Contents x
    Threat Intel Updates - Nov 2023
    • 1 Minute to read
    • Print
    • PDF
    Contents

    Threat Intel Updates - Nov 2023

    • 1 Minute to read
    • Print
    • PDF
    Article summary

    Threat Intel Updates - 22nd Nov 2023

    To ensure your SAFE platform is assessing risks based on our most recent threat intelligence, SAFE has made the following updates:

    • Technique mapping added/updated for 1315 CVEs - Refer to List 1.
    • Updated CISA KEV CVEs - as of 1st Nov 2023 - Refer to List 2.
    • CVE registered on NVD as of 1st Nov 2023.
    • List 3 below indicates CVEs in NVD that have been assessed but may be subject to future review.
    • Added 15 additional "Known Hacks" Risk Scenarios
      • LastPass Breach
      • Target Breach
      • Adobe Breach
      • Uber Technologies Breach
      • Cisco Breach
      • Saudi Aramco Breach
      • CVS Health Breach
      • ICBC Bank Breach
      • Henry Schein Breach
      • McLaren Health Breach
      • Danish Infrastructure Breach
      • Walmart Breach
      • Equifax Breach
      • WannaCry Attack
      • Boeing Breach

    Your SAFE score could be affected by these updates if your assets are discovered to be impacted by recently identified CVEs or TTP mappings or if you have existing Controls, CVEs, or TTP mappings that have been modified.

    List 1: CVE Added/Updated - 22nd Nov 2023

     

    Your browser does not support PDF.click here to download

     

    List 2 - KEV CVEs Added/Updated - 22nd Nov Nov

    1. CVE-2023-47246
    2. CVE-2023-36033
    3. CVE-2023-36025
    4. CVE-2023-36036

    List 3: CVEs that may be subject to future TTP mapping updates - 22nd Nov

    None

    Threat Intel Updates - 8th Nov 2023

    To ensure your SAFE platform is assessing risks based on our most recent threat intelligence, SAFE has made the following updates:

    • Technique mapping added/updated for 1186 CVEs - Refer to List 1.
    • Updated CISA KEV CVEs - as of 18th Oct 2023 - Refer to List 2.
    • CVE registered on NVDas of 18th Oct 2023.
      • List 3 below indicates CVEs in NVD that have been assessed but may be subject to future review.
    • Added 4 additional "Known Hacks" Risk Scenarios
      • 1Password Okta - Data Breach - 2023
      • BeyondTrust Okta - Data Breach - 2023
      • Sony MoveIt - Data Breach - 2023
      • 23andMe - Data Breach - 2023
    • Added 2 additional "Threat Groups" Risk Scenarios
      • CIRCUIT PANDA Threat Group
      • SUNRISE PANDA Threat Group

    Your SAFE score could be affected by these updates if your assets are discovered to be impacted by recently identified CVEs or TTP mappings or if you have existing Controls, CVEs, or TTP mappings that have been modified.

    List 1: CVE Added/Updated - 8th Nov

     

    Your browser does not support PDF.click here to download

     


    List 2 - KEV CVEs Added/Updated - 8th Nov

    • CVE-2022-28958
    • CVE-2023-20198
    • CVE-2023-20273
    • CVE-2023-4966
    • CVE-2023-5631

    List 3: CVEs that may be subject to future TTP mapping updates - 8th Nov

    None

    Was this article helpful?
    What's Next