ThreatX的动态

?? Organizations around the globe rely on the MITRE Engenuity Center for Threat-Informed Defense as a critical resource for protecting against cyberattacks. CrowdStrike provided expertise and thought leadership to two of the Center for Threat-Informed Defense’s latest research projects: ?? Insider Threat TTP Knowledge Base Version 2: Sought to enhance a repository of tactics, techniques and procedures (TTPs) used by insider attackers by including nontechnical indicators plus their respective mitigations, helping organizations prevent and defend against insider cybersecurity threats ?? Sensor Mappings to ATT&CK: Goal was to map sensors and other data sources to the MITRE ATT&CK? framework techniques so that SOCs know which tools and capabilities to check for the use of TTPs that would indicate their environment is under attack by an adversary ?? Read this blog post to learn more: https://lnkd.in/dHpjAWiT and check out the Center for Threat-Informed Defense’s Sensor Mappings to ATT&CK project: https://lnkd.in/dwnEFnGh #mitre

#LeadingInCybersecurity In a decisive move marking its unwavering commitment to cybersecurity excellence, Ivanti has expedited the release of patches for four newly discovered vulnerabilities in its Connect Secure and Policy Secure Gateways. These critical updates address vulnerabilities with potential consequences ranging from denial-of-service (DoS) attacks to unauthorized code execution, underscoring the persistent vigilance required in today’s digital landscape. Key Vulnerabilities Addressed: CVE-2024-21894 & CVE-2024-22053: These heap overflow vulnerabilities present critical risks, potentially allowing unauthenticated attackers to disrupt services or even execute arbitrary code. CVE-2024-22052: A null pointer dereference issue, heightening the risk of service disruptions through DoS attacks. CVE-2024-22023: This XML entity expansion vulnerability could lead to resource exhaustion, temporarily impacting service availability. This series of patches is part of Ivanti's broader strategic response to a challenging year, marked by a determination to fortify its security posture against an ever-evolving threat landscape. Ivanti's CEO, Jeff Abbott, recently illuminated the company’s introspective journey towards a security-first culture. Emphasizing the adoption of secure-by-design principles, enhancing transparency, and revamping engineering and security frameworks, Ivanti is not just reacting to threats but preempting them. In his candid reflection, Abbott acknowledged the humbling experiences of recent months, pledging an uncompromising path towards resilience, bolstered by rigorous internal scanning, the involvement of esteemed third parties for vulnerability research, and an enriched bug bounty program to incentivize responsible disclosure. As we navigate through the complexities of digital security, Ivanti’s proactive stance is a beacon for the industry, demonstrating that vigilance, innovation, and transparency are the pillars upon which trust is built and maintained. #IvantiUpdates #CyberResilience #DigitalSecurity #InnovationInCybersecurity

"We go to doctors to perform our health checks. Now we have to do the health check of the business." -?Shariq Aqil, Global Field CTO,?Hewlett Packard Enterprise Shariq Aquil and?Brad Bussie, e360 CISO walk through the key questions every business must ask when forming a robust cybersecurity strategy. ? In case we are attacked, what do we need to recover? ? Who is responsible for recovery? ? How will we recover? ?Where will we recover? ? Do we have the right technology in place? These questions help us understand our current state and determine whether we are cyber-ready or cyber-resilient. It's not just about having the latest technology, but about understanding our specific requirements and exploring various solutions. Our goal should be to create an environment where we are not just reacting to threats but are always a step ahead. See more from Episode 18 of the State of Enterprise IT Security here:?https://lnkd.in/gqxYhyvx Zerto

In today’s rapidly evolving digital landscape, effective cybersecurity is a strategic imperative for business leaders. Protecting your organization’s technological assets, critical infrastructures, and overall reputation demands more than just technical solutions; it requires a proactive, comprehensive approach from the top. To help you stay ahead of emerging threats and ensure long-term success, we’ve created an in-depth guide that explores essential security strategies, continuity planning, and leadership-driven initiatives.

?? Organizations around the globe rely on the MITRE Engenuity Center for Threat-Informed Defense as a critical resource for protecting against cyberattacks. CrowdStrike provided expertise and thought leadership to two of the Center for Threat-Informed Defense’s latest research projects: ?? Insider Threat TTP Knowledge Base Version 2: Sought to enhance a repository of tactics, techniques and procedures (TTPs) used by insider attackers by including nontechnical indicators plus their respective mitigations, helping organizations prevent and defend against insider cybersecurity threats ?? Sensor Mappings to ATT&CK: Goal was to map sensors and other data sources to the MITRE ATT&CK? framework techniques so that SOCs know which tools and capabilities to check for the use of TTPs that would indicate their environment is under attack by an adversary ?? Read this blog post to learn more: https://lnkd.in/g-6yU__e and check out the Center for Threat-Informed Defense’s Sensor Mappings to ATT&CK project: https://lnkd.in/g2_Jsm5w

