverse paths available in this dynamic field.Creating your own opportunities is crucial in technical fields, and Scott emphasizes the power of initiative. From starting a blog to contributing to community repositories, he offers practical advice for building a robust portfolio. We also discuss the importance of networking, the impact of geopolitical events on cyber threats, and how storytelling bridges gaps within the security sector. Scott's insights provide a roadmap for aspiring professionals eager to break into cybersecurity.Artificial intelligence is revolutionizing cyber threat intelligence, but it comes with its own set of challenges. Scott and I delve into the complexities of AI-generated data, the necessity of rigorous validation, and the importance of frameworks like MITRE ATT&CK. We explore enhancing detection capabilities and the role of consistent practice in writing and data visualization for professional growth. Whether you're a seasoned expert or just starting out, this episode is packed with actionable insights to help you navigate the evolving landscape of cybersecurity.Support the showFollow the Podcast on Social Media!Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcastPatreon: https://www.patreon.com/SecurityUnfilteredPodcastYouTube: https://www.youtube.com/@securityunfilteredpodcastTikTok: Not today China! Not today

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A stealthy Linux malware named 'sedexp' has been evading detection since 2022 by using a persistence technique not yet included in the MITRE ATT&CK framework.The Black Lotus Labs team at Lumen Technologies have uncovered a group of hackers linked to the Chinese government which have exploited a previously unknown software vulnerability to target U.S. internet service providers.Earlier in August, a North Korean hacking group exploited a previously unknown bug in Chrome-based browsers, aiming to steal cryptocurrency, which was reported by Microsoft in a recent update.The Dutch Data Protection Authority, or Dutch DPA, has hit Clearview AI with a €30.5 million fine—about $33.7 million—for illegally collecting data using facial recognition, including photos of Dutch citizens.Energy giant Halliburton has confirmed that its systems were hacked, and intruders were able to steal information following a cyberattack last week.

In this episode of the "Out of the Woods Threat Hunting Podcast," Scott and Tom break down the top threat hunting stories for the week of August 26, 2024. They dive into SetXP, a stealthy Linux malware that manipulates UDEV rules to evade detection, and explore why it's not yet on the MITRE ATT&CK radar. The duo also covers PeakLight, a new memory-only dropper, and Stick Stealer, a malware targeting browser data and crypto wallets. Wrapping up with insights from a BlackSuit ransomware breach, they discuss how attackers often reuse old techniques in new ways. This episode challenges the notion of what truly makes an execution unique, offering practical tips for staying ahead of evolving threats. 1. AON | Unveiling "sedexp": A Stealthy Linux Malware Exploiting udev Rules: https://www.aon.com/en/insights/cyber-labs/unveiling-sedexp 2. The DFIR Report | BlackSuit Ransomware: https://thedfirreport.com/2024/08/26/blacksuit-ransomware/ 3. Check Point Research | Unmasking Styx Stealer: How a Hacker's Slip Led to an Intelligence Treasure Trove: https://research.checkpoint.com/2024/unmasking-styx-stealer-how-a-hackers-slip-led-to-an-intelligence-treasure-trove/ 4. Google Cloud Blog | PEAKLIGHT: Decoding the Stealthy Memory-Only Malware: https://cloud.google.com/blog/topics/threat-intelligence/peaklight-decoding-stealthy-memory-only-malware/?&web_view=true Stay in Touch! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

Every week here on the show we talk about vulnerabilities and exploits. Typically we recommend that organizations remediate these vulnerabilities in some way. But how? And more importantly, which ones? Some tools we have to help us are actually not all that helpful at time, such as: Mitre Att&ck - Don't get me wrong, this is a great project and Adam and team is doing a great job. However, its not a complete picture as we can't possibly know about every attack vector (or can we?). People seem to think if they cover everything in the framework they will be secure. You can't cover everything in the framework because each technique can be utilized by an attack in a hundred different ways. CVSS - Anyone can apply a score, but who is correct? Good that we have a way to score things, but then people will just use this as a basis for what they patch and what they do not. Also, chaining vulnerabilities is a thing, but we seem to lack any way to assign a score to multiple vulnerabilities at once (different from a technique). Also, some things don't get a CVE, how are you tracking, assessing risk, and patching these? CISA KEV - Again, love the project and Tod is doing amazing work. However, what about things that do not get a CVE? Also, how do you track every incident of an attacker doing something in the wild? Also, there is frequency, just because something got exploited once, does that mean you need to patch it right away? How are we tracking how often something is exploited as it is not just a binary "yes, its exploited" or "no, it is not". EPSS - I do like the concept and Wade and Jay are doing amazing work. However, there seems to be a "gut reaction" thing going on where we do see things being exploited, but the EPSS score is low. How can we get better at predicting? We certainly have enough data, but are we collecting the right data to support a model that can tell us what the attackers will do next? This week: YAVD: Yet Another Vulnerable Driver, why bring your own when one already exists, backdoors in MIFARE Classic, wireless hacking tips, AMD sinkclose vulnerability will keep running, you down with SLDP yea you know me, Phrack!, IoTGoats, Pixel vulnerabilities, leaking variables, a DEF CON talk that was not cancelled, Telnet is still a thing, More CNAs, and the last thing Flint Michigan needed was a ransomware attack! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-840

Every week here on the show we talk about vulnerabilities and exploits. Typically we recommend that organizations remediate these vulnerabilities in some way. But how? And more importantly, which ones? Some tools we have to help us are actually not all that helpful at time, such as: Mitre Att&ck - Don't get me wrong, this is a great project and Adam and team is doing a great job. However, its not a complete picture as we can't possibly know about every attack vector (or can we?). People seem to think if they cover everything in the framework they will be secure. You can't cover everything in the framework because each technique can be utilized by an attack in a hundred different ways. CVSS - Anyone can apply a score, but who is correct? Good that we have a way to score things, but then people will just use this as a basis for what they patch and what they do not. Also, chaining vulnerabilities is a thing, but we seem to lack any way to assign a score to multiple vulnerabilities at once (different from a technique). Also, some things don't get a CVE, how are you tracking, assessing risk, and patching these? CISA KEV - Again, love the project and Tod is doing amazing work. However, what about things that do not get a CVE? Also, how do you track every incident of an attacker doing something in the wild? Also, there is frequency, just because something got exploited once, does that mean you need to patch it right away? How are we tracking how often something is exploited as it is not just a binary "yes, its exploited" or "no, it is not". EPSS - I do like the concept and Wade and Jay are doing amazing work. However, there seems to be a "gut reaction" thing going on where we do see things being exploited, but the EPSS score is low. How can we get better at predicting? We certainly have enough data, but are we collecting the right data to support a model that can tell us what the attackers will do next? Show Notes: https://securityweekly.com/psw-840

