0P3N Blog

The MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework is a curated knowledge base for cybersecurity professionals. Summary: As businesses take a more offensive stance against cyberattacks, there is a growing emphasis on documenting and emulating adversarial behavior. As a curated knowledge base and model for cyber behavior, the MITRE ATT&CK framework is being widely adopted to enhance intrusion detection ...

Cybersecurity analyst is one of the most common types of cybersecurity jobs, and they fall into two categories. There are blue teams (defensive) and red teams (offensive) security analysts. The first one works primarily to defend the system by resolving security vulnerabilities, while the other discovers security vulnerabilities by attacking computer systems. Now you can learn a lot about doing ...

Malware is a type of computer program or software developed to cause damage to the computer. It is also called malicious software, which can harm files, swipe private data, and more. This article will discuss Malware and different types of malware threats. The rise of computer and internet technology has transformed our lives, and it has changed the course of ...

The year in review: A look back at some high-profile cyber events of 2021 Like the year before, 2021 was a record-breaking year for cyber events, with billions of records being compromised. Here are some of the most prominent incidents. Summary: By September 2021, the number of data breaches had already exceeded the total number of those from the year before, with ...

Overview of MSHTML Vulnerability MSHTML is an acronym for Microsoft HTML Engine and interfaces, and this is a browser engine that comes with Windows, both personal computers and servers. The security flaw can be found in almost any device that runs with Windows operating system. The CVE-2021-40444, also known as the MSHTML Engine Remote Code Execution vulnerability, allows attackers to execute ...

The advancement of computing technologies and the proliferation of the internet worldwide have shifted a significant part of people's daily lives into cyberspace. Organizations of all types and sizes increasingly utilize digital technologies to conduct and support most of their work operations. The massive shift to cyberspace has brought numerous benefits for individuals and organizations, but it also introduced serious ...

Encryption is one of the most important aspects of securing online communications. It is easier than you might think for someone to eavesdrop on a conversation or access data while it is in transit from one place to another. Encryption is simply the process of encoding information so that the original message cannot be understood until it has been decrypted. ...

Overview of Zero-day Vulnerability A zero-day vulnerability has been discovered but not yet patched in a device or system. A zero-day exploit is an exploit that targets a zero-day vulnerability. Zero-day refers to newly found security flaws that hackers can exploit to attack systems. Attackers use this newly discovered security flaw by exploiting organizations where developers recently found the fault, ...

header Creating a strategy for an organization's cybersecurity posture is often equated to the technical aspects. It is associated with the security hardware, software tools, and related protocols. However, many organizations fail to consider one of the most important factors: people. As experienced cybersecurity expert and senior SANS Institute instructor Lance Spitzner puts it, humans are [the weakest link in the cybersecurity ...

2021 could be considered the year that everyone finally reconsidered how cybersecurity affects everyday life. Attacks on critical infrastructure such as the Colonial Pipeline, JBS, and Iowa Grain Cooperative resulted in inflated oil prices and risks of food shortages. Additionally, cyberattacks on hospitals threatened patient care and PII, plus businesses felt financial pains courtesy of the Kaseya attack and T-Mobile ...