Mapping CVE Records to the ATT&CK Framework
CYR3CON and the team at Tag Cyber have published a new report outlining the enterprise security...
ATT&CK and Vulnerability Management Part 6: A Holistic Approach
Over the previous five posts in this series, we looked at both the MITRE ATT&CK and CVE frameworks,...
ATT&CK and Vulnerability Management Part 5: Disrupting Attack Sequences through Vulnerability Management
In our last post, we showed how CYR3CON mapped relationships among ATT&CK techniques using tools...
ATT&CK and Vulnerability Management Part 4: Using Intelligence to Generate Attack Sequences
In the past few articles, we discussed how mapping ATT&CK techniques to CVE’s can help...
ATT&CK and Vulnerability Management Part 3: Considerations in Aligning CVEs and ATT&CK Techniques
In our last article, we discussed why one would want to align CVEs with ATT&CK techniques. In...
Colonial Pipeline Breach Part 2: Three Important Observations
The Colonial Pipeline breach brought the physical-world effects of a cyber-attack – such as those...
Colonial Pipeline Breach: Vulnerabilities Used by DarkSide
This is the first in a 2-part series on the Colonial Pipeline breach. In today’s blog and video,...
ATT&CK and Vulnerability Management Part I: Introducing ATT&CK
Today we start a multi-part blog series on the MITRE ATT&CK framework and how it relates to...
Chinese Hackers Potentially Exploiting Up to Four Pulse Secure Vulnerabilities
Late last week, it was reported that Chinese hackers are exploiting recently disclosed Pulse...