Threat Intel Updates - Aug 2023

3 Minutes to read

Article summary

Did you find this summary helpful?

Thank you for your feedback

Threat Intel Updates

Release Date: 23rd August 2023

We have enhanced our Interactive Cost Model (ICM) to increase thefidelity of our loss analysis. The primary enhancement involves the refinement of benchmarks, providing you with a more precise range of lower, expected, and upper bounds of Financial Risk. These improved benchmarks are based on our continued research efforts and partnership with the Risklens team. For additional information, please get in touch with your customer success manager.
These updates will result in minor changes to your Financial Risk and Estimated Financial Impact.

Threat Intel Updates

Release Date: 16th August 2023

To ensure your SAFE platform is assessing risks based on our most recent threat intelligence SAFE has made the following updates:

Technique mapping added/updated for 937 CVEs - Refer to List 1
Updated CISA KEV CVEs - as of 26th July 2023 - Refer to List 2
CVE registered on NVDas of 26th July 2023.
- List 3 below indicates CVEs in NVD that have been assessed but may be subject to future review.

Your SAFE score could be affected by these updates if your assets are discovered to be impacted by recently identified CVEs or TTP mappings or if you have existing Controls, CVEs, or TTP mappings that have been modified.

List 1: CVE Added/Updated

CVE Added Updated_16th Aug.csv

List 2 - KEV CVEs added/updated

CVE-2023-37450
CVE-2023-35078
CVE-2023-38606
CVE-2017-18368

List 3: CVEs that may be subject to future TTP mapping updates

None.

Threat Intel Updates

Release Date: 10th August 2023

To ensure your SAFE platform is assessing risks based on our most recent threat intelligence SAFE has made the following updates:

A further 130 Qualys CA Controls have been mapped to MITRE ATT&CK TTPs. This update will allow the identification of further risks posed by assets failing these new controls. Refer to List 1 below for the additional Qualys CA controls.

Note

This change will only be applicable to users of the SAFE Qualys SCA Integration.

List 1: Additional Qualys CA Controls

Additional Qualys CA Controls.csv

Threat Intel Updates

Release Date: 2nd August 2023

To ensure your SAFE platform is assessing risks based on our most recent threat intelligence SAFE has made the following updates:

Technique mapping added/updated for 4624 CVEs - Refer to List 1.
Updated CISA KEV CVEs - as of 12th July 2023 - Refer to List 2.
CVE registered on NVDas of 12th July 2023.
- List 3 below indicates CVEs in NVD that have been assessed but may be subject to future review.
Updated controls, TTP mappings, and risk scenarios.
- Updated 12 outside-in control technique mappings - Refer to List 4.
- Updated technique mapping for 33 controls covering 21 AWS applicability types - Refer to List 5.
- The following default risk scenarios have been retired following the assessment of the signal quality required to assess risk accurately.
  - Public Facing Infrastructure.
  - Remote Services.
  - DDoS.
  - Security Configuration.
- The following controls have been updated to be High Impact Controls based on SAFEs' threat research. Assets, where these controls have failed, will have additional scoring penalization applied.
  - Windows 11 - Ensure 'Configure SMB v1 client driver' is set to "Enabled: Disable driver (recommended)".
  - Windows 7/8/8.1
    - Ensure 'Windows Firewall: Domain: Firewall state is set to "On (recommended)".
    - Ensure 'Windows Firewall: Private: Firewall state is set to "On (recommended)".
Bug fixes
- Corrected false negative for SFDC Control 1149001.
- Corrected CSP mapping for High Impact Controls.

Your SAFE score could be affected by these updates if your assets are discovered to be impacted by recently identified CVEs or TTP mappings, or if you have existing Controls, CVEs, or TTP mappings that have been modified.