You want to publish a new vulnerability? Just submit and we will handle your CVE assignment in no time. https://vuldb.com/?id.add #vuldb #cna #cve #mitre #nvd

I don't seem to get any response from MITRE Corporation requesting CVE IDs. Multiple requests have been silently ignored. What can I do ... except becoming my own CNA?

#cve #mitre #security #cre #foswiki #opensource #perl

Turning threat reports into detection insights with AI - https://www.redpacketsecurity.com/turning-threat-reports-into-detection-insights-with-ai/

#threatintel
#threat-intelligence
#mitre-attck
#detection-engineering
#ai-for-security
#ttp-extraction

MITRE ATT&CK: Wie Cloud-Kontrollen gegen Cyberangriffe wirken

Das Center for Threat-Informed Defense hat nun einen Weg gefunden, etablierte Sicherheitskontrollen direkt mit den Vorgehensweisen realer Angreifer zu verknüpfen.

https://www.all-about-security.de/mitre-attck-wie-cloud-kontrollen-gegen-cyberangriffe-wirken/

#MITRE #cloud #cybersecurity #threat

National Vulnerability Database: le vulnerabilita’ piu’ pericolose rilevate nel 2025: Il MITRE - organizzazione statunitense indipendente e senza scopo di lucro impegnata a supportare progetti nei settori di cybersecurity, difesa, sanita’ e infrastrutture...
#MITRE #NationalVulnerabilityDatabase #minacceinformatiche #sicurezza #cybersecurity http://dlvr.it/TQYl7G

Is there a good #MITRE ATT&CK technique to point out a attacker used incremented Identifiers do discover devices easily?

INFORM-Framework: Bedrohungsbasierte Cybersicherheit messbar machen

Strategische Verteidigungsplanung mit neuem Messansatz

Die MITRE Cyber Threat Intelligence Division (CTID) präsentiert INFORM, ein webbasiertes Bewertungsinstrument für bedrohungsorientierte Sicherheitsarchitekturen

https://www.all-about-security.de/inform-framework-bedrohungsbasierte-cybersicherheit-messbar-machen/

#mitre #framework #cyberthreat #cybersecurity #RedTeam

You have discovered a new vulnerability? Submit it here and we will assign a CVE in no time. https://vuldb.com/?id.add #vuldb #cna #cve #mitre #nvd

----------------

🛠️ Tool
===================

Opening: TDO Standalone Extractor is a self-contained tool for extracting Cyber Threat Intelligence (CTI) from documents. It targets analysts who need structured CTI from heterogeneous sources and automates conversion to machine-readable schemas.

Key Features:
• Multi-format support: processes PDF, DOCX, TXT, and Markdown inputs.
• Comprehensive schema: emits a CTI schema covering 12 entity types and 24 relationship types with rich properties.
• LLM integration: leverages Google Gemini models with automatic fallback parsing for resilient extraction.
• Detection & flow outputs: generates evidence-backed detection opportunities and an Attack-Flow JSON mapping to MITRE ATT&CK.
• Structured reliability: uses pydantic schemas to validate outputs and report parsing success.
• Parallel processing: supports concurrent file processing with progress tracking and job controls.

Technical Implementation:
• Core extraction relies on LLM-driven entity and relation parsing with structured output prompts and schema validation using pydantic models.
• Gemini serves as the primary model with configurable model selection and retry/backoff parameters conceptually managed via environment configuration.
• Outputs include per-file {filename}_extracted.json and human-readable Markdown summaries; optional artifacts include Attack Flow JSON and CSV summaries.

Use Cases:
• Automating ingestion of vendor reports and feeds into CTI platforms.
• Producing detection rule candidates with supporting evidence for SOC engineers.
• Feeding structured ATT&CK flow artifacts into threat modeling and reporting pipelines.

Limitations:
• Dependence on external LLM access and model availability for parsing fidelity.
• Quality of extraction tied to input document clarity and LLM hallucination risk; validation via pydantic mitigates schema errors but not semantic gaps.
• No built-in deployment orchestration; environment-based configuration required conceptually for API keys and model selection.