Every week here on the show we talk about vulnerabilities and exploits. Typically we recommend that organizations remediate these vulnerabilities in some way. But how? And more importantly, which ones? Some tools we have to help us are actually not all that helpful at time, such as: Mitre Att&ck - Don't get me wrong, this is a great project and Adam and team is doing a great job. However, its not a complete picture as we can't possibly know about every attack vector (or can we?). People seem to think if they cover everything in the framework they will be secure. You can't cover everything in the framework because each technique can be utilized by an attack in a hundred different ways. CVSS - Anyone can apply a score, but who is correct? Good that we have a way to score things, but then people will just use this as a basis for what they patch and what they do not. Also, chaining vulnerabilities is a thing, but we seem to lack any way to assign a score to multiple vulnerabilities at once (different from a technique). Also, some things don't get a CVE, how are you tracking, assessing risk, and patching these? CISA KEV - Again, love the project and Tod is doing amazing work. However, what about things that do not get a CVE? Also, how do you track every incident of an attacker doing something in the wild? Also, there is frequency, just because something got exploited once, does that mean you need to patch it right away? How are we tracking how often something is exploited as it is not just a binary "yes, its exploited" or "no, it is not". EPSS - I do like the concept and Wade and Jay are doing amazing work. However, there seems to be a "gut reaction" thing going on where we do see things being exploited, but the EPSS score is low. How can we get better at predicting? We certainly have enough data, but are we collecting the right data to support a model that can tell us what the attackers will do next? This week: YAVD: Yet Another Vulnerable Driver, why bring your own when one already exists, backdoors in MIFARE Classic, wireless hacking tips, AMD sinkclose vulnerability will keep running, you down with SLDP yea you know me, Phrack!, IoTGoats, Pixel vulnerabilities, leaking variables, a DEF CON talk that was not cancelled, Telnet is still a thing, More CNAs, and the last thing Flint Michigan needed was a ransomware attack! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-840

Every week here on the show we talk about vulnerabilities and exploits. Typically we recommend that organizations remediate these vulnerabilities in some way. But how? And more importantly, which ones? Some tools we have to help us are actually not all that helpful at time, such as: Mitre Att&ck - Don't get me wrong, this is a great project and Adam and team is doing a great job. However, its not a complete picture as we can't possibly know about every attack vector (or can we?). People seem to think if they cover everything in the framework they will be secure. You can't cover everything in the framework because each technique can be utilized by an attack in a hundred different ways. CVSS - Anyone can apply a score, but who is correct? Good that we have a way to score things, but then people will just use this as a basis for what they patch and what they do not. Also, chaining vulnerabilities is a thing, but we seem to lack any way to assign a score to multiple vulnerabilities at once (different from a technique). Also, some things don't get a CVE, how are you tracking, assessing risk, and patching these? CISA KEV - Again, love the project and Tod is doing amazing work. However, what about things that do not get a CVE? Also, how do you track every incident of an attacker doing something in the wild? Also, there is frequency, just because something got exploited once, does that mean you need to patch it right away? How are we tracking how often something is exploited as it is not just a binary "yes, its exploited" or "no, it is not". EPSS - I do like the concept and Wade and Jay are doing amazing work. However, there seems to be a "gut reaction" thing going on where we do see things being exploited, but the EPSS score is low. How can we get better at predicting? We certainly have enough data, but are we collecting the right data to support a model that can tell us what the attackers will do next? Show Notes: https://securityweekly.com/psw-840

In this episode of Now That's IT: Stories of MSP Success, we sit down with Dave Wilkeson, the founder and CEO of MSP Advisor, to uncover the key strategies that propelled him from a tech hobbyist to a renowned leader in the Managed Service Provider (MSP) industry. Dave shares invaluable insights into the critical role of financial discipline in scaling an MSP, offering candid advice he wishes he could give his younger self.Listeners will learn how Dave successfully navigated the complex waters of MSP growth, from securing a solid financial foundation to leveraging strategic partnerships and recurring revenue. Discover the pivotal moments that shaped Dave's journey, including the lessons learned from early ventures, the transition to managed services, and the importance of surrounding yourself with the right talent.Whether you're an aspiring MSP owner or a seasoned pro, this episode is packed with actionable takeaways that will help you steer your business toward sustained profitability and growth. Don't miss out on Dave's expert advice on becoming a successful MSP advisor in today's competitive landscape.In our upcoming webinar, “What is the MITRE ATT&CK Report and Why Is It Important to You?”, our industry experts delve into the essential insights provided by the MITRE ATT&CK Report, and how you can make informed decisions that not only enhance your cybersecurity strategy but also proactively address emerging threats and vulnerabilities.Date: Thursday, August 22, 2024Time: 10:00 AM – 10:45 AM EDTLearn more and register: http://spr.ly/6001lRYCJ Get an in-person rundown on what N-able has to offer including products, insights, networking and more.The N-able Roadshow is visiting more cities than ever before in 2024. Take a look at our first group of locations; we may be in a city near you! -> http://spr.ly/6000RsTOq'Now that's it: Stories of MSP Success,' dives into the journeys of some of the trailblazers in our industry to find out how they used their passion for technology to help turn Managed Services into the thriving sector it is today. Every episode is packed with the valuable insights, practical strategies, and inspiring anecdotes that lead our guests to the transformative moment when they knew….. Now, that's it.This podcast provides educational information about issues that may be relevant to information technology service providers. Nothing in the podcast should be construed as any recommendation or endorsement by N-able, or as legal or any other advice. The views expressed by guests are their own and their appearance on the podcast does not imply an endorsement of them or any entity they represent. Views and opinions expressed by N-able employees are those of the employees and do not necessarily reflect the view of N-able or its officers and directors. The podcast may also contain forward-looking statements regarding future product plans, functionality, or development efforts that should not be interpreted as a commitment from N-able related to any deliverables or timeframe. All content is based on information available at the time of recording, and N-able has no obligation to update any forward-looking statements.

On this episode of the Cybersecurity Defenders podcast, we explore threat intelligence with Jamie Williams, Threat Intelligence Researcher at Palo Alto Networks' Unit 42.Jamie is a seasoned professional in the field of cybersecurity. Before joining Unit 42, he made significant contributions at the MITRE Corporation as a Senior Principal Cyber Operations Engineer. During his tenure at MITRE, Jamie led the development of MITRE ATT&CK® for Enterprise, focusing on adversary emulation and behavior-based detections.In addition to his full-time role, Jamie is also a member of the IANS Faculty, where he shares his extensive knowledge and experience with the cybersecurity community. With a rich background that includes time at the National Security Agency, Jamie brings a wealth of expertise to the podcast.Katie Nickels blog can be found here.Google Mandiant's article on requirement-driven intelligence can be found here.

