Month: April 2024

  • MITRE Got Popped; A Bit of Irony and Perspective

    MITRE Got Popped; A Bit of Irony and Perspective

    I know, “don’t kick someone when they are down“, but I have a history of working on a project that catalogs just such incidents. Yesterday, MITRE announced that they had been compromised by a nation-state actor, but didn’t provide much detail. Bleeping Computer reported that the compromise was due to a zero-day vulnerabilities in an…

  • A Glimpse Into the CISA KEV

    A Glimpse Into the CISA KEV

    On March 27, Elizabeth Cardona and Tod Beardsley gave a presentation at VulnCon 2024 about CISA’s KEV, or ‘Known Exploited Vulnerabilities’ list. This initiative was created as a result of BOD 22-01, which is a ‘Binding Operational Directive’ aimed at reducing the risk due to vulnerabilities that are known to be exploited in the wild,…