CVSS v4.0 Turns One Year Old
Mon, 04 Nov 2024 00:30:00 +0000
FIRST and the CVSS Special Interest Group (SIG) would like to wish a very happy first birthday to the newest version of CVSS, version 4.0!
Mon, 04 Nov 2024 00:30:00 +0000
FIRST and the CVSS Special Interest Group (SIG) would like to wish a very happy first birthday to the newest version of CVSS, version 4.0!
Mon, 23 Sep 2024 00:30:00 +0000
We’re expecting 9006 +/- 1259 vulnerabilities this quarter, as we close out the year.
Fri, 28 Jun 2024 10:30:00 +0000
The 36th annual FIRST Conference, "FIRSTCON24," was held from June 9 to 14, 2024, in Fukuoka, Japan. This marked the first time in 15 years that the conference was hosted in Japan, with the last event taking place in Kyoto in 2009. The conference saw a remarkable turnout with 997 participants from 99 countries and regions.
Fri, 21 Jun 2024 10:30:00 +0000
In this report, CyCraft research team analyzes 27 listed companies in Taiwan, Level-A government agencies and healthcare institutions, covering 46 AD Domains, with 1,057,000 objects included.
Wed, 29 May 2024 00:30:00 +0000
As usual we like to verify our previous forecast before we make the next one. Due to travel, I must do this a few days before I should (normally on the 1st of June).
Thu, 25 Apr 2024 10:30:00 +0000
So what are we expecting in terms of numbers of CVEs this quarter?
Thu, 11 Jan 2024 10:30:00 +0000
Every year we make a prediction to the number of vulnerabilities we expect to see published by NVD. We define this as the number published between New Year’s Day in 2023 to New Year’s Eve 2023, which is not the same as CVE’s that begin with 2023 as an identifier.
Fri, 22 Dec 2023 10:30:00 +0000
Back in the early days of the Internet, when everybody knew everybody, the way that you validated yourself to a Certificate Authority (CA) for an X509 certificate for Secure Sockets Layer (SSL) was to send a fax on company letterhead.
Wed, 22 Nov 2023 18:00:00 +0000
Over two days in late September, attack surface management teams, incident responders, data scientists, and vulnerability management practitioners gathered in Cardiff, Wales.
Fri, 14 Jul 2023 00:01:00 +0000
In today's rapidly evolving digital landscape, the need for robust cybersecurity solutions has never been more critical.
Fri, 30 Jun 2023 00:01:00 +0000
Sadly, this year I wasn't able to join everyone at the Annual FIRST Conference in Montreal. By all accounts it was a brilliant time and I'm genuinely jealous of everyone who got to be there - especially the DNS Abuse SIG members who got to meet up in person.
Fri, 02 Jun 2023 00:01:00 +0000
National CERT and CSIRT teams regularly need to write alerts on upcoming CVEs, and might want to know how many alerts to expect to write.
Thu, 01 Jun 2023 00:01:00 +0000
Adobe has long focused on establishing a strong foundation of cybersecurity, built on a culture of collaboration, multiple capabilities, and deep engineering prowess. We aim to take a proactive approach to defending against security threats and issues and continuously monitor the threat landscape, learn from, and share our learnings with security experts around the world, and feed information back to our development teams to strengthen our products.
Fri, 12 May 2023 16:00:00 +0000
It’s with great sadness that we learned Andrew Cormack had passed away in April. Andrew was more than just an expert. His curious and open mind inspired many in our community.
Fri, 05 May 2023 00:00:00 +0000
People have become the main driver for breaches but the human factors remain insufficiently addressed in the IT security sector. We are working on changing that.
Wed, 01 Mar 2023 00:00:00 +0000
The DNS Abuse SIG is very pleased to announce the publication of the DNS Abuse Techniques Matrix, the work of many months and a great number of people from various parts of the security and DNS worlds.
Thu, 23 Feb 2023 00:00:00 +0000
"Long time no see!” was the most popular phrase at the TF-CSIRT – FIRST Regional Symposium in Bilbao, Spain. And it has been a long time indeed – last time we met all together was in Malaga in 2020. We had some virtual events in the meantime, but it was certainly nice to see old faces and meet new colleagues in real life. The first joint post-pandemic event took place from 30th of January to 2nd of February, kindly hosted by the Basque Cybersecurity Centre.
Thu, 27 Oct 2022 00:00:00 +0000
In September, ICANN invited me to talk about DNS Abuse at the ICANN75 AGM in Kuala Lumpur, Malaysia. It was a great success! My presentation ‘The Challenge of Defining DNS Abuse’ was well received, and many attending industry specialists asked good questions, especially about FIRST's work. I made many valuable connections, including people from ICANN, the DNS Abuse Institute, registries, registrars, CERTs, commercial companies, government organizations, and many more.
Fri, 05 Aug 2022 00:00:00 +0000
The European Union Agency for Cybersecurity is dedicated to achieving a high common level of cybersecurity across Europe. For more than 15 years, ENISA has played a key role in enabling digital trust and security across Europe, together with its stakeholders including the Member States and EU bodies and agencies.
