CINXE.COM
FIRST Blog
<!doctype html><html lang="en" class="web tlp-clear" data-studio-config="eyJ4aHJDcmVkZW50aWFscyI6ZmFsc2UsInhockhlYWRlcnMiOnt9fQo="><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>FIRST Blog</title><link rel="alternate" type="application/rss+xml" href="https://www.first.org/blog/rss.xml" title="FIRST Blog" /> <meta property="og:title" content="FIRST Blog" /> <meta property="og:type" content="website" /> <meta property="og:image" content="https://www.first.org/_/img/1st.png" /> <meta property="og:url" content="https://www.first.org/blog/" /> <meta property="og:site_name" content="FIRST — Forum of Incident Response and Security Teams" /> <meta property="fb:profile_id" content="296983660669109" /> <meta property="twitter:card" content="summary_large_image" /> <meta property="twitter:site" content="@FIRSTdotOrg" /> <meta property="twitter:image" content="https://www.first.org/_/img/1st.png" /><meta name="viewport" content="initial-scale=1,maximum-scale=1.0,user-scalable=no" /><link rel="icon" type="image/png" href="/1st.png" /><link rel="apple-touch-icon" sizes="128x128" href="/favicon.png" /><link rel="stylesheet" type="text/css" href="/_/web.css?20241031194005" /></head><body><header><div id="header" data-studio="CU52CV1W8g"><div id="c3" data-studio="Yu8FjCC11g"><div id="topbar"> <div class="sites right"> <ul> <li><a href="https://support.first.org" class="kb-datalist"><img src="/_/img/icon-portal_support.svg" alt="FIRST Support" title="FIRST Support" /></a></li> <li><a href="https://portal.first.org" class="button"><span class="no-tiny">Member </span>Portal</a></li> </ul> </div> <div class="first-logo"> <p><a href="/"><img src="/_/img/first-org-simple-negative.svg" alt="FIRST.Org" title="FIRST" /></a></p> </div> <div class="nav"> <ul class="navbar"><li><a href="/about">About FIRST</a><ul><li><a href="/about/mission">Mission Statement</a></li><li><a href="/about/history">History</a></li><li><a href="/about/sdg">Sustainable Development Goals</a></li><li><a href="/about/organization">Organization</a><ul><li><a href="/about/organization/directors">Board of Directors</a></li><li><a>Operations Team</a><ul><li><a href="/about/organization/ccb">Community & Capacity Building</a></li><li><a href="/about/organization/events">Event Office</a></li><li><a href="/about/organization/executive-director">Executive Director</a></li><li><a href="/about/organization/infrastructure">Infrastructure</a></li><li><a href="/about/organization/secretariat">Secretariat</a></li></ul></li><li><a href="/about/organization/committees">Committees</a><ul><li><a href="/about/organization/committees/compensation-committee">Compensation Committee</a></li><li><a href="/about/organization/committees/conference-program-committee">Conference Program Committee</a></li><li><a href="/about/organization/committees/membership-committee">Membership Committee</a></li><li><a href="/about/organization/committees/rules-committee">Rules Committee</a></li><li><a href="/about/organization/committees/standards">Standards Committee</a></li></ul></li><li><a href="/events/agm">Annual General Meeting</a></li><li><a href="/about/organization/reports">Annual Reports and Tax Filings</a></li></ul></li><li><a href="/about/policies">FIRST Policies</a><ul><li><a href="/about/policies/anti-corruption">Anti-Corruption Policy</a></li><li><a href="/about/policies/antitrust">Antitrust Policy</a></li><li><a href="/about/policies/bylaws">Bylaws</a></li><li><a href="/about/policies/board-duties">Board duties</a></li><li><a href="/about/bugs">Bug Bounty Program</a></li><li><a href="/about/policies/code-of-conduct">Code of Conduct</a></li><li><a href="/about/policies/conflict-policy">Conflict of Interest Policy</a></li><li><a href="/about/policies/doc-rec-retention-policy">Document Record Retention and Destruction Policy</a></li><li><a href="/newsroom/policy">FIRST Press Policy</a></li><li><a href="/about/policies/gen-event-reg-refund-policy">General Event Registration Refund Policy</a></li><li><a href="/about/policies/event-site-selection">Guidelines for Site Selection for all FIRST events</a></li><li><a href="/identity">Identity & Logo Usage</a></li><li><a