Does anyone know if the funding issues at #MITRE also compromise (future) #mitreattack development and maintenance?
This as a follow-up question to the whole #CVE snafu.
Recent searches
Search options
#mitre
1 post1 participant0 posts today
Updates from the #CVEFoundation
Representatives from the CVE Foundation met with representatives from CISA on 4/24/2025. The talks were positive and encouraging. All parties wish to keep the conversation and progress moving forward.
www.thecvefoundation.orgCVE Foundation - NewsReleased: April 25, 2025
Representatives from the CVE Foundation met with representatives from CISA on 4/24/2025. The talks were positive and encouraging. All parties wish to keep the conversation and progress moving forward.
Crypters And Tools. Часть 2: Разные лапы — один клубок
Всем салют! Вновь на связи киберразведчики из экспертного центра безопасности (PT ESC) с новой порцией находок, связанных с Crypters And Tools. В первой части мы рассказали о крипторе, который мы обнаружили в процессе исследования атак различных группировок. Отчет концентрировался на внутреннем устройстве и инфраструктуре самого криптора. В этой части мы расскажем о хакерских группировках, которые использовали его в атаках, их связях, уникальных особенностях, а также о пользователях Crypters And Tools, часть из которых связана с рассматриваемыми группировками.
ХабрCrypters And Tools. Часть 2: Разные лапы — один клубокСодержание Ключевые находки Введение Группировки, использующие Crypters And Tools в атаках PhaseShifters, UAC-0050 и PhantomControl Особенности группы TA558 и ее отличия от инфраструктуры Blind Eagle...
I recorded a brief video, walking through some of the different functions in MalChela in the new GUI, stepping through basic static analysis to yara rule writing - all in minutes. https://youtu.be/hI1EqojI1DA
#DFIR #MalwareAnalysis #YARA #MITRE #Rust
MalChela: https://github.com/dwmetz/MalChela
youtu.be- YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
Neu im Research-Blog: Rolling in the Deep (Web) - Lazarus Tsunami
Bei der Unterstützung eines Kunden konnte HiSolutions umfangreiche Teile des #Malware-Frameworks #Tsunami sicherstellen, analysieren und damit den Angriffsweg der laufenden „Contagious Interview“-Kampagne der Angreifergruppe #Lazarus rekonstruieren.
Für Betroffene enthält unser Artikel alle technischen Details inklusive YARA-Regeln und IoC zur Entdeckung einer Infektion sowie einer Abbildung der genutzten Tools und Techniken auf die #MITRE ATT&CK Matrix.
Zum Blog-Beitrag: 
https://research.hisolutions.com/2025/04/rolling-in-the-deepweb-lazarus-tsunami/
Continued thread
#CVE fallout: The splintering of the standard #vulnerability tracking system has begun
Earlier this week, CVE program faced doom as the #US #government discontinued funding for #MITRE, the non-profit that operates the program. Uncle Sam U-turned at the very last minute.
Meanwhile, the #EU is rolling its own. #EuropeanUnion Agency for #Cybersecurity (#ENISA) developed and maintains this alternative, which is known as the #EUVD, or the European Union Vulnerability Database.
https://www.theregister.com/2025/04/18/splintering_cve_bug_tracking/
The Register · CVE fallout: The splintering of the standard vulnerability tracking system has begun
This Week in Security: No More CVEs, 4chan, and Recall Returns - The sky is falling. Or more specifically, it was about to fall, according to the s... - https://hackaday.com/2025/04/18/this-week-in-security-no-more-cves-4chan-and-recall-returns/ #thisweekinsecurity #hackadaycolumns #securityhacks #recall #mitre #vibes #news #cves
Hackaday · This Week In Security: No More CVEs, 4chan, And Recall ReturnsThe sky is falling. Or more specifically, it was about to fall, according to the security community this week. The MITRE Corporation came within a hair’s breadth of running out of its contrac…
As part of the 2022 EU NIS2 directive, the EU agency for cybersecurity (ENISA) has been setting up the EU Vulnerability Database (EUVD) at https://euvd.enisa.europa.eu/ (now in beta).