Fri, 29 Jul 2022 00:00:00 +0000
With the recent release of the 2022 Unit 42 Ransomware Threat Report, we thought it would be a good time to take a quick look at ransomware activity that we’ve seen so far in 2022.
Fri, 22 Jul 2022 00:00:00 +0000
Just a few years ago, security orchestration, automation and response (SOAR) was the new buzzword associated with security modernization. Today, however, SOAR platforms are increasingly assuming a legacy look and feel. Although SOARs still have their place in a modern SecOps strategy, the key to driving SecOps forward today is no-code security automation. Read on to learn what lightweight security automation means, how it compares to SOAR and why SOARs alone won’t help you stay ahead of today’s security threats.
Fri, 15 Jul 2022 00:00:00 +0000
I want the needle, and the haystack to go along with it. Attackers take advantage of siloed data and security tools to exploit systems using misconfigurations and move laterally. This lateral movement across different attack surfaces has attackers flowing between the control plane and data plane of your environment to escalate privileges and seek out targeted access.
Thu, 19 May 2022 13:00:00 +0000
DNS Abuse is a pretty widely used term. On the surface, it might seem like a simple term that's easily understood. But when you look more closely, the definition depends on your perception of the issue—and can be defined both broadly, or more narrowly.
Thu, 28 Apr 2022 01:00:00 +0000
I had the absolute pleasure of participating in and attending the recent FIRST Technical Colloquium at the W Hotel in Amsterdam, Netherlands, April 12–14. It was great to see nearly 100 people attend and over 50 people participating in training at this long-awaited in-person event. The program featured 17 speakers and two on-site trainers who held several popular workshops.
Thu, 24 Feb 2022 16:00:00 +0000
FIRST encourages states to not attack CSIRTs and critical infrastructure
Wed, 05 Jan 2022 00:00:00 +0000
Every incident response team globally is facing a serious increase of workload. As attackers scan and penetrate networks via automation, so must defenders look at automation.
Tue, 07 Dec 2021 17:00:00 +0000
Last month, I was honored to be one of the planners and participants of the FIRST Technical Colloquium (TC) in Norway. Organized by FIRST members, the event was held just outside of Oslo at the Telenor Expo, Telenor headquarters in Fornebu.
Mon, 02 Aug 2021 00:00:00 +0000
Mon, 26 Jul 2021 00:00:00 +0000
Hunting a Zero day!
Mon, 19 Jul 2021 00:00:00 +0000
Mon, 12 Jul 2021 00:00:00 +0000
Thu, 28 Jan 2021 17:00:00 +0000
Together, We’re Creating Better Threat Intelligence Sharing for the World
Mon, 11 Jan 2021 17:00:00 +0000
This evolving and brutally effective threat can have a significant impact on an organization’s resources, finances, and reputation, but it can be stopped
Mon, 04 Jan 2021 17:00:00 +0000
Cyber Threat Intelligence (CTI) practitioners can gain insight into adversary operations by tracking conflicts or geopolitical tensions. Similar to a “follow the money” approach in criminal investigations, looking at conflict zones can reveal cyber capabilities deployed as part of events —either by the parties to the conflict itself, or third parties interested in monitoring events for their own purposes.
Mon, 21 Dec 2020 17:00:00 +0000
Mon, 14 Dec 2020 17:00:00 +0000
Cyber Threat Intelligence (CTI) practitioners can gain insight into adversary operations by tracking conflicts or geopolitical tensions. Similar to a “follow the money” approach in criminal investigations, looking at conflict zones can reveal cyber capabilities deployed as part of events —either by the parties to the conflict itself, or third parties interested in monitoring events for their own purposes.
Mon, 07 Dec 2020 17:00:00 +0000
Last weekend we issued a ransomware alert about a wave of attacks using a never-seen-before strain dubbed ‘Pay2Key.’ Our investigation suggested the ransomware operators were mostly targeting Israeli companies. The ransomware used in the attacks spread rapidly across victims’ networks, leaving significant parts of the network encrypted along with a ransom note, threatening to leak stolen corporate data unless the ransom is paid.
Mon, 18 May 2020 15:00:00 +0000
Coordinated Vulnerability Disclosure is hard: Here is what to do about it.
Thu, 24 Jan 2019 14:00:00 +0000
Hopefully what we’ve outlined as suggested services and functions a PSIRT could offer at the various stages of their development will be helpful and inspires your team to raise their game.
Wed, 23 Jan 2019 14:00:00 +0000
Are you mature, are you immature - what are you? Maturity Level 2 is about adapting the ad-hoc PSIRT strategies into full blown policies and processes.
Tue, 22 Jan 2019 14:00:00 +0000
To start you on your path to PSIRT goodness, you’ll want to read and digest the PSIRT Maturity Document created by your friendly global FIRST PSIRT representatives. And what’s a better place to start than at the beginning?