href="/about/policies/mailing-list">Mailing List Policy</a></li><li><a href="/about/policies/media">Media Policy</a></li><li><a href="/about/policies/privacy">Privacy Policy</a></li><li><a href="/about/policies/registration-terms-conditions">Registration Terms & Conditions</a></li><li><a href="/about/policies/terms">Services Terms of Use</a></li><li><a href="/about/policies/standards">Standards Policy</a></li><li><a href="/about/policies/diversity">Statement on Diversity & Inclusion</a></li><li><a href="/about/policies/translation-policy">Translation Policy</a></li><li><a href="/about/policies/travel-policy">Travel Policy</a></li><li><a href="/about/policies/uniform-ipr">Uniform IPR Policy</a></li><li><a href="/about/policies/whistleblower-policy">Whistleblower Protection Policy</a></li></ul></li><li><a href="/about/partners">Partnerships</a><ul><li><a href="/global/partners">Partners</a></li><li><a href="/global/friends">Friends of FIRST</a></li><li><a href="/global/supporters/">FIRST Supporters</a></li><li><a href="/about/sponsors">Sponsors</a></li></ul></li><li><a href="/newsroom">Newsroom</a><ul><li><a href="/newsroom/news">What's New</a></li><li><a href="/newsroom/releases">Press Releases</a></li><li><a href="/newsroom/news/media">In the News</a></li><li><a href="/podcasts">Podcasts</a><ul><li><a href="/newsroom/news/first-impressions/">FIRST Impressions Podcast</a></li><li><a href="/newsroom/news/podcasts/">FIRSTCON Podcast</a></li></ul></li><li><a href="/newsroom/newsletters">Newsletters</a></li><li><a href="/newsroom/policy">FIRST Press Policy</a></li></ul></li><li><a href="/about/procurement">Procurement</a></li><li><a href="/about/jobs/">Jobs</a></li><li><a href="/contact">Contact</a></li></ul></li><li><a href="/members">Membership</a><ul><li><a href="/membership/">Becoming a Member</a><ul><li><a href="/membership/process">Membership Process for Teams</a></li><li><a href="/membership/process-liaisons">Membership Process for Liaisons</a></li><li><a href="/membership/#Fees">Membership Fees</a></li></ul></li><li><a href="/members/teams">FIRST Teams</a></li><li><a href="/members/liaisons">FIRST Liaisons</a></li><li><a href="/members/map">Members around the world</a></li></ul></li><li><a href="/global">Initiatives</a><ul><li><a href="/global/sigs">Special Interest Groups (SIGs)</a><ul><li><a href="/global/sigs/framework">SIGs Framework</a></li><li><a href="/global/sigs/academicsec" class="borderb">Academic Security SIG</a></li><li><a href="/global/sigs/ai-security">AI Security SIG</a></li><li><a href="/global/sigs/automation">Automation SIG</a></li><li><a href="/global/sigs/bigdata">Big Data SIG</a></li><li><a href="/cvss">Common Vulnerability Scoring System (CVSS-SIG)</a><ul><li><a href="/cvss/calculator/4.0">Calculator</a></li><li><a href="/cvss/v4.0/specification-document">Specification Document</a></li><li><a href="/cvss/v4.0/user-guide">User Guide</a></li><li><a href="/cvss/v4.0/examples">Examples</a></li><li><a href="/cvss/v4.0/faq">Frequently Asked Questions</a></li><li><a href="/cvss/v4-0">CVSS v4.0 Documentation & Resources</a><ul><li><a href="/cvss/calculator/4.0">CVSS v4.0 Calculator</a></li><li><a href="/cvss/v4.0/specification-document">CVSS v4.0 Specification Document</a></li><li><a href="/cvss/v4.0/user-guide">CVSS v4.0 User Guide</a></li><li><a href="/cvss/v4.0/examples">CVSS v4.0 Examples</a></li><li><a href="/cvss/v4.0/faq">CVSS v4.0 FAQ</a></li></ul></li><li><a href="/cvss/v3-1">CVSS v3.1 Archive</a><ul><li><a href="/cvss/calculator/3.1">CVSS v3.1 Calculator</a></li><li><a href="/cvss/v3.1/specification-document">CVSS v3.1 Specification Document</a></li><li><a href="/cvss/v3.1/user-guide">CVSS v3.1 User Guide</a></li><li><a href="/cvss/v3.1/examples">CVSS v3.1 Examples</a></li><li><a href="/cvss/v3.1/use-design">CVSS v3.1 Calculator Use & Design</a></li></ul></li><li><a href="/cvss/v3-0">CVSS v3.0 Archive</a><ul><li><a href="/cvss/calculator/3.0">CVSS v3.0 Calculator</a></li><li><a href="/cvss/v3.0/specification-document">CVSS v3.0 Specification Document</a></li><li><a href="/cvss/v3.0/user-guide">CVSS v3.0 User Guide</a></li><li><a href="/cvss/v3.0/examples">CVSS v3.0 