References:
• pydantic schema validation
• MITRE ATT&CK mapping

🔹 tool #cti #pydantic #MITRE #LLM

🔗 Source: https://github.com/Blevene/standalone_tdo

Пробуем на вкус техники MITRE ATT&CK — T1547.001 Ключи запуска в реестре — Папка автозагрузки

Этой статьей я начинаю цикл «Пробуем на вкус техники MITRE ATT&CK». Суть данного цикла - изучать логи, сформированные одной из реализаций той или иной техники MITRE ATT&CK (далее MA). Необходимоеуточнение — не все реализации той или иной техники будут рассмотрены, так как я буду выбирать интересные лично для меня и, возможно, предложенные в комментариях.

https://habr.com/ru/articles/979656/

#SOC #ИБ #MITRE

I just completed #MITRE room on TryHackMe. Explore the various resources that MITRE has made available to the #cybersecurity community. https://tryhackme.com/room/mitre?utm_campaign=social_share&utm_medium=social&utm_content=room&utm_source=twitter&sharerId=60cb2598c59a6e0042c78aed #tryhackme via @RealTryHackMe

Mitre (MTRE3) aprova dividendos e divide pagamento em duas parcelas

🇧🇷 Leia mais: https://guiadoinvestidor.com.br/mercado/mitre-mtre3-aprova-dividendos-e-divide-pagamento-em-duas-parcelas/

#Mercado #Dividendos #Mitre #MTRE3

Inside the attack chain: Threat activity targeting Azure Blob Storage - https://www.redpacketsecurity.com/inside-the-attack-chain-threat-activity-targeting-azure-blob-storage/

#threatintel
#Azure Blob Storage
#Cloud Storage Security
#Microsoft Defender for Storage
#MITRE ATT&CK
#Threat Intelligence

Inside the attack chain: Threat activity targeting Azure Blob Storage - https://www.redpacketsecurity.com/inside-the-attack-chain-threat-activity-targeting-azure-blob-storage/

#threatintel
#Azure Blob Storage
#Cloud Storage Security
#Microsoft Defender for Storage
#MITRE ATT&CK
#Threat Intelligence

#MITRE shares 2025's top 25 most dangerous software weaknesses

https://www.bleepingcomputer.com/news/security/mitre-shares-2025s-top-25-most-dangerous-software-weaknesses/

#cybersecurity

2025 MITRE CWE Top 25, XSS still #1, w/ SQLi, CSRF, & broken/missing authorization close behind. “Basic” web security, access-control design, & memory-safety bugs (OOB, UAF, buffer overflows) are still where attackers win.🔗https://zurl.co/zwmI9 #MITRE #AppSec #CyberSecurity

#ENISA wird Root #CNA: Damit das globale Schwachstellenmanagement vereinheitlicht werden kann, müssen in einem geordneten Verfahren #CVE-IDs von den "CVE Numbering Authorities (CNAs)" vergeben werden.

Hierarchisch über den CNAs angeordnet sind sog. Root-CNAs. Dazu gehören #MITRE, #CISA, Google, Red Hat aus den USA, das japanische JPCERT/CC, das spanische INCIBE Cert sowie der #Thales Konzern aus Frankreich - und nun mit Umsetzung des #CRA auch die ENISA:

https://www.enisa.europa.eu/news/stepping-up-our-role-in-vulnerability-management-enisa-becomes-cve-root #cybersecurity

did the painting today - project shaping up #coped vs mitered joint #tightened 45.5 #compound miter #mitre

MITRE ATT&CK® https://attack.mitre.org/ #threatmodel #security #attack #threat #mitre

Зарегистрировал CVE спустя 13 лет

На одной из предыдущих работ нужно было собрать свои достижения в области кибербеза. У меня были различные найденные уязвимости. Но, я даже не знал: были ли им присвоены CVE? Я этим не занимался. Занимались ли вендоры - не в курсе. Тогда я вспомнил ситуацию с выявлением мной уязвимости в антивирусе Agnitum и взгрустнул: CVE не был зарегистрирован. Год назад я вспомнил эту историю и задумался: а можно ли оформить CVE сейчас, спустя 12 лет после обнаружения уязвимости? Ситуация осложнялась тем, что вендора уже много лет как нет. И его сайта, конечно, тоже. Но, раз вы читаете этот текст - то мне это удалось (за этот кейс я попал в топ-10 Pentest award 2025 - номинация "Раз bypass, два bypass"). Но, путь занял почти год. И вот как это было (спойлер: помог сервис WayBack).

https://habr.com/ru/articles/969172/

#cve #mitre #CVE202457695