Send us a Text Message.This month, we welcome Eric Gagnon, Team Lead of Adversary Simulation, Purple Teaming, and Tradecraft Development at Desjardins. The conversation covers a wide range of topics related to cybersecurity, including purple teaming, red teaming, blue teaming, and Eric's journey in cybersecurity. Eric shares insights on certifications, threat hunting, cloud security, and the importance of knowledge exchange between red and blue teams. He also discusses the use of AI in cybersecurity and the need to stay sharp in the field.TakeawaysPurple teaming involves collaborative operations to exchange ideas, evaluate security controls, and test out tactics, techniques, and procedures (TTPs) real threat actors use.Certifications in cybersecurity, such as Offensive Security Certified Professional (OSCP) and Offensive Security Certified Expert (OSCE), provide valuable knowledge and an edge in the field.Threat hunting involves looking for a granular activity that may indicate a compromise, filtering out the noise, and focusing on the suspicious behavior of threat actors.Cloud security requires automation, cyber hygiene, and visibility, focusing on prioritizing techniques and testing them against the enterprise's environment.Knowledge exchange between red and blue teams during a purple team engagement is essential and should include a common language, centralized documentation, and reporting against the MITRE ATT&CK framework.Staying sharp in cybersecurity involves continuous learning, participation in CTFs, engaging with passionate individuals, and challenging oneself through talks, podcasts, and specialized training.Chapters00:00Introduction to Purple Teaming and Cybersecurity Journey08:09Certifications and Insights in Cybersecurity15:08Threat Hunting and Granular Activity Detection35:02Knowledge Exchange in Purple Teaming: Red and Blue Collaboration39:57Staying Sharp in Cybersecurity: Continuous Learning and EngagementSecure applications from code to cloud.Prisma Cloud, the most complete cloud-native application protection platform (CNAPP).Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

The assassination attempt on former President Trump sparks online disinformation. AT&T pays to have stolen data deleted. Rite Aid recovers from ransomware. A hacktivist group claims to have breached Disney's Slack. Checkmarx researchers uncover Python packages exfiltrating user data. HardBit ransomware gets upgraded with enhanced obfuscation. Threat actors can weaponize proof-of-concept (PoC) exploits in as little as 22 minutes. Google may be in the market for Wiz. Rick Howard previews his analysis of the MITRE ATT&CK framework. Blockchain sleuths follow the money.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. This Week on CSO Perspectives Dave chats with Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, about his latest episode of CSO Perspectives which focuses on the current state of MITRE ATT&CK. If you are a N2K Pro subscriber, you can find this installment of CSO Perspectives here. The accompanying essay is available here. If you're not a subscriber and want to check out a sample of the discussion Rick has with his Hash Table members about MITRE ATT&CK, you can find it here.  Selected Reading Conspiracy theories spread swiftly in hours after Trump rally shooting (The Washington Post) AT&T Paid a Hacker $370,000 to Delete Stolen Phone Records (WIRED) Pharmacy Giant Rite Aid Hit By Ransomware (Infosecurity Magazine) Disney's Internal Slack Breached? NullBulge Leaks 1.1 TiB of Data (HackRead) Malicious Python packages found exfiltrating user data to Telegram bot (Computing) HardBit ransomware version 4.0 supports new obfuscation techniques (Security Affairs) Hackers use PoC exploits in attacks 22 minutes after release (Bleeping Computer) Google is reportedly planning its biggest startup acquisition ever (The Verge) Automotive SaaS provider CDK paid $25 million ransom to hackers (BeyondMachines.net) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of MITRE ATT&CK with CyberWire Hash Table guests Frank Duff, Tidal Cyber's Chief Innovation Officer, Amy Robertson, MITRE Threat Intelligence Engineer and ATT&CK Engagement lead, and Rick Doten, Centene's VP of Information Security. References: Amy L. Robertson, 2024. ATT&CK 2024 Roadmap  [Essay]. Medium. Blake E. Strom, Andy Applebaum, Doug P. Miller, Kathryn C. Nickels, Adam G. Pennington, Cody B. Thomas, 2018. MITRE ATT&CK: Design and Philosophy [Historical Paper]. MITRE. Eric Hutchins, Michael Cloppert, Rohan Amin, 2010. Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains [Historic Paper]. Lockheed Martin Corporation. Nick Selby, 2014. One Year Later: The APT1 Report [Essay]. Dark Reading. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. Rick Howard, 2020. Intrusion kill chains: a first principle of cybersecurity.  [Podcast]. The CyberWire. Rick Howard, 2022. Kill chain trifecta: Lockheed Martin, ATT&CK, and Diamond. [Podcast]. The CyberWire. Rick Howard, 2020. cyber threat intelligence (CTI) (noun) [Podcast]. Word Notes: The CyberWire. Kevin Mandia, 2014. State of the Hack: One Year after the APT1 Report [RSA Conference Presentation]. YouTube. SAHIL BLOOM, 2023. The Blind Men & the Elephant [Website]. The Curiosity Chronicle. Sergio Caltagirone, Andrew Pendergast, and Christopher Betz. 05 July 2011. The Diamond Model of Intrusion Analysis. Center for Cyber Threat Intelligence and Threat Research.[Historical Paper] Staff, n.d. Home Page [Website]. Tidal Cyber. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, we'll talk about security, ATT&CK, and the changing landscape of Mac security with one of our favoritest guests, Cat Self. Hosts: Tom Bridge - @tbridge@theinternet.social Marcus Ransom - @marcusransom Guests: Cat Self - LinkedIn Links: MITRE ATT&CK® Getting Started with ATT&CK (video) ATT&CK Framework v15 Update Log What is STIX/TAXII? | Cloudflare Blog on pulling MITRE ATT&CK data sources with JuypterLab Malware Unicorn: Dylib Injection Attacks Atomic Red Team Tests I created Lutherans Atomic Test Harness zScaler Advisories https://x.com/Technop54777070/status/1788603343843074187 Claimed by hackers, Zscaler says there's no impact or compromise | Cybernews  The ESF Playground – The Mitten Mac A Deep Dive into the OceanLotus Adversary Emulation for macOS & Linux  https://github.com/center-for-threat-informed-defense/adversary_emulation_library/blob/master/ocean_lotus/Emulation_Plan/OceanLotus_Scenario.md Sponsors: Kandji 1Password Watchman Monitoring If you're interested in sponsoring the Mac Admins Podcast, please email podcast@macadmins.org for more information. Get the latest about the Mac Admins Podcast, follow us on Twitter! We're @MacAdmPodcast! The Mac Admins Podcast has launched a Patreon Campaign! Our named patrons this month include Weldon Dodd, Damien Barrett, Justin Holt, Chad Swarthout, William Smith, Stephen Weinstein, Seb Nash, Dan McLaughlin, Joe Sfarra, Nate Cinal, Jon Brown, Dan Barker, Tim Perfitt, Ashley MacKinlay, Tobias Linder Philippe Daoust, AJ Potrebka, Adam Burg, & Hamlin Krewson  