Examples</a></li><li><a href="/cvss/v3.0/use-design">CVSS v3.0 Calculator Use & Design</a></li></ul></li><li><a href="/cvss/v2">CVSS v2 Archive</a><ul><li><a href="/cvss/v2/guide">CVSS v2 Complete Documentation</a></li><li><a href="/cvss/v2/history">CVSS v2 History</a></li><li><a href="/cvss/v2/team">CVSS-SIG team</a></li><li><a href="/cvss/v2/meetings">SIG Meetings</a></li><li><a href="/cvss/v2/faq">Frequently Asked Questions</a></li><li><a href="/cvss/v2/adopters">CVSS Adopters</a></li><li><a href="/cvss/v2/links">CVSS Links</a></li></ul></li><li><a href="/cvss/v1">CVSS v1 Archive</a><ul><li><a href="/cvss/v1/intro">Introduction to CVSS</a></li><li><a href="/cvss/v1/faq">Frequently Asked Questions</a></li><li><a href="/cvss/v1/guide">Complete CVSS v1 Guide</a></li></ul></li><li><a href="/cvss/data-representations">JSON & XML Data Representations</a></li><li><a href="/cvss/training">CVSS On-Line Training Course</a></li><li><a href="/cvss/identity">Identity & logo usage</a></li></ul></li><li><a href="/global/sigs/csirt">CSIRT Framework Development SIG</a></li><li><a href="/global/sigs/cyberinsurance">Cyber Insurance SIG</a><ul><li><a href="/global/sigs/cyberinsurance/events">Cyber Insurance SIG Webinars</a></li></ul></li><li><a href="/global/sigs/cti">Cyber Threat Intelligence SIG</a><ul><li><a href="/global/sigs/cti/curriculum/">Curriculum</a><ul><li><a href="/global/sigs/cti/curriculum/introduction">Introduction</a></li><li><a href="/global/sigs/cti/curriculum/cti-introduction">Introduction to CTI as a General topic</a></li><li><a href="/global/sigs/cti/curriculum/methods-methodology">Methods and Methodology</a></li><li><a href="/global/sigs/cti/curriculum/pir">Priority Intelligence Requirement (PIR)</a></li><li><a href="/global/sigs/cti/curriculum/source-evaluation">Source Evaluation and Information Reliability</a></li><li><a href="/global/sigs/cti/curriculum/machine-human">Machine and Human Analysis Techniques (and Intelligence Cycle)</a></li><li><a href="/global/sigs/cti/curriculum/threat-modelling">Threat Modelling</a></li><li><a href="/global/sigs/cti/curriculum/training">Training</a></li><li><a href="/global/sigs/cti/curriculum/standards">Standards</a></li><li><a href="/global/sigs/cti/curriculum/glossary">Glossary</a></li><li><a href="/global/sigs/cti/curriculum/cti-reporting/">Communicating Uncertainties in CTI Reporting</a></li></ul></li><li><a href="/global/sigs/cti/events/">Webinars and Online Training</a></li><li><a href="/global/sigs/cti/cti-program">Building a CTI program and team</a><ul><li><a href="/global/sigs/cti/cti-program/program-stages">Program maturity stages</a><ul><li><a href="/global/sigs/cti/cti-program/stage1">CTI Maturity model - Stage 1</a></li><li><a href="/global/sigs/cti/cti-program/stage2">CTI Maturity model - Stage 2</a></li><li><a href="/global/sigs/cti/cti-program/stage3">CTI Maturity model - Stage 3</a></li></ul></li><li><a href="/global/sigs/cti/cti-program/starter-kit">Program Starter Kit</a></li><li><a href="/global/sigs/cti/cti-program/resources">Resources and supporting materials</a></li></ul></li></ul></li><li><a href="/global/sigs/digital-safety">Digital Safety SIG</a></li><li><a href="/global/sigs/dns">DNS Abuse SIG</a><ul><li><a href="/global/sigs/dns/policies">Code of Conduct & Other Policies</a></li><li><a href="/global/sigs/dns/dns-abuse-examples">Examples of DNS Abuse</a></li></ul></li><li><a href="/global/sigs/ethics">Ethics SIG</a><ul><li><a href="/global/sigs/ethics/ethics-first">Ethics for Incident Response Teams</a></li></ul></li><li><a href="/epss/">Exploit Prediction Scoring System (EPSS)</a><ul><li><a href="/epss/model">The EPSS Model</a></li><li><a href="/epss/data_stats">Data and Statistics</a></li><li><a href="/epss/user-guide">User Guide</a></li><li><a href="/epss/research">EPSS Research and Presentations</a></li><li><a href="/epss/faq">Frequently Asked Questions</a></li><li><a href="/epss/who_is_using">Who is using EPSS?