-
CVE-2023-2727
Bypassing policies imposed by the ImagePolicyWebhook and bypassing mountable secrets policy imposed by the ServiceAccount admission plugin Go to Source
-
CVE-2023-2878
secrets-store-csi-driver discloses service account tokens in logs Go to Source
-
v16 Cloud Rebalancing, Analytics,
V16 Brings (Re)Balance: Restructured Cloud, New Analytics, and More Cybercriminals In v16, we’re all about balance — striking that perfect chord between familiar and pioneering to keep things real and actionable. This update fine-tunes how we cover cloud environments, finding equilibrium between depth and practicality to ensure it remains practical for defenders. As part of our balancing…
-
Introducing TAXII 2.1 and a fond farewell to the TAXII 2.0 Server
As mentioned in our 2024 Roadmap and the v15 release blog, we’re excited to introduce our new TAXII server and the latest addition to the ATT&CK Workbench software suite: the MITRE ATT&CK Workbench TAXII 2.1 Server. We’ve open-sourced the TAXII 2.1 code on GitHub, allowing you to set up your own servers within your organization…
-
ATT&CK v15 Brings the Action
ATT&CK v15 Brings the Action: Upgraded Detections, New Analytic Format, & Cross-Domain Adversary Insights v15 is all about actionability and bringing defenders’ reality into focus — we prioritized what you need to detect, and how you can do it more effectively with detection engineering upgrades, and deeper intelligence insights across platforms. This release also reflects the new…
-
ATT&CK 2024 Roadmap
Enhancing usability, expanding scope, optimizing defenses 2023 was dynamic year for ATT&CK. We marked a decade of progress since the framework’s inception and achieved some key milestones to make ATT&CK more accessible for a wider community. Our scope (slightly) expanded to encompass activities adjacent to direct Enterprise interactions, such as non-technical, deceptive practices and social…
-
ATT&CK v14 Unleashes Detection Enhancements, ICS Assets, and Mobile Structured Detections
Credit: https://flic.kr/p/dzyK9x CC BY-SA 2.0 ATT&CK has been brewing up something eerie for this Halloween — a release so hauntingly powerful that it will send a chill down the spine of even the most formidable adversaries. As v14 emerges from the depths, we’re proud to present a more robust and finely-tuned knowledge base. So, grab your flashlights and…
-
ATT&CK v13 Enters the Room
ATT&CK v13 Enters the Room: Pseudocode, Swifter Search, and Mobile Data Sources It’s not like a regular Tuesday, it’s a lucky Tuesday — ATT&CK v13 has arrived. As we outlined in our Roadmap, we’re working toward enhanced tools for lower-resourced defenders, improving ATT&CK’s website usability, enhancing ICS and Mobile parity with Enterprise, and evolving overall content and structure…