In this episode, Richard talks to Stuart Ashenbrenner and Wes Hutcherson of Huntress. They share their advice on managing Macs for clients to prevent and manage hacks.Stuard is a staff macOS researcher, focusing on macOS security and development, with a ton of experience working as a macOS detections engineer and software engineer.He's spoken at various conferences about macOS security, and he is the coauthor and core developer of the open source macOS incident response tool called Aftermath. Wes is the director of product marketing for Huntress, where he oversees market intelligence and go-to-marketing strategies. His multifaceted technology and cybersecurity experience spans over a decade.He's worked with market leaders such as Bishop Fox, eSentire, Hewlett Packard, and Dell SecureWorks covering managed detection and response, governance, risk and compliance, continuous threat exposure management, offensive security and other topics. Richard asks them to explain how Huntress help MSPs, how to deploy the tool and their typical partners, before digging in to threats specifically targeting Macs. Wes explains the Huntress MacOS support and why they decided to put it together. Stuart talks about the most common attack vectors on macOS and security best practice that MSPs should follow. Wes explains a number of acronyms that MSPs might come across when dealing with Macs and what they mean to users.Richard, Stuart and Wes look at Mac-specific attacks, third-party breaches and how to protect clients, particularly those who believe that Macs are more secure than PCs.They explore tools and resources, touch management, staying ahead of the curve and how MSPs can take advantage of the threats to Macs to find a business opportunity.Mentioned in This EpisodeOpen source macOS incident response tool: AftermathPodcast: Interview with Dray AghaMalware: Atomic macOS Stealer (AMOS)Trojan: Info StealerShell programme: BashScripting language: AppleScriptKnowledge base: MITRE ATT&CK macOS threat: CuckooXM Cyber study into breach and attack simulationsSlack community: MacAdminsBlog series: Ask the Mac Guy: macOS Security Mythsbunch of resources you can find on our website. It's very easy to find on, under resourcesOn-demand webinar: Dealing with Mac threatsMSP...

In this episode, Host Ron Eddings teams up with Ivan Fonseca and Nick Cottrell, Cybersecurity Engineers at ThreatLocker, as they break down the anatomy of previous breaches and the attacker's playbook using MITRE ATT&CK. Ivan and Nick will take you through the defender's perspective and will also share tools that are commonly used to defend breaches and discuss how Zero Trust can be implemented to better defend organizations.   Impactful Moments: 00:00 - Welcome 01:35 - Introducing guests, Ivan Fonseca and Nick Cottrell 04:39 - 3CX Breach & Supply Chain Attacks 08:10 - Ring Fencing Defense 11:16 - Living Off the Hacker Valley Land 13:06 - From our Sponsor, ThreatLocker 13:56 - Hacker Mindset in the Op 18:45 - Zero Trust, Default Deny 24:23 - Common Attack Vectors 30:09 - 7 Zip is a Russian Application? 32:49 - Learning How to Defend Better   Links: Connect with our guests, Ivan Fonseca and Nick Cottrell : https://www.linkedin.com/in/ivan-fonseca-64139222b/ https://www.linkedin.com/in/nicholas-cottrell-083564165/ Learn more about ThreatLocker: https://www.threatlocker.com/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

What is an insider threat? How do you mitigate the impact of an insider theat? From malicious insiders driven by profit or spite to negligent insiders prone to carelessness, and compromised insiders unwittingly manipulated by external forces, Rob Aragao and Stan Wisseman try to unravel the layers of this critical cybersecurity concern.Drawing from recent incidents like the Sisense breach and the XZ exploit, light is shed on the evolving tactics employed by malicious actors, highlighting the pressing need for robust detection and response mechanisms. Links to points raised in this episode:What is an insider threat?Insider Threats in 2024: 30 Eye-Opening StatisticsInsider Threat Statistics for 2024: Reports, Facts, Actors, and CostsPonemon Institute's 2023 Cost of Insider Risks studyMITRE ATT&CK frameworkMITRE's Insider Threat TTP Knowledge Base projectXZ exploitYakima Valley Memorial Hospital breachSisense breachYahoo IP theftTesla insider threat incidentBlog by Stan - Insider Threats Demystified: Enhancing Security with ITDR and MITRE ATT&CK FrameworksFollow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

The conversation discusses an article about MITRE, a leading organization in cybersecurity, getting hacked. The hosts highlight the importance of transparency in cybersecurity incidents and commend MITRE for openly sharing the details of the attack. They emphasize that anyone can be a target and that there is no foolproof solution to cybersecurity. The conversation also mentions the significance of MITRE's role in the industry and its contributions to threat analysis and intelligence. Overall, the hosts appreciate MITRE's transparency and view it as an opportunity for the industry to learn and improve. Please LISTEN

The MITRE ATT&CK framework provides a standardized taxonomy and knowledge base of adversary tactics, techniques, and procedures (TTPs), enabling organizations to enhance threat detection, response, and mitigation strategies effectively. In this episode, Adam Pennington tells us about the origins of the ATT&CK project, how organizations can effectively leverage it, and the journey that led Adam to his current role as the project's leader.     Resources:  Mitre ATT&CK website: https://attack.mitre.org/ .conf24 agenda: https://conf.splunk.com/  ATT&CKCon Presentations: https://attack.mitre.org/resources/learn-more-about-attack/ ATT&CK Evaluations Program: https://mitre-engenuity.org/cybersecurity/attack-evaluations/ Adam's BSides Talk (Bringing Intelligence into Cyber Deception with MITRE ATT&CK): https://www.youtube.com/watch?v=eL4iLUw1ee8 Adam's DEF CON Talk (Emulating Adversary w Imperfect Intelligence): https://www.youtube.com/watch?v=cXlWY3OnjO0 David Bianco's Pyramid of Pain: https://www.youtube.com/watch?v=3Xrl6ICxKxI  Dr. Fetterman's blog: https://www.splunk.com/en_us/blog/security/revisiting-the-big-picture-macro-level-att-ck-updates-for-2023.html