</a></li><li><a href="/epss/epss_tools">Open-source EPSS Tools</a></li><li><a href="/epss/api">API</a></li><li><a href="/epss/papers">Related Exploit Research</a></li><li><a>Blog</a><ul><li><a href="/epss/articles/prob_percentile_bins">Understanding EPSS Probabilities and Percentiles</a></li><li><a href="/epss/articles/log4shell">Log4Shell Use Case</a></li><li><a href="/epss/articles/estimating_old_cvss">Estimating CVSS v3 Scores for 100,000 Older Vulnerabilities</a></li></ul></li><li><a href="/epss/partners">Data Partners</a></li></ul></li><li><a href="/global/sigs/msr/">FIRST Multi-Stakeholder Ransomware SIG</a></li><li><a href="/global/sigs/hfs/">Human Factors in Security SIG</a></li><li><a href="/global/sigs/ics">Industrial Control Systems SIG (ICS-SIG)</a></li><li><a href="/global/sigs/iep">Information Exchange Policy SIG (IEP-SIG)</a></li><li><a href="/global/sigs/information-sharing">Information Sharing SIG</a><ul><li><a href="/global/sigs/information-sharing/misp">Malware Information Sharing Platform</a></li></ul></li><li><a href="/global/sigs/le">Law Enforcement SIG</a></li><li><a href="/global/sigs/malware">Malware Analysis SIG</a><ul><li><a href="/global/sigs/malware/ma-framework">Malware Analysis Framework</a></li><li><a href="/global/sigs/malware/ma-framework/malwaretools">Malware Analysis Tools</a></li></ul></li><li><a href="/global/sigs/metrics">Metrics SIG</a><ul><li><a href="/global/sigs/metrics/events">Metrics SIG Webinars</a></li></ul></li><li><a href="/global/sigs/netsec/">NETSEC SIG</a></li><li><a href="/global/sigs/passive-dns">Passive DNS Exchange</a></li><li><a href="/global/sigs/policy">Policy SIG</a></li><li><a href="/global/sigs/psirt">PSIRT SIG</a></li><li><a href="/global/sigs/red-team">Red Team SIG</a></li><li><a href="/global/sigs/cpg">Retail and Consumer Packaged Goods (CPG) SIG</a></li><li><a href="/global/sigs/ctf">Security Lounge SIG</a></li><li><a href="/global/sigs/tic/">Threat Intel Coalition SIG</a><ul><li><a href="/global/sigs/tic/membership-rules">Membership Requirements and Veto Rules</a></li></ul></li><li><a href="/global/sigs/tlp">Traffic Light Protocol (TLP-SIG)</a></li><li><a href="/global/sigs/transport">Transportation and Mobility SIG</a></li><li><a href="/global/sigs/vulnerability-coordination">Vulnerability Coordination</a><ul><li><a href="/global/sigs/vulnerability-coordination/multiparty">Multi-Party Vulnerability Coordination and Disclosure</a></li><li><a href="/global/sigs/vulnerability-coordination/multiparty/guidelines">Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure</a></li></ul></li><li><a href="/global/sigs/vrdx">Vulnerability Reporting and Data eXchange SIG (VRDX-SIG)</a><ul><li><a href="/global/sigs/vrdx/vdb-catalog">Vulnerability Database Catalog</a></li></ul></li><li><a href="/global/sigs/wof">Women of FIRST</a></li></ul></li><li><a href="/global/governance">Internet Governance</a></li><li><a href="/global/irt-database">IR Database</a></li><li><a href="/global/fellowship">Fellowship Program</a><ul><li><a href="https://portal.first.org/fellowship">Application Form</a></li></ul></li><li><a href="/global/mentorship">Mentorship Program</a></li><li><a href="/hof">IR Hall of Fame</a><ul><li><a href="/hof/inductees">Hall of Fame Inductees</a></li></ul></li><li><a href="/global/victim-notification">Victim Notification</a></li><li><a href="/volunteers/">Volunteers at FIRST</a><ul><li><a href="/volunteers/list">FIRST Volunteers</a></li><li><a href="/volunteers/participation">Volunteer Contribution Record</a></li></ul></li><li><a href="#new">Previous Activities</a><ul><li><a href="/global/practices">Best Practices Contest</a></li></ul></li></ul></li><li><a href="/standards">Standards & Publications</a><ul><li><a href="/standards">Standards</a><ul><li><a href="/cvss">Common Vulnerability Scoring System (CVSS-SIG)</a></li><li><a href="/tlp">Traffic Light Protocol (TLP)</a><ul><li><a href="/tlp/use-cases">TLP Use Cases</a></li></ul></li><li><a href="/standards/frameworks/">Service Frameworks</a><ul><li><a href="/standards/frameworks/csirts">CSIRT Services Framework</a></li><li><a href="/standards/frameworks/psirts">PSIRT Services Framework</a></li></ul></li><li><a href="/iep">Information Exchange Policy (IEP)</a><ul><li><a href="/iep/iep_framework_2_0">IEP 2.0 Framework</a></li><li><a href="/iep/iep-json-2_0">IEP 2.0 JSON Specification</a></li><li><a href="/iep/iep-polices">Standard