Enhancing usability, expanding scope, optimizing defenses 2023 was dynamic year for ATT&CK. We marked a decade of progress since the framework’s inception and achieved some key milestones to make ATT&CK more accessible for a wider community. Our scope (slightly) expanded to encompass activities adjacent to direct Enterprise interactions, such as non-technical, deceptive practices and social…

A Roadmap of 2023’s key efforts: From ICS Assets to more Linux and ATT&CKcon 4.0. It’s 2023 and we’re all a little older, including ATT&CK, which will be celebrating its 8th (!) release anniversary in a few short months. Last year we matured, expanded, deconflicted, and renovated the knowledge base, persevering through challenges to meet…

ATT&CK v13 Enters the Room: Pseudocode, Swifter Search, and Mobile Data Sources It’s not like a regular Tuesday, it’s a lucky Tuesday — ATT&CK v13 has arrived. As we outlined in our Roadmap, we’re working toward enhanced tools for lower-resourced defenders, improving ATT&CK’s website usability, enhancing ICS and Mobile parity with Enterprise, and evolving overall content and structure…

ATT&CK Goes to v11: Structured Detections, Beta Sub-Techniques for Mobile, and ICS Joins the Band These go to eleven By Adam Pennington and Jason Ajmo Right on cue, ATT&CK’s latest release is out, and this time we’ve gone to v11! If you’ve been following along with our roadmap there shouldn’t be any huge surprises in store, but we…

Introducing Campaigns to MITRE ATT&CK By: Amy Robertson, Jared Ondricek, and Matt Malone We’ve talked about building Campaigns into ATT&CK in our ATT&CK 2022 roadmap, at ATT&CKCon 3.0, and most recently on the SANS Threat Analysis Rundown but their release is now nigh! Our initial collection of Campaigns will be available starting with our ATT&CK v12 release…

Guest Post by ATT&CKcon 3.0 Keynote Speaker, Selena Larson Allan Pinkerton (Alexander Gardner — Library of Congress) At the onset of the Civil War, a man whose name would eventually become synonymous with famous American detectives was reportedly providing false reports to the Union’s top general. Allan Pinkerton, who once successfully smuggled Abraham Lincoln into Washington, D.C. to…

CVE ID : CVE-2024-56069 Published : Jan. 2, 2025, 10:15 a.m. | 16 minutes ago Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Azzaroco WP SuperBackup allows Reflected XSS.This issue affects WP SuperBackup: from n/a through 2.3.3. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS…

CVE ID : CVE-2024-56036 Published : Jan. 2, 2025, 10:15 a.m. | 16 minutes ago Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ondrej Donek odPhotogallery allows Reflected XSS.This issue affects odPhotogallery: from n/a through 0.5.3. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details,…

CVE ID : CVE-2024-56037 Published : Jan. 2, 2025, 10:15 a.m. | 16 minutes ago Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Md Maruf Adnan Sami User Referral allows Reflected XSS.This issue affects User Referral: from n/a through 8.0. Severity: 7.1 | HIGH Visit the link for more details,…

CVE ID : CVE-2024-56038 Published : Jan. 2, 2025, 10:15 a.m. | 16 minutes ago Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SendSMS allows Reflected XSS.This issue affects SendSMS: from n/a through 1.2.9. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products,…