The MITRE ATT&CK framework, a key resource for helping organizations defend against cyberattacks, is critical to advancing cybersecurity research. The MITRE Engenuity Center for Threat-Informed Defense’s public library of adversary-specific emulation plans has become a valuable component of the ATT&CK framework. Each plan in the library provides comprehensive ATT&CK tactics and techniques employed by well-known adversaries.

This month's release rollup for product updates and enhancements includes the SANS Institute Report, Egnyte Sign, and Rules-based Metadata. Below is a summary of these and other new releases. Visit the articles linked below for more details.

Detect & stop black hat hackers with honeytokens. Placed in datasets, these mimic real data, triggering alerts upon interaction. Bolster your cybersecurity now!

Every time you deploy a new Cisco device, whether to handle network growth or as part of a product refresh cycle, someone needs to configure it to meet your unique needs. But configuring switches or routers is not a one-time event — support teams often need to add a new VLAN, change an access port to a trunk or add a new route to the routing table.

The 60-day comment period begins for the new proposed CMMC rule published in the Federal Register. The Department of Defense’s CMMC program office has broken its silence for the long awaited publishing of its new Proposed CMMC Rule on December 26th in the Federal Register.

Antivirus software has been around for decades and you might be wondering if you still need it. The answer is yes, you still need antivirus software to protect your internet-connected devices. In the past, antivirus software was necessary to browse the internet safely. However, devices have improved their security measures recently, making antivirus software seem unnecessary.

In the dynamic world of cybersecurity, choosing the right platform can be pivotal for an organization’s digital safety. As we delve into 2024, two major players, SecurityScorecard and UpGuard, continue to make waves. This in-depth review compares these two companies and highlights how SecurityScorecard’s offerings often outshine those of UpGuard.

This week caps off our year of cyber breaches; in this week alone, we saw millions of records stolen, targeted health providers, mortgage servicers crumble, and the return of a year-old breach. ESO Solutions made the news first, reporting 2.7 million patient records stolen from their emergency response software. HealthEC was featured in our reporting soon after, announcing a 112k record data breach from their health analytics platform.

National Amusements (NA) is in Norwood, Massachusetts. They are the majority shareholder for media sources, including CBS, Viacom, and Paramount. They operate thousands of movie theaters nationwide, including Showcase SuperLux, Cinema de Lux, Showcase Cinemas, and Multiplex Cinemas. NA’s widespread ties to the entertainment and news cycles may have made it a target. In December 2022, NA suffered a network breach; its report is one of the last to appear in the final days of 2023.

Welcome to Hardening Graylog, where we will help you encryptify your log supply. In this blog post, we will explore the importance of using Transport Layer Security (TLS) to secure your Graylog deployment. We will walk you through the steps to configure Graylog with certificates and keys, secure the Graylog web interface, and protect the communication between Graylog and OpenSearch backend. By the end of this blog post, you will have a fully secure and trusted log management system.