Started as a collaboration with MITRE's authoritative CVE database, EUVD may now end up replacing it, as US funding for the CVE database has stopped.
euvd.enisa.europa.euVulnerability DatabaseWeb site created using create-react-app
Saved at the final hour!
Security Database Used by Apple Goes Independent After Funding Cut [Updated]
https://www.macrumors.com/2025/04/16/security-database-used-apple-goes-independent/
The US Cybersecurity and Infrastructure Security Agency (CISA) has moved to secure continued operations of the Common Vulnerabilities and Exposures (CVE) programme by extending its contract with MITRE, preventing a potentially disruptive lapse in critical cybersecurity services.
https://www.computing.co.uk/news/2025/security/cisa-extends-mitre-s-bug-tracking-funding-for-now
www.computing.co.ukCISA extends MITRE's CVE bug tracking funding – for nowRelents at the last moment to avert disruption to critical cybersecurity infrastructure
After the #MITRE #CVE DB funding scare of a couple of days, it seems that the problem is apparently solved, for now: https://www.bleepingcomputer.com/news/security/cisa-extends-funding-to-ensure-no-lapse-in-critical-cve-services/
CVE Database Saved: Critical Cybersecurity Resource Gets 11-Month Extension
#CVE #CyberSecurity #CISA #VulnerabilityManagement #InfoSec #CyberThreats #MITRE #CVEExtension #CyberDefense #TechNews #CVEProgram #CWE #SecurityUpdate #CyberCommunity #DataProtection
Read Full Article :-
https://www.techi.com/us-extrends-support-save-mitre-cve-database/
It's alive! The CVE Program has secured another 11 months of funding, which can now be used to establish alternatives and secure other sources of funding.
#MITRE published already a few new #CVEs today, like this privilege escalation in the Nullsoft Scriptable Install System: https://fieldguide.lutrasecurity.com/CVE-2025-43715/
fieldguide.lutrasecurity.comCVE-2025-43715
Nach dem gestrigen Schock und der drohenden CVE-Abschaltung hat die US-Regierung die Finanzierungsvereinbarung mit der #MITRE Corporation im so ziemlich letzten Moment verlängert.
Im Nachgang an den gestrigen Tag ergeben sich durchaus Parallelen zur bisherigen Trump'schen Salamitaktik in Fragen der nationalen Digitalregulierung mit außenpolitischer Relevanz.
Viel deutlicher als gestern konnte der Weckruf für die EU wohl nicht sein, eigene Wege zu finden und zu gehen.
heise online · CVE-Aus abgewendet, Schwachstellendatenbank der EU geht an den Start
CISA Extends Funding for Critical CVE Program Amid Uncertainty
In a last-minute decision, the Cybersecurity and Infrastructure Security Agency has renewed its funding for the Common Vulnerabilities and Exposures (CVE) Program, vital for global cybersecurity. This...
https://news.lavx.hu/article/cisa-extends-funding-for-critical-cve-program-amid-uncertainty
#CISA's 11-Month extension ensures continuity of #MITRE's CVE Program
https://securityaffairs.com/176608/security/cisas-11-month-extension-ensures-continuity-of-mitres-cve-program.html
#securityaffairs #hacking
Security Affairs · CISA's 11-Month Extension Ensures Continuity of MITRE's CVE ProgramMITRE’s U.S.-funded CVE program, a core tool for tracking vulnerabilities, faces funding expiry Wednesday, risking to impact global security.
Continued thread
In the very last minute, CISA extends funding to ensure 'no lapse in critical CVE services' for the next 11 months. Potential catastrophe of epic proportions averted....for now.
#CVE-Aus abgewendet, #Schwachstellendatenbank der #EU geht an den Start
"Entscheidung in letzter Minute - offenbar geht der Vertrag zwischen #CISA und #MITRE in die Verlängerung. Mehrere Initiativen präsentieren derweil Alternativen.
Die US-Cybersicherheitsbehörde CISA hat den Vertrag mit der MITRE Corporation, Betreiberin der CVE-Datenbank, offenbar in allerletzter Sekunde verlängert..."
https://www.heise.de/news/Nach-drohendem-CVE-Aus-Schwachstellendatenbank-der-EU-geht-an-den-Start-10354324.html
heise online · CVE-Aus abgewendet, Schwachstellendatenbank der EU geht an den Start