All news with #mitre att ck tag

🔍 The Cisco Talos Year in Review synthesizes vast telemetry and Talos IR casework into practical intelligence for defenders. Incident responders should use the report to build realistic tabletop scenarios, validate detections, and stress-test IR plans focusing on dominant TTPs such as valid account abuse, credential dumping, and MFA bypasses. Map findings to MITRE ATT&CK and prioritize vulnerabilities and detections accordingly. It also highlights evolving phishing themes and nascent AI-enabled threats that should shape training and threat-hunting priorities.

🔎 Unit 42 demonstrates a practical method to map cloud alert events to MITRE ATT&CK tactics and techniques and use the resulting alert patterns as operational fingerprints for known threat actors. The study examined alerts from cloud providers, containers, cloud-hosted applications, and SaaS across 22 industries between June 2024 and June 2025. Comparing cybercrime actor Muddled Libra and nation-state group Silk Typhoon, researchers found distinct, identifiable alert fingerprints and recommend proactive monitoring and mitigation, including Cortex Cloud runtime detection.

🔍 Microsoft Defender Security Research Team describes an AI-assisted workflow that converts unstructured threat reports into actionable detection insights. The system uses LLMs with Retrieval Augmented Generation to extract candidate TTPs, metadata, and required telemetry, then normalizes behaviors to MITRE ATT&CK. Extracted TTPs are compared to a standardized detection catalog via vector similarity search and LLM validation to surface likely coverage and gap recommendations. Human-in-the-loop review, deterministic prompts, and evaluation loops are emphasized to ensure accuracy before operational changes.

🔐 MITRE released the 2025 CWE Top 25 list after scoring 39,080 CVE records reported between June 1, 2024 and June 1, 2025, highlighting the most severe and prevalent software weaknesses. Cross-Site Scripting (CWE-79) remains at the top, while several flaws — including buffer overflows and missing authorization/authentication — climbed the rankings or appeared as new entries. MITRE and CISA urge organizations to adopt Secure by Design practices and integrate the list into application security testing and vulnerability management.

🔐 Organizations face rising complexity as AI and sprawling systems make policy and compliance management touch every application. Deloitte has helped industrial and financial customers by linking named users to accounts, surfacing privileged and unvaulted accounts, and automating contact and remediation to reduce manual work. That improved SOC telemetry and cut time mapping incidents to MITRE ATT&CK. Meanwhile, apexanalytix uses Azure Active Directory and conditional access to detect risky sign-ins, impossible travel, and enforce geographic boundaries.

🔒 The CrowdStrike Falcon platform achieved 100% detection, 100% protection, and zero false positives in the 2025 MITRE ATT&CK® Enterprise Evaluations, which for the first time assessed cross-domain tactics across endpoint, identity, and cloud. Falcon delivered technique- and sub‑technique-level detail and real-time cloud prevention. The outcome highlights AI-native prevention with unified telemetry and automated response across domains.

🔗 The article argues that traditional threat feeds no longer suffice in modern, interconnected environments and proposes a Unified Linkage Model (ULM) to transform static indicators into dynamic threat flows. ULM defines three core linkage types — adjacency, inheritance and trustworthiness — to map how risk propagates across systems. It outlines practical steps to ingest and normalize feeds, establish and score linkages, integrate with MITRE ATT&CK and risk frameworks, and visualize attack pathways for prioritized response and compliance.

🔍 Acronis TRU describes practical VirusTotal hunting techniques used to track the FileFix ClickFix variant, the long-running SideWinder actor, and the Shadow Vector SVG campaign targeting Colombian users. Using Livehunt, content-based YARA rules, VT Diff, and metadata pivoting, analysts located clipboard-based web payloads, document exploits (CVE‑2017‑0199/11882), and judicial-themed SVG decoys. The post emphasizes iterative rule tuning, retrohunt for timelines, and infrastructure pivots that convert fragmented indicators into actionable intelligence.

🛡️ Continuous purple teaming unites offensive and defensive functions into a collaborative, repeatable cycle that turns testing into measurable defense improvement. Using Breach and Attack Simulation (BAS), teams automate emulations mapped to MITRE ATT&CK, safely execute simulated payloads, and instantly score prevention, detection, and response. That evidence-driven loop—attack, observe, fix, validate, repeat—reduces noise, prioritizes real risk, and accelerates remediation. With careful AI assistance and a curated BAS library, organizations can validate controls continuously and focus on the highest-impact gaps.

🔍Three major cybersecurity vendors — Microsoft, SentinelOne and Palo Alto Networks — have declined to participate in the 2025 MITRE Engenuity ATT&CK Evaluations: Enterprise, citing a need to prioritize product development and innovation. Their exits, after strong 2024 performances, have sparked debate over the tests' scope and whether they encourage PR-driven preparation. MITRE says it will revive a vendor forum for 2026 to improve engagement.

🔐 Amazon GuardDuty centralizes continuous threat detection across AWS using AI/ML and integrated threat intelligence. It offers optional protection plans—S3, EKS, Runtime Monitoring, Malware Protection for EC2 and S3, RDS, and Lambda—that extend detections to service-specific telemetry and runtime behaviors. Built-in Extended Threat Detection correlates signals into high-confidence attack sequences and maps findings to MITRE ATT&CK, providing prioritized remediation guidance.