Exploit for Out-of-bounds Write in Fortinet Fortiproxy

watchpost Local threat intelligence database. Aggregates data...

Turning threat reports into detection insights with AI

Security teams routinely need to transform unstructured threat knowledge, such as incident narratives, red team breach-path writeups, threat actor profiles, and public reports into concrete defensive action. The early stages of that work are often the slowest. These include extracting tactics,...

Automated Attack Testflow Extraction from Cyber Threat Report Using BERT for Contextual Analysis

In the ever-evolving landscape of cybersecurity, the rapid identification and mitigation of Advanced Persistent Threats APTs is crucial. Security practitioners rely on detailed threat reports to understand the tactics, techniques, and procedures TTPs employed by attackers. However, manually...

Uncovering Reliable Indicators: Improving IoC Extraction from Threat Reports

Indicators of Compromise IoCs are critical for threat detection and response, marking malicious activity across networks and systems. Yet, the effectiveness of automated IoC extraction systems is fundamentally limited by one key issue: the lack of high-quality ground truth. Current extraction too...

Towards Effective Identification of Attack Techniques in Cyber Threat Intelligence Reports Using Large Language Models

This work evaluates the performance of Cyber Threat Intelligence CTI extraction methods in identifying attack techniques from threat reports available on the web using the MITRE ATT&CK framework. We analyse four configurations utilising state-of-the-art tools, including the Threat Report ATT&CK...

Microsoft Defender Experts for Hunting proactively hunts threats

Today, we announced the general availability of Microsoft Defender Experts for Hunting to support organizations and their cybersecurity employees with proactive threat hunting. Defender Experts for Hunting was created for customers who have a robust security operations center but want Microsoft t...

Rapid7 2021 Wrap-Up: Highlights From a Year of Empowering the Protectors

Now that 2022 is fully underway, it's time to wrap up some of the milestones that Rapid7 achieved in 2021. We worked harder than ever last year to help protectors keep their organization's infrastructure secure — even in the face of some of the most difficult threats the security community has...

Excerpts from: Using the ATT&CK™ Framework to Mature Your Threat Hunting Program

Every threat hunt starts with intelligence. As one of the industry’s most comprehensive knowledge bases for adversary behavior, ATT&CK provides a structure for hunters to build their hypotheses and search for threats. Recently Carbon Black, Red Canary and MITRE teamed up for the webinar, Using th...

IT Threat GeoDashboard: Suspicious

IT Threat GeoDashboard Suspicious is a combination of Open Source software configured to give end users a view on IT threats over an interactive geographical dashboard. You’ll just need an Internet Browser to access the dashboard. This application has been build on a GNU/Linux environment and may...

RSA 2010: Top 15 Conference Sessions You Shouldn't Miss

The RSA security conference is known for being a vendor-heavy, corporate-speak shindig that lacks quality content. I disagree. I spent some time perusing the conference agenda this year and found 15 must-attend sessions: 1. The Seven Most Dangerous New Attack Techniques and What Is Coming Next...