?? Organizations around the globe rely on the MITRE Engenuity Center for Threat-Informed Defense as a critical resource for protecting against cyberattacks. CrowdStrike provided expertise and thought leadership to two of the Center for Threat-Informed Defense’s latest research projects: ?? Insider Threat TTP Knowledge Base Version 2: Sought to enhance a repository of tactics, techniques and procedures (TTPs) used by insider attackers by including nontechnical indicators plus their respective mitigations, helping organizations prevent and defend against insider cybersecurity threats ?? Sensor Mappings to ATT&CK: Goal was to map sensors and other data sources to the MITRE ATT&CK? framework techniques so that SOCs know which tools and capabilities to check for the use of TTPs that would indicate their environment is under attack by an adversary ?? Read this blog post to learn more: https://lnkd.in/envbb-QU and check out the Center for Threat-Informed Defense’s Sensor Mappings to ATT&CK project: https://lnkd.in/eKdZ_ZmE

?? Organizations around the globe rely on the MITRE Engenuity Center for Threat-Informed Defense as a critical resource for protecting against cyberattacks. CrowdStrike provided expertise and thought leadership to two of the Center for Threat-Informed Defense’s latest research projects: ?? Insider Threat TTP Knowledge Base Version 2: Sought to enhance a repository of tactics, techniques and procedures (TTPs) used by insider attackers by including nontechnical indicators plus their respective mitigations, helping organizations prevent and defend against insider cybersecurity threats ?? Sensor Mappings to ATT&CK: Goal was to map sensors and other data sources to the MITRE ATT&CK? framework techniques so that SOCs know which tools and capabilities to check for the use of TTPs that would indicate their environment is under attack by an adversary ?? Read this blog post to learn more: https://lnkd.in/gMKg73DX and check out the Center for Threat-Informed Defense’s Sensor Mappings to ATT&CK project: https://lnkd.in/gaTUfPMC

New! The #ZeroTrust in The #IndustrialEnterpriseReport is here, featuring survey results and analysis from hundreds of cybersecurity leaders about the progress, and challenges, in adopting Zero Trust to secure critical infrastructure. As cyberattacks across industrial sectors increase, adopting Zero Trust strategies for protecting critical infrastructure has become an urgent necessity. Xage Security partnered with Takepoint Research to survey #cybersecurity leaders about their zero trust strategies, and challenges, in adapting to the modern threat landscape. “The industrial world is taking action and recognizes the necessity to expedite zero trust adoption to keep our nation’s—and world’s—critical infrastructure safe from cyberattacks.” said Jonathon Gordon, Industry Analyst at Takepoint Research. Get your copy of the survey results today to learn what peers and leaders in industry are doing to confront today’s escalating cyber challenges #IndustrialCybersecurity David Cherry Stephen Webster William Rhodes Rod Johnson SIS Holdings Group, LLC

?? Organizations around the globe rely on the MITRE Engenuity Center for Threat-Informed Defense as a critical resource for protecting against cyberattacks. CrowdStrike provided expertise and thought leadership to two of the Center for Threat-Informed Defense’s latest research projects: ?? Insider Threat TTP Knowledge Base Version 2: Sought to enhance a repository of tactics, techniques and procedures (TTPs) used by insider attackers by including nontechnical indicators plus their respective mitigations, helping organizations prevent and defend against insider cybersecurity threats ?? Sensor Mappings to ATT&CK: Goal was to map sensors and other data sources to the MITRE ATT&CK? framework techniques so that SOCs know which tools and capabilities to check for the use of TTPs that would indicate their environment is under attack by an adversary ?? Read this blog post to learn more: https://lnkd.in/gTp4kSBi and check out the Center for Threat-Informed Defense’s Sensor Mappings to ATT&CK project: https://lnkd.in/g-JneGMM

?? Organizations around the globe rely on the MITRE Engenuity Center for Threat-Informed Defense as a critical resource for protecting against cyberattacks. CrowdStrike provided expertise and thought leadership to two of the Center for Threat-Informed Defense’s latest research projects: ?? Insider Threat TTP Knowledge Base Version 2: Sought to enhance a repository of tactics, techniques and procedures (TTPs) used by insider attackers by including nontechnical indicators plus their respective mitigations, helping organizations prevent and defend against insider cybersecurity threats ?? Sensor Mappings to ATT&CK: Goal was to map sensors and other data sources to the MITRE ATT&CK? framework techniques so that SOCs know which tools and capabilities to check for the use of TTPs that would indicate their environment is under attack by an adversary ?? Read this blog post to learn more: https://lnkd.in/g54b_59v and check out the Center for Threat-Informed Defense’s Sensor Mappings to ATT&CK project: https://lnkd.in/gTmk9EEP