IEP Policies</a><ul><li><a href="https://www.first.org/iep/2.0/first-tlp-iep.iepj">IEP TLP Policy File</a></li><li><a href="https://www.first.org/iep/2.0/first-unknown-iep.iepj">IEP Unknown Policy File</a></li></ul></li><li><a href="/iep/iep_v1_0">IEP 1.0 Archive</a></li></ul></li><li><a href="/global/sigs/passive-dns">Passive DNS Exchange</a></li><li><a href="/epss">Exploit Prediction Scoring System (EPSS)</a></li></ul></li><li><a href="/resources/papers">Publications</a></li></ul></li><li><a href="/events">Events</a></li><li><a href="/education">Education</a><ul><li><a href="/education/first-training">FIRST Training</a><ul><li><a href="/education/trainings">Training Courses</a></li><li><a href="/education/trainers">FIRST Trainers</a></li></ul></li></ul></li><li><a href="/blog">Blog</a></li></ul> </div> </div> <div id="home-buttons"> <p><a href="/join" data-title="Join"><img alt="Join" src="/_/img/icon-join.svg"><span class="tt-join">Join<span>Details about FIRST membership and joining as a full member or liaison.</span></span></a> <a href="/learn" data-title="Learn"><img alt="Learn" src="/_/img/icon-learn.svg"><span class="tt-learn">Learn<span>Training and workshop opportunities, and details about the FIRST learning platform.</span></span></a> <a href="/participate" data-title="Participate"><img alt="Participate" src="/_/img/icon-participate.svg"><span class="tt-participate">Participate<span>Read about upcoming events, SIGs, and know what is going on.</span></span></a></p> </div></div></div></header><div id="body" data-studio="CU52CV1W8g"><div id="c1" data-studio="Yu8FjCC11g" class="p"><div class="section p tags" data-paginate="10"><h1>FIRST Blog</h1> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="cvss,sig,vulnerability"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20241104-CVSS-v4_0-Turns-One-Year-Old">CVSS v4.0 Turns One Year Old</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2024-11-04T00:30:00+00:00">Mon, 04 Nov 2024 00:30:00 +0000</p> <div class="p-summary" itemprop="description"><p>FIRST and the CVSS Special Interest Group (SIG) would like to wish a very happy first birthday to the newest version of CVSS, version 4.0!</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="vulnerabilities,tools,forecast"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20240923-Q4Vulnerability-Forecast">2024 Q4 Vulnerability Forecast</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2024-09-23T00:30:00+00:00">Mon, 23 Sep 2024 00:30:00 +0000</p> <div class="p-summary" itemprop="description"><p>We’re expecting 9006 +/- 1259 vulnerabilities this quarter, as we close out the year.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="insights,cyber,threat,trends"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20240628-from-fukuoka-to-copenhagen">From Fukuoka to Copenhagen: LAC’s Insights on the Latest Cyber Threat Trends</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2024-06-28T10:30:00+00:00">Fri, 28 Jun 2024 10:30:00 +0000</p> <div class="p-summary" itemprop="description"><p>The 36th annual FIRST Conference, "FIRSTCON24," was held from June 9 to 14, 2024, in Fukuoka, Japan. This marked the first time in 15 years that the conference was hosted in Japan, with the last event taking place in Kyoto in 2009. The conference saw a remarkable turnout with 997 participants from 99 countries and regions.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="vulnerabilities,management"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20240621-Unveiling_Active_Directory_Security_Risks">Unveiling Active Directory Security Risks: A Comprehensive Analysis of Management Issues and Vulnerabilities</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2024-06-21T10:30:00+00:00">Fri, 21 Jun 2024 10:30:00 +0000</p> <div class="p-summary" itemprop="description"><p>In this report, CyCraft research team analyzes 27 listed companies in Taiwan, Level-A government agencies and healthcare institutions, covering 46 AD Domains, with 1,057,000 objects included.