Mon, 21 Jan 2019 14:00:00 +0000
The right place to get your fill on how to make a world-class Product Security Incident Response Team.
Mon, 29 Oct 2018 19:00:00 +0000
An organizers view on the 2018 Oslo Technical Symposium
Mon, 29 Oct 2018 19:00:00 +0000
Alexander Jaeger shares his expirience after 100 days being on the board of directors of FIRST.
Sat, 22 Sep 2018 10:00:00 +0000
Maarten Van Horenbeeck, Board Member of FIRST, delivers a statement to the Global Commission on the Stability of Cyberspace, in Singapore.
Mon, 23 Apr 2018 10:00:00 +0000
Klée Aiken, APNIC's External Relations Manager, shares his views on cyber norms and how they will impact incident responders.
Thu, 12 Apr 2018 07:00:00 +0000
Background on the issue
Tue, 10 Apr 2018 07:00:00 +0000
CERT NZ describes how important the usage of WHOIS is during an incident investigation.
Tue, 27 Mar 2018 10:00:00 +0000
Microsoft's Principal Security Program Manager, Jerry Bryant, discusses a long history of building trust and engagement in security.
Sat, 06 Jan 2018 10:00:00 +0000
An overview of the Global Conference on Cyberspace, and the work FIRST does in the policy community.
Mon, 11 Dec 2017 13:00:00 +0000
EUrope is in the course of introducing completely new legisaltion regulation privacy and data protection. Much of the data that CSIRTs use potentially is affected by this.
Mon, 27 Nov 2017 10:00:00 +0000
As the internet becomes imorteant in every more areas of our daily lifes ways need to be found to ensure resilience. The by far most important to achieve cyber resilience is collaboration across boarders.
Mon, 06 Nov 2017 16:00:00 +0000
The FIRST tech team is re-working a lot of things behind the scenes. Some insights from the frontier.
Wed, 01 Nov 2017 02:00:00 +0000
Recent updates from the Board of Directors about recent activities and an outlook what we are currently working on.
Thu, 19 Oct 2017 10:00:00 +0000
For the longest time the growing Internet and digital communication was hailed as the path to a new and better world. But poorer countries where mostly left out from the benefits. Serge Droz writes about how FIRST delivers training in these regions.
Sat, 17 Jun 2017 10:00:00 +0000
The FIRST Conference’s Keynote sessions concluded today with a presentation by Brian LaMacchia, Director of the Security & Cryptography group within Microsoft Research (MSR). In this department, his team conducts basic and applied research and advanced development.
Fri, 16 Jun 2017 01:00:00 +0000
Day four of the FIRST Conference began with a keynote presentation by Martijn de Hamer, the head of the National Cyber Security Operations Center (NCSOC) at the National Cyber Security Center (NCSC-NL) in the Netherlands. After having had various roles in the field of information security, de Hamer first started working for NCSC-NL (previously GOVCERT.NL) in 2005. Additionally, he is active in the field of CSIRT maturity and other aspects of CSIRT capacity building.
Thu, 15 Jun 2017 23:55:00 +0000
Day 3 of the FIRST Conference got started with keynote speaker Florian Egloff. Florian Egloff is a Clarendon Scholar, a D. Phil (PhD) Candidate in Cyber Security at the Centre for Doctoral Training in Cyber Security at the University of Oxford, and a Research Affiliate at the Cyber Studies Programme at Oxford University's Department of Politics and International Relations. He is currently working on his thesis entitled "Cybersecurity and non-state actors: a historical analogy with mercantile companies, privateers, and pirates."
Tue, 13 Jun 2017 23:00:00 +0000
Day 2 of the FIRST Conference got started with keynote speaker Darren Bilby, a manager in Google’s Enterprise Infrastructure protection team, who is also a staff security engineer and self-described digital janitor. A 10-year veteran at Google, Bilby was the tech lead for Google’s Global Incident Response Team for six years, managed Google's European detection team in Zürich for two years and has also worked as a software engineer building out Google’s security tools. He was also the founder and a core developer of the open source GRR Incident Response project.
Tue, 13 Jun 2017 15:00:00 +0000
FIRST's Annual Conference kicked off on Monday morning, June 12th of 2017 with its opening keynote speaker, Facebook Chief Security Officer (CSO) Alex Stamos. As security lead for one of the world’s most noted companies, Stamos began his lecture with some of the biggest security challenges Facebook deals with.
FIRST runs a blog open to members and invited guest authors. It publishes contributions relevant to incident responders. Articles should focus on general topics interesting to members. It will not be used to promote individual organisations, products or services. If you are interested in contributing, please get in touch with first-blog@first.org.
Learn more about the Forum of Incident Response and Security Teams through regular blog posts about our organization, events and other programs. Questions or comments? Contact first-press@first.org.
RDF Site Summary (RSS) is a lightweight multipurpose extensible metadata description and syndication format.
Subscribe to the FIRST Blog using our RSS feed:
RSS 2.0