This blog brings talks about the challenges that exist in mapping CWEs to CAPEC using MITRE and ATT&CK
All CVEs mentioned in this blog edition have received a maximum rating from the Threat Intelligence platform indicating high probability of exploitation.
Apache Log4j vulnerability CVE-2021-44228 is a critical zero-day code execution vulnerability with a CVSS base score of 10. This weakness poses a significant risk to many applications and cloud services and it needs to be patched right away!
Atlassian zero-day vulnerability that has been exploited in the wild is tagged as CVE-2022-26134. This is a critical unauthenticated, remote code execution vulnerability that affects all Atlassian Confluence and Data Center 2016 servers after version 1.3.0.
CSW’s quarterly report on ransomware metrics reveals that three new APT groups are using ransomware to mount attacks on their targets, bringing the total number of APT groups using ransomware to 43. Read more on them here.
Securin's AI-based vulnerability and threat intelligence delves deep into the vulnerabilities exploited by APT groups
This bulletin covers Securin's research on the cyberwar, in particular the ransomware and malware threats that are spawning out of the Russia-Ukraine conflict.
Securin's analysis of the threat groups and tools playing a role as threats in this cyber war between Russia and Ukraine
Conti has been one of the most prolific ransomware groups in 2022. Organizations need to prioritize patching for these vulnerabilities in order to avoid large-scale attacks.
Cyber Security Works researchers analyzed the data further by comparing the CVEs with some of the popular scanners (Nessus, Qualys, and Nexpose) and observed that they missed to detect 21 vulnerabilities tied to ransomware strains.
Cybersecurity is a priority in education due to the lack of resources and continual ransomware attacks. CISA’s new K-12 Cybersecurity Act will research and develop tools to help schools become more secure against cyberattacks.
A directive recently released by the US government-backed Cybersecurity and Infrastructure Security Agency has a list of 703 known vulnerabilities that organizations have been asked to focus on patching immediately. Amongst them, 158 vulnerabilities have been identified as being exploited actively by various ransomware families. Read on to learn more about the vulnerabilities.