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="vulnerabilities,tools,forecast"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20240529-Q3Vulnerability-Forecast">2024 Q3 Vulnerability Forecast</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2024-05-29T00:30:00+00:00">Wed, 29 May 2024 00:30:00 +0000</p> <div class="p-summary" itemprop="description"><p>As usual we like to verify our previous forecast before we make the next one. Due to travel, I must do this a few days before I should (normally on the 1<sup>st</sup> of June).</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="vulnerabilities,tools,forecast"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20240419-Q2Vulnerability-Forecast">2024 Q2 Vulnerability Forecast</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2024-04-25T10:30:00+00:00">Thu, 25 Apr 2024 10:30:00 +0000</p> <div class="p-summary" itemprop="description"><p>So what are we expecting in terms of numbers of CVEs this quarter?</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="vulnerability,forecast"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20240109-vulnerability-forecast-2024">The vulnerability forecast for 2024</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2024-01-11T10:30:00+00:00">Thu, 11 Jan 2024 10:30:00 +0000</p> <div class="p-summary" itemprop="description"><p>Every year we make a prediction to the number of vulnerabilities we expect to see published by NVD. We define this as the number published between New Year’s Day in 2023 to New Year’s Eve 2023, which is not the same as CVE’s that begin with 2023 as an identifier.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="loa,doa,certificate"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20231222-Is-the-LoA-DoA-for-Routing">Is the LoA DoA for Routing</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2023-12-22T10:30:00+00:00">Fri, 22 Dec 2023 10:30:00 +0000</p> <div class="p-summary" itemprop="description"><p>Back in the early days of the Internet, when everybody knew everybody, the way that you validated yourself to a Certificate Authority (CA) for an X509 certificate for Secure Sockets Layer (SSL) was to send a fax on company letterhead.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="vulnerability,forecasting"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20231121-The-rising-tide-of-vulnerabilities">The rising tide of vulnerabilities…might be more predictable than you think.</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2023-11-22T18:00:00+00:00">Wed, 22 Nov 2023 18:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>Over two days in late September, attack surface management teams, incident responders, data scientists, and vulnerability management practitioners gathered in Cardiff, Wales.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20230714-Perspectives-from-a-First-time-Attendee">The 35th Annual FIRST Conference: Perspectives from a First-time Attendee</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2023-07-14T00:01:00+00:00">Fri, 14 Jul 2023 00:01:00 +0000</p> <div class="p-summary" itemprop="description"><p>In today's rapidly evolving digital landscape, the need for robust cybersecurity solutions has never been more critical.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20230630-M3AAWG-58-Meeting-Dublin">M3AAWG 58 Meeting in Dublin, June 2023</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2023-06-30T00:01:00+00:00">Fri, 30 Jun 2023 00:01:00 +0000</p> <div class="p-summary" itemprop="description"><p>Sadly, this year I wasn't able to join everyone at the Annual FIRST Conference in Montreal. By all accounts it was a brilliant time and I'm genuinely jealous of everyone who got to be there - especially the DNS Abuse SIG members who got to meet up in person.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20230602-Predicting_the_volume_of_CVEs_with_Vuln4Cast">Predicting the volume of CVEs with Vuln4Cast</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2023-06-02T00:01:00+00:00">Fri, 02 Jun 2023 00:01:00 +0000</p> <div class="p-summary" itemprop="description"><p>National CERT and CSIRT teams regularly need to write alerts on upcoming CVEs, and might want to know how many alerts to expect to write.