Are you familiar with Sidecars in Kubernetes? We spoke to Magno Logan about the complex world of Kubernetes security and the silent but deadly vulnerabilities associated with sidecar containers. Magno shares his extensive research and insights on how attackers can exploit these vulnerabilities to stay hidden within a Kubernetes environment, posing significant threats beyond the commonly discussed crypto mining attacks. Magno spoke about common attack paths targeting Kubernetes clusters, from exploiting application vulnerabilities to leveraging exposed Kubernetes services and compromised valid accounts. Guest Socials: ⁠Magno Logan Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp Questions asked: (00:00) Introduction (01:26) A bit about Magno Logan (01:49) Kubernetes Common Threats Explained (02:23) Kubernetes Cluster Attack Entry Points (04:28) How attackers maintain persistent access in Kubernetes? (05:30) Container Escape Explained (07:03) Maintaining Persistence in Kubernetes Clusters (08:18) What are Sidecars? (10:43) How to secure your sidecars? (12:33) Where can people learn more about this (13:57) The Fun Section Resources spoken about on the podcast Mitre Att&ck Containers Matrix Microsoft Threat Matrix

German officials take down a dark web market. Google patched zero-day. Terrapin attack targets SSL. A look at payment fraud. Agent Tesla is spreading through an old vulnerability. An iPhone thief explains his techniques. Ukrainian reprisals for Russia's Kyivstar attack. Israeli officials warn of data wipers. Rick Howard speaks with Scott Roberts of Interpress about Driving Intelligence with MITRE ATT&CK, and leveraging limited resources to build an evolving threat repository. And go ahead and click that like button - just don't expect to get paid. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today's guest Scott Roberts of Interpres joins N2K's Rick Howard from the recent MITRE ATT&CKcon event. They discuss driving intelligence with MITRE ATT&CK: Leveraging limited resources to build evolving threat repository.  Selected Reading German police takes down Kingdom Market cybercrime marketplace (BleepingComputer) GOOGLE ADDRESSED A NEW ACTIVELY EXPLOITED CHROME ZERO-DAY (Securityaffairs) SSH protects the world's most sensitive networks. It just got a lot weaker (Ars Technica) Annual Payment Fraud Intelligence Report: 2023 (Recorded Future) Threat Actors Exploit CVE-2017-11882 To Deliver Agent Tesla (Zscaler) iPhone Thief Explains How He Breaks Into Your Phone (Wall Street Journal) Ukrainian hackers breach Rosvodokanal, seize data of Russia's largest private water utility (RBC Ukraine) Fake F5 BIG-IP zero-day warning emails push data wipers (BleepingComputer) “Get Paid to Like Videos”? This YouTube Scam Leads to Empty Wallets (Hack Read) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

The FBI takes down ALPHV/BlackCat. Comcast reveals breach of nearly 36 million Xfinity customers. Microsoft and Cyberspace Solarium Commission release water sector security report. Malware increasingly uses public infrastructure. Iran's Seedworm and its telco targets. QR code scams. Feds release joint analysis of 2022 election integrity. Joint advisory on Play ransomware group. In today's Mr Security Answer Person, John Pescatore considers the risks of AI. Rick Howard talks with Lauren Brennan of GuidePoint Security about evaluating and maturing your SOC. Iranian gas stations running on empty. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guests John Pescastore joins us for Mr. Security Answer Person to address the question, “Things seem to be moving quickly with AI, what is your feeling about that positioning for early 2024?” Today's guest is Lauren Brennan of GuidePoint Security. N2K's Rick Howard caught up with Lauren recently  at the MITRE ATT&CKcon 4.0. They discussed evaluating and maturing your SOC. Selected Reading Authorities claim seizure of notorious ALPHV ransomware gang's dark web leak site (TechCrunch+) Comcast says hackers stole data of close to 36 million Xfinity customers (TechCrunch+) Microsoft, Cyberspace Solarium Commission propose measures to strengthen water sector cybersecurity (Industrial Cyber) Malware leveraging public infrastructure like GitHub on the rise (Reversing Labs) Seedworm: Iranian Hackers Target Telecoms Orgs in North and East Africa (Symantec) “Quishing” you a Happy Holiday Season (netcraft) 2022 Election Not Impacted by Chinese, Russian Cyber Activity: DOJ, DHS (Securityweek) US and Australia Warn of Play Ransomware Threat (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Google boosts Maps privacy, a court shields password disclosure, feds foil a massive scam operation, Iran-Israel cyber tensions escalate, Idaho National Labs reports a significant data breach, a security engineer's cybercrime confession.  N2K's Rick Howard reports from the recent MITRE ATT&CK con, speaking with Blake Strom of Microsoft about 10 years of the MITRE ATT&CK Framework. And Brian Krebs' relentless investigation into the Target breach. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, N2K's Rick Howard recently attended the MITRE ATT&CK Con. While there, Rick spoke with Blake Strom of Microsoft and they discussed 10 years of MITRE ATT&CK Framework. Selected Reading Google is rolling out new protections for our location data (The Washington Post) Four men indicted in $80 million ‘pig butchering' scheme (CNBC) Just In: Crypto Hacker Shakeeb Ahmed Admits to $12 Million Heist (BET US) Suspects can refuse to provide phone passcodes to police, court rules (Ars Technica) Gaza Cybergang | Unified Front Targeting Hamas Opposition (Sentinal Labs) Israeli CEO recruits Muslim hackers to fight Hamas in cyberwarfare (The Jerusalem Post)  Personal Information of 45,000 Individuals Stolen in Idaho National Laboratory Data Breach (Securityweek) Ten Years Later, New Clues in the Target Breach (krebsonsecurity) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

In this week's show, Ray Heffer gives a farewell to Michael Bazzell's Privacy, Security, and OSINT show. Also, speculation about living in a faraday cage continues, and the reasons Firefox is still better than Brave for privacy and security. Ray also talks about when privacy techniques go wrong, with his lockout from Privacy.com.This episode was recorded on November 22nd, 2023Follow me on Twitter @privacypodThis week's episode:IntroductionNotable mention for Michael BazzellNew website and Twitter accountWhy I don't use Brave and the reasons Firefox is still the best optionWhen Privacy Techniques Go WrongLinks mentioned in the show:MITRE ATT&CK (Credentials from Web Browsers): https://attack.mitre.org/techniques/T1555/003/MITRE ATT&CK (Password Managers): https://attack.mitre.org/techniques/T1555/005/Tor Project Recommendations: https://support.torproject.org/tbb/tbb-9/Brave (VPN Services) Issue: https://github.com/brave/brave-browser/issues/33726Citi Virtual Credit Cards: https://www.cardbenefits.citi.com/Products/Virtual-Account-NumbersCiti (True Name) Card: https://banking.citi.com/cbol/updatemyname/default.htmIronVest (Formerly Abine Blur): https://ironvest.com/pricing/Wise Virtual Card (UK): https://wise.com/gb/virtual-card/Intro music: The Lockdown"Everything we hear is an opinion, not a fact. Everything we see is a perspective, not the truth." - Marcus Aurelius

