Threat Intel Updates - Nov 2023
  • 1 Minute to read
  • PDF

Threat Intel Updates - Nov 2023

  • PDF

Article Summary

Threat Intel Updates - 22nd Nov 2023

To ensure your SAFE platform is assessing risks based on our most recent threat intelligence, SAFE has made the following updates:

  • Technique mapping added/updated for 1315 CVEs - Refer to List 1.
  • Updated CISA KEV CVEs - as of 1st Nov 2023 - Refer to List 2.
  • CVE registered on NVD as of 1st Nov 2023.
  • List 3 below indicates CVEs in NVD that have been assessed but may be subject to future review.
  • Added 15 additional "Known Hacks" Risk Scenarios
    • LastPass Breach
    • Target Breach
    • Adobe Breach
    • Uber Technologies Breach
    • Cisco Breach
    • Saudi Aramco Breach
    • CVS Health Breach
    • ICBC Bank Breach
    • Henry Schein Breach
    • McLaren Health Breach
    • Danish Infrastructure Breach
    • Walmart Breach
    • Equifax Breach
    • WannaCry Attack
    • Boeing Breach

Your SAFE score could be affected by these updates if your assets are discovered to be impacted by recently identified CVEs or TTP mappings or if you have existing Controls, CVEs, or TTP mappings that have been modified.

List 1: CVE Added/Updated - 22nd Nov 2023

 

Your browser does not support PDF.click here to download

 

List 2 - KEV CVEs Added/Updated - 22nd Nov Nov

  1. CVE-2023-47246
  2. CVE-2023-36033
  3. CVE-2023-36025
  4. CVE-2023-36036

List 3: CVEs that may be subject to future TTP mapping updates - 22nd Nov

None


Threat Intel Updates - 8th Nov 2023

To ensure your SAFE platform is assessing risks based on our most recent threat intelligence, SAFE has made the following updates:

  • Technique mapping added/updated for 1186 CVEs - Refer to List 1.
  • Updated CISA KEV CVEs - as of 18th Oct 2023 - Refer to List 2.
  • CVE registered on NVDas of 18th Oct 2023.
    • List 3 below indicates CVEs in NVD that have been assessed but may be subject to future review.
  • Added 4 additional "Known Hacks" Risk Scenarios
    • 1Password Okta - Data Breach - 2023
    • BeyondTrust Okta - Data Breach - 2023
    • Sony MoveIt - Data Breach - 2023
    • 23andMe - Data Breach - 2023
  • Added 2 additional "Threat Groups" Risk Scenarios
    • CIRCUIT PANDA Threat Group
    • SUNRISE PANDA Threat Group

Your SAFE score could be affected by these updates if your assets are discovered to be impacted by recently identified CVEs or TTP mappings or if you have existing Controls, CVEs, or TTP mappings that have been modified.

List 1: CVE Added/Updated - 8th Nov

 

Your browser does not support PDF.click here to download

 


List 2 - KEV CVEs Added/Updated - 8th Nov

  • CVE-2022-28958
  • CVE-2023-20198
  • CVE-2023-20273
  • CVE-2023-4966
  • CVE-2023-5631

List 3: CVEs that may be subject to future TTP mapping updates - 8th Nov

None


Was this article helpful?