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20230601-Inside_Look_Adobe_Incident_Response_Team_Players">Inside Look: Adobe Incident Response Team Players - Lauren Park, Director, Security Coordination Center at Adobe</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2023-06-01T00:01:00+00:00">Thu, 01 Jun 2023 00:01:00 +0000</p> <div class="p-summary" itemprop="description"><p>Adobe has long focused on establishing a strong foundation of cybersecurity, built on a culture of collaboration, multiple capabilities, and deep engineering prowess. We aim to take a proactive approach to defending against security threats and issues and continuously monitor the threat landscape, learn from, and share our learnings with security experts around the world, and feed information back to our development teams to strengthen our products.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20230510-remembering-andrew-cormack">Remembering Andrew Cormack - by Serge Droz</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2023-05-12T16:00:00+00:00">Fri, 12 May 2023 16:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>It’s with great sadness that we learned Andrew Cormack had passed away in April. Andrew was more than just an expert. His curious and open mind inspired many in our community.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="Human,Factors,Security"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20230505-123456-again">123456 again?! Why aren't we learning to address the human factor more successfully?</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2023-05-05T00:00:00+00:00">Fri, 05 May 2023 00:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>People have become the main driver for breaches but the human factors remain insufficiently addressed in the IT security sector. We are working on changing that.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="DNS,Matrix,Security"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20230228-DNS_Abuse_Techniques_Matrix">DNS Abuse Techniques Matrix</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2023-03-01T00:00:00+00:00">Wed, 01 Mar 2023 00:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>The DNS Abuse SIG is very pleased to announce the publication of the DNS Abuse Techniques Matrix, the work of many months and a great number of people from various parts of the security and DNS worlds.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="Regional,Symposium,Cybersecurity"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20230223_long_time_no_see">Long Time No See!</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2023-02-23T00:00:00+00:00">Thu, 23 Feb 2023 00:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>"Long time no see!” was the most popular phrase at the TF-CSIRT – FIRST Regional Symposium in Bilbao, Spain. And it has been a long time indeed – last time we met all together was in Malaga in 2020. We had some virtual events in the meantime, but it was certainly nice to see old faces and meet new colleagues in real life. The first joint post-pandemic event took place from 30th of January to 2nd of February, kindly hosted by the Basque Cybersecurity Centre.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="Cybersecurity,DNS Abuse"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20221027_ICANN_was_a_massive_success_in_getting_the_word_out_about_DNS_Abuse_and_FIRST">ICANN was a massive success in getting the word out about DNS Abuse and FIRST</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2022-10-27T00:00:00+00:00">Thu, 27 Oct 2022 00:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>In September, ICANN invited me to talk about DNS Abuse at the ICANN75 AGM in Kuala Lumpur, Malaysia. It was a great success! My presentation ‘The Challenge of Defining DNS Abuse’ was well received, and many attending industry specialists asked good questions, especially about FIRST's work. I made many valuable connections, including people from ICANN, the DNS Abuse Institute, registries, registrars, CERTs, commercial companies, government organizations, and many more.