Okta hasn't had a very good run of security headlines lately, and the latest is a breach that resulted in the theft of session tokens of several customers from Okta's customer support system. Though the number of customers was relatively low, the unauthorized access went undetected for over two weeks. The root cause seems to have come from an employee logging into their personal Google account and saving a username and password withing the Chrome browser. Time Stamps: 0:00 - Welcome to the Rundown 0:42 - ZEDEDA Deploys Kubernetes at The Edge 3:33 - CloudFlare Outage 6:04 - Palo Alto Buys Talon Cyber Security 9:49 - Using Google Calendar for Command and Control 12:58 - Updated Security Frameworks (CVSS 4.0 and MITRE ATT&CK 14) 18:12 - Okta Breach Blamed on User's Personal Google Login 28:27 - The Weeks Ahead 29:38 - Thanks for Watching Follow our Hosts on Social Media Tom Hollingsworth: ⁠https://www.twitter.com/NetworkingNerd⁠ Brian Knudtson: ⁠https://www.linkedin.com/in/bknudtson/⁠ Follow Gestalt IT Website: ⁠https://www.GestaltIT.com/⁠ Twitter: ⁠https://www.twitter.com/GestaltIT⁠ LinkedIn: ⁠https://www.linkedin.com/company/Gestalt-IT Tags: #Rundown, #Kubernetes, #Edge, #SASE, #Malware, @ZEDEDAEdge, @Cloudflare, @PaloAltoNetworks, @TalonCyber, @FIRSTdotOrg, @MITREcorp @Okta, @Google, #XFD10, #Security, @NetworkingNerd, @BKnudtson, @GestaltIT,

In our latest PowerShell Podcast, we had an insightful discussion with Miriam Wiesner, a renowned Senior Security Researcher at Microsoft and the author of "PowerShell Automation and Scripting for Cybersecurity." Miriam, who is juggling her roles as a security expert, an author, and a mom, shed light on her journey at Microsoft, talking about the ups and downs she faced. She extended the conversation to her book-writing experience, wherein she balanced work-life pressures to deliver this authoritative guide on PowerShell Automation and Scripting. The discourse was particularly intriguing when it delved into PowerShell security - an area Miriam is so passionate and knowledgeable about. There was certainly so much to learn from our discussion with her! Bio:  Miriam C. Wiesner is a Sr. Security Researcher at Microsoft with over 15 years of experience in IT and IT Security. She has held various positions, including Administrator/System Engineer, Software Developer, Premier Field Engineer, Program Manager, and Security Consultant and Pentester. She is also a renowned creator of open-source tools based in PowerShell, including EventList and JEAnalyzer. She was invited multiple times to present her research behind her tools at many international conferences like Black Hat (USA, Europe & Asia), PSConf EU, MITRE ATT&CK workshop, and more. Miriam is the author of the book "PowerShell Automation and Scripting for CyberSecurity: Hacking and Defense for Red and Blue Teamers." Outside of work, Miriam is a dedicated wife and mother, residing with her family near Nuremberg, Germany. See The PowerShell Podcast on YouTube: https://www.youtube.com/watch?v=0Csw8YYGyCg https://github.com/HCRitter/PSMermaid https://github.com/HCRitter/PSCommandShortener https://devblogs.microsoft.com/powershell/psresourceget-release-candidate-is-now-available/ https://github.com/DevClate/365AutomatedLab https://www.joshooaj.com/blog/2023/09/06/debugging-convertto-json/ https://twitter.com/miriamxyra/status/1697195685068575222?s=46&t=AofiiK_18fgZEoSxIrqhAA https://twitter.com/miriamxyra https://github.com/PSSecTools/JEAnalyzer https://packt.link/MiriamCW https://github.com/PSSecTools/JEAnalyzer https://github.com/miriamxyra/myDeckWishlist https://github.com/miriamxyra/EventList

As privacy moves from a predominantly compliance-oriented approach to one that is risk-based, privacy risk modeling has taken on increased importance. While a variety of innovative pre-existing options are available for privacy consequences and a few for vulnerabilities, privacy threat models, particularly ones focused on attacks (as opposed to threat actors) remain relatively scarce. To address this gap and facilitate more sophisticated privacy risk management of increasingly complex systems, MITRE has developed the Pattern and Action Nomenclature Of Privacy Threats In Context (PANOPTIC™). By providing an empirically-driven taxonomy of privacy threat activities and actions – as well as contextual elements – to support environmental and system-specific threat modeling, PANOPTIC is intended to do for privacy practitioners what MITRE ATT&CK® has done for security practitioners. This presentation discusses the underpinnings and provides an overview of PANOPTIC and its use. About the speaker: Stuart S. Shapiro is a Principal Cyber Security and Privacy Engineer and a co-leader of the Privacy Capability in the MITRE Labs Cyber Solutions Innovation Center at the MITRE Corporation. At MITRE he has led multiple research and operational efforts in the areas of privacy engineering, privacy risk management, and privacy enhancing technologies (PETs), including projects focused on connected vehicles and on de-identification. He has also held academic positions and has taught courses on the history, politics, and ethics of information and communication technologies. His professional affiliations include the International Association of Privacy Professionals (IAPP) and the Association for Computing Machinery (ACM).

