InfoSec news round up for the month of April 2023

Image Description: A woman with a watch on her left hand looking at a computer. She and the computer are out of focus.

This past month has been pretty busy for new reports, announcements, and other news happening in the InfoSec world. Here’s a quick roundup of some of the key events that stood out to me this month.

• (April 6) Announced early in April, the MITRE ATT&CK platform now maps to VERIS (Vocabulary for Event Recording and Incident Sharing) — which many people know as a framework commonly used by Verizon in their reports. You can read about the announcement here.
• (April 14) Apple has released a guide for what to do if you get an alert for an AirTag/AirTag-like item is with you. This is a cool how-to, especially considering the rise in the use of AirTags to track individuals without their knowledge or consent. You can find the guide here.
• (April 18) Microsoft has announced that they are changing the way they track and name threat actors, shifting to a weather theme with it’s threat groups. Read more about the announcement here and here. You might also find this GitHub repository of the different threat group aliases used by different companies to be helpful in keeping the names straight.
• (April 20) In the ICS space, Nozomi Networks announced the ETHOS Intelligence Sharing Association. This group was created in response to recent calls for Shields Up and the goal is to design an open source too that lets organizations compare and share OT/ICS data for developing early warning signs and investigating anomalous behavior in these systems. Learn more about the project here.
• (April 20) CISA has announced that they are taking over the Logging Made Easy service that the NCSC-UK had previously maintained until March 31st 2023. While they haven’t launched a new version yet, the existing one is still available but not maintained. Read the announcement here.
• (April 20) Also on the same day, the European Cyber Conflict Research Initiative released the The Cyber Dimensions of the Russia-Ukraine War Workshop Report that highlights key aspects of the Chatham House Rules discussion held in February 2023. Read the report here.
• (April 21) A GitHub user has uploaded a translation of the Vulkan leak documents from Russian. I haven’t looked at these files myself, but it was really interesting when they were first leaked. Find the translation here.
• (April 24) Virus Total announces Code Insight at RSA Conference. This tool using AI and ML to produce summaries of code insights using the Google Cloud Security AI Workbench. Limited currently to PowerShell code snippets. Learn more about the tool here.
• (April 25) MITRE has released version 13 of the MITRE ATT&CK Platform. This new update comes with some changes — like updates to the XX and psuedocode to make it easier to build detections. Learn more about the updates here.