Join Ryan Kovar and special guest Jamie Williams, MITRE ATT&CK for Enterprise Lead and Principal Adversary Emulation Engineer, for a discussion about MITRE ATT&CK use cases and Jamie's essay in a new book by SURGe titled, "Bluenomicon: The Network Defender's Compendium."   Download Bluenomicon

Maril Vernon is passionate about Purple teaming and joins Robert and Chris to discuss the intricacies of purple teaming in cybersecurity. She underscores the significance of fostering a collaborative environment between developers and the security team. Drawing from her experiences, Maril shares the challenge of development overlooking her remediation recommendations. She chose to engage directly with the developers, understanding their perspective and subsequently learning to frame her remediations in developer-centric language. This approach made her recommendations actionable and bridged the communication gap between the two teams.Maril also looks into the future of purple teaming, envisioning a landscape dominated by automation and AI tools. While these tools will enhance the efficiency of certain tasks, she firmly believes that the human element, especially the creativity and intuition of red teamers, will remain irreplaceable. She envisions a future where dedicated purple teams might be replaced by a more holistic approach, or white teams, emphasizing collaboration across all departments.Maril's powerful message on the essence of security: "You get what you inspect, not what you expect." She emphasizes the importance of proactive inspection and testing rather than relying on assumptions. And she re-states the centrality of cooperation between teams. Maril's insights serve as a reminder of the dynamic nature of cybersecurity and the need for continuous adaptation and collaboration.Helpful Links:Follow Maril: @shewhohacksPurple Team Exercise Framework: https://github.com/scythe-io/purple-team-exercise-frameworkScythe: https://scythe.io/MITRE ATT&CK Framework: https://attack.mitre.org/MITRE ATT&CK Navigator: https://github.com/mitre-attack/attack-navigatorAttackIQ: https://www.attackiq.com/SafeBreach: https://www.safebreach.com/ PlexTrac - https://plextrac.com/Atomic Red Team: https://atomicredteam.io/Book Recommendations: Security+ All-in-One Exam Prep: https://www.mheducation.com/highered/product/comptia-security-all-one-exam-guide-sixth-edition-exam-sy0-601-conklin-white/9781260464009.htmlThe Pentester BluePrint - https://www.wiley.com/en-us/The+Pentester+BluePrint:+Starting+a+Career+as+an+Ethical+Hacker-p-9781119684305The First 90 Days - https://hbr.org/books/watkinsFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Rick Howard, N2K's CSO and The CyberWire's Chief Analyst and Senior Fellow, discusses the latest developments in mapping the MITRE ATT&CK(R) wiki to your deployed security stack with guests James Stanley, section chief at the U.S. Cybersecurity and Infrastructure Security Agency, John Wunder, Department Manager for Cyber Threat Intelligence and Adversary Emulation at MITRE, and Steve Winterfeld, Akamai's Advisory CISO. Howard, R., Olson, R., 2020. Implementing Intrusion Kill Chain Strategies by Creating Defensive Campaign Adversary Playbooks [Journal Article]. The Cyber Defense Review. URL https://cyberdefensereview.army.mil/CDR-Content/Articles/Article-View/Article/2420129/implementing-intrusion-kill-chain-strategies-by-creating-defensive-campaign-adv/ Staff, 2023. The Ultimate Guide to Sigma Rules [Blog]. THE GRAYLOG BLOG. URL https://graylog.org/post/the-ultimate-guide-to-sigma-rules/ Seuss, Dr., 1990. Oh, the Places You'll Go! [Book]. Goodreads. URL https://www.goodreads.com/book/show/191139.Oh_the_Places_You_ll_Go_?ref=nav_sb_ss_1_14 Beriro, S., ishmael, stacy-marie, 2023. Crypto Hackers Stole Record Amount in 2022, Fueled by North Korea's Lazarus [Podcast]. Bloomberg. URL https://www.bloomberg.com/news/articles/2023-02-23/crypto-hackers-stole-record-amount-in-2022-fueled-by-north-korea-s-lazarus cisagov, 2023. Decider: A web application that assists network defenders, analysts, and researchers in the process of mapping adversary behaviors to the MITRE ATT&CK® framework. [Code Repository]. GitHub. URL https://github.com/cisagov/Decider/ Hutchins, E., Cloppert, M., Amin, R., 2010. Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains [White Paper]. Lockheed Martin. URL https://www.lockheedmartin.com/content/dam/lockheed-martin/rms/documents/cyber/LM-White-Paper-Intel-Driven-Defense.pdf JupiterDoc, 2011. Law & Order Full Theme (High Quality) [Theme]. YouTube. URL https://www.youtube.com/watch?v=xz4-aEGvqQM Nickels, K, 2019. Introduction to ATT&CK Navigator [Video]. YouTube. URL https://www.youtube.com/watch?v=pcclNdwG8Vs Page, C., 2022. US officials link North Korean Lazarus hackers to $625M Axie Infinity crypto theft [website]. TechCrunch. URL https://techcrunch.com/2022/04/15/us-officials-link-north-korean-lazarus-hackers-to-625m-axie-infinity-crypto-theft/ Page, C., 2022. North Korean Lazarus hackers linked to $100M Harmony bridge theft [Website]. TechCrunch. URL https://techcrunch.com/2022/06/30/north-korea-lazarus-harmony-theft/ Staff, n.d. Lazarus Group (G0032) [Wiki]. Mitre ATT&CK Navigator. URL https://mitre-attack.github.io/attack-navigator//#layerURL=https%3A%2F%2Fattack.mitre.org%2Fgroups%2FG0032%2FG0032-enterprise-layer.json Staff, n.d. Lazarus Group, Labyrinth Chollima, HIDDEN COBRA, Guardians of Peace, ZINC, NICKEL ACADEMY, Group G0032 [Wiki]. MITRE ATT&CK®. URL https://attack.mitre.org/groups/G0032/ Staff, n.d. Lazarus Group [Wiki]. Tidal Cyber. URL https://app.tidalcyber.com/groups/0bc66e95-de93-4de7-b415-4041b7191f08-Lazarus%20Group Staff, January 2023. Best Practices for MITRE ATT&CK® Mapping [White Paper]. Cybersecurity and Infrastructure Security Agency (CISA). URL https://www.cisa.gov/news-events/news/best-practices-mitre-attckr-mapping Staff, March 2023. CISA Releases Decider Tool to Help with MITRE ATT&CK Mapping [Announcement]. Cybersecurity and Infrastructure Security Agency (CISA). URL https://www.cisa.gov/news-events/alerts/2023/03/01/cisa-releases-decider-tool-help-mitre-attck-mapping Staff, n.d. List of top Cryptocurrency Companies - Crunchbase Hub Profile [Website]. Crunchbase. URL https://www.crunchbase.com/hub/cryptocurrency-companies Strom, B.E., Applebaum, A., Miller, D.P., Nickels, K.C., Pennington, A.G., Thomas, C.B., 2020. ATTACK Design and Philosophy March 2020 Revision [White Paper]. Mitre. URL https://www.mitre.org/sites/default/files/publications/pr-18-0944-11-mitre-attack-design-and-philosophy.pdf

⚜️ In this episode we have Thomas Ryan of Asymmetric Response joining us to discuss a part of security that is often overlooked in the industry and that's the digital side. In this podcast we discuss…

Hey, it's 5:05 on Friday, March 3rd, 2023. From the Sourced Podcast Network in New York City, this is your host, Pokie Huang. Stories in today's episode come from Katy Craig in San Diego, California, Edwin Kwan in Sydney, Australia, Olimpiu Pop in Transylvania, Romania, Derek Weeks in Bethesda, Maryland, Kadi Grigg in Alexandria, Virginia and Marcel Brown in St. Louis, Missouri. Let's get to it.Cracked Games Spread Malware

Welcome to Cyber Briefing, a short newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday. First time seeing this? Please subscribe.

Penetration testing is a vital part of a robust security program, but the traditional pentesting model is in a rut. Assessments happen infrequently, the scope is often very broad, and the report is usually overwhelming. What if you could increase the overall ROI of your pentesting program and avoid these limitations? Every penetration test should have specific goals. Coverage of the MITRE ATT&CK framework or the OWASP Top Ten is a great start, but a pentest could provide exponential value by applying a more strategic approach. In this episode of CyberWire-X, the CyberWire's Rick Howard and Dave Bittner discuss what it means to "shift left" with your penetration testing by working on a threat-informed test plan with guests and Hash Table members Bob Turner, the Field CSO of Fortinet, Etay Maor, the Senior Director for Security Strategy at Cato Networks, and Dan DeCloss, the Founder and CEO of our episode sponsor PlexTrac. 

A knowledge base of adversary tactics, techniques, and procedures established and maintained by the MITRE Corporation.  CyberWire Glossary link: https://thecyberwire.com/glossary/mitre-attck Audio reference link: “Attack Frameworks - SY0-601 CompTIA Security+ : 4.2,” Professor Messer, YouTube, 29 April 2021. Learn more about your ad choices. Visit megaphone.fm/adchoices

Big thinkers from Lockheed Martin (kill chain), the Department of Defense (Diamond Model), and Mitre (ATT&CK Framework) gave us the blueprints of how to do intrusion kill chain prevention over a decade ago. It's taken us that long for the rest of us mere cybersecurity mortals to get our heads around the key concepts. Rick Howard takes us through the models. For a complete reading list and even more information, check out Rick's more detailed essay on the topic.

One of the best frameworks that showed up within the last 5 or so years is undoubtedly the MITRE ATT&CK® framework. Many of us may know about it in passing and even reference from time to time, but very few people seem to know the true depth of knowledge contained - everything from analytics to threat groups, specific mitigation and detection opportunities, and with the newest versions, even specific data sources. In this episode we talk to the Defensive Lead of ATT&CK from MITRE, Lex Crumpton, about what every blue team member needs to know about this framework, and more!Alexia CrumptonAlexia Crumpton is a Defensive Cyber Operations Researcher with over seven years of experience in software development, SOCs, and Malware Reverse Engineering. Her passion lies in heuristic behavior analysis in regards to adversary TTPs and countermeasures used to defend against them. Follow AlexiaLinkedIn: https://www.linkedin.com/in/alexia-crumpton-99930659/Resources mentioned in this episode:CAR - The MITRE Cyber Analytics Repository (CAR) is a knowledge base of analytics developed by MITRE based on the MITRE ATT&CK adversary model.Top ATT&CK Techniques – Medium Blog, Github, Calculator Sponsor's Note:Support for the Blueprint podcast comes from the SANS Institute.If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need tJoin us in Scottsdale, AZ or virtually for the 2022 SANS Institute Blue Team Summit & Training. At the SANS Blue Team Summit, enhance your current skill set and become even better at defending your organization and hear the latest ways to mitigate the most recent attacks!

Ever wonder why there's so little information regarding macOS and Linux-oriented attacks? In this episode, we get the answer from  the multi-talented Cat Self - an Adversary Emulation Engineer at MITRE, Cyber Threat Intelligence Team Leader on ATT&CK Evaluations and macOS/ Lead on MITRE ATT&CK Enterprise. We discuss defense tools,  attacker TTPs, and what to consider when approaching defense for a macOS and Linux environment, and what trends we can expect in the future for these operating systems. Check out the resources below for links mentioned during this enlightening conversation!Our Guest: Cat SelfCat Self is the CTI Lead for MITRE ATT&CK® Evaluations, macOS/Linux Lead for ATT&CK® and serves as a leader of people at MITRE. Cat started her cyber security career at Target and has worked as a developer, internal red team operator, and Threat Hunter. Cat is a former military intelligence veteran and pays it forward through mentorship, technical macOS hunting workshops, and public speaking. Outside of work, she is often planning an epic adventure or climbing mountains in foreign lands. Follow Cat on Social MediaTwitter: @coolestcatiknowLinkedIn: Cat SelfResources mentioned in this episode:A highlight of new security changes in macOS Ventura:https://www.sentinelone.com/blog/apples-macos-ventura-7-new-security-changes-to-be-aware-of/ For securing a macOS device, I highly recommend installing Patrick Wardle's endpoint tools. https://objective-see.org/tools.html My favorites are BlockBlock, KnockKnock, Lulu, & Netiquette.  Cat's “GoTo” blogsPatrick Wardle Objective-SeeJaron Bradley The Mitten MacHoward Oakley The Eclectic Light CompanyCody Thomas MediumSarah Edwards mac4n6Leo Pitt MediumChristopher Ross MediumCsaba Fitzl THEEVILBIT Blog Open Source ProjectsPlaybooks with Datasets to practice OTRFCode snippets aligned to MITRE ATT&CK Atomic Red TeamJupyter notebook environment setup by Anna PastushkoVirtual environment setup Hold My BeerSponsor's Note:Support for the Blueprint podcast comes from the SANS Institute.If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.This course is designed to bring attendees the information that every SOC analyst and blue team membeJoin us in Scottsdale, AZ or virtually for the 2022 SANS Institute Blue Team Summit & Training. At the SANS Blue Team Summit, enhance your current skill set and become even better at defending your organization and hear the latest ways to mitigate the most recent attacks!

A knowledge base of adversary tactics, techniques, and procedures established and maintained by the MITRE Corporation.  CyberWire Glossary link: https://thecyberwire.com/glossary/mitre-attck Audio reference link: “Attack Frameworks - SY0-601 CompTIA Security+ : 4.2,” Professor Messer, YouTube, 29 April 2021.

A knowledge base of adversary tactics, techniques, and procedures established and maintained by the MITRE Corporation.  CyberWire Glossary link: https://thecyberwire.com/glossary/mitre-attck Audio reference link: “Attack Frameworks - SY0-601 CompTIA Security+ : 4.2,” Professor Messer, YouTube, 29 April 2021.