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="Cybersecurity,incident response"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20220805_building_a_trusted_and_cyber_secure_europe">Building a trusted and Cyber Secure Europe</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2022-08-05T00:00:00+00:00">Fri, 05 Aug 2022 00:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>The European Union Agency for Cybersecurity is dedicated to achieving a high common level of cybersecurity across Europe. For more than 15 years, ENISA has played a key role in enabling digital trust and security across Europe, together with its stakeholders including the Member States and EU bodies and agencies.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="ransomware,ransom,attack"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20220729_Average_ransom_payment">Average Ransom Payment Up 71% This Year, Approaches $1 Million</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2022-07-29T00:00:00+00:00">Fri, 29 Jul 2022 00:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>With the recent release of the 2022 Unit 42 Ransomware Threat Report, we thought it would be a good time to take a quick look at ransomware activity that we’ve seen so far in 2022.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="Security,SOAR,Attack"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20220722_SOARs_vs_No-Code_Security_Automation_The_Case_for_Both">SOARs vs. No-Code Security Automation: The Case for Both</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2022-07-22T00:00:00+00:00">Fri, 22 Jul 2022 00:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>Just a few years ago, security orchestration, automation and response (SOAR) was the new buzzword associated with security modernization. Today, however, SOAR platforms are increasingly assuming a legacy look and feel. Although SOARs still have their place in a modern SecOps strategy, the key to driving SecOps forward today is no-code security automation. Read on to learn what lightweight security automation means, how it compares to SOAR and why SOARs alone won’t help you stay ahead of today’s security threats.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="Security Analytics,incident response,Attack"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20220715_I_Want_the_Needle_and_the_Haystack_YARA_Security_Analytics_for_Incident_Response">I Want the Needle and the Haystack: YARA + Security Analytics for Incident Response</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2022-07-15T00:00:00+00:00">Fri, 15 Jul 2022 00:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>I want the needle, and the haystack to go along with it. Attackers take advantage of siloed data and security tools to exploit systems using misconfigurations and move laterally. This lateral movement across different attack surfaces has attackers flowing between the control plane and data plane of your environment to escalate privileges and seek out targeted access.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="DNS,Abuse,Policy,stakeholders"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20220519_The_Challenge_of_Defining_DNS_Abuse">The Challenge of Defining DNS Abuse</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2022-05-19T13:00:00+00:00">Thu, 19 May 2022 13:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>DNS Abuse is a pretty widely used term. On the surface, it might seem like a simple term that's easily understood. But when you look more closely, the definition depends on your perception of the issue—and can be defined both broadly, or more narrowly.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="Technical Colloquium,Netherlands,Amsterdam,collaboration"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20220428_Chris_Gibson_TC_Netherlands">FIRST Technical Colloquium in the Netherlands – sees global experts converge in Amsterdam to share knowledge and inspire collaborations</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2022-04-28T01:00:00+00:00">Thu, 28 Apr 2022 01:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>I had the absolute pleasure of participating in and attending the recent FIRST Technical Colloquium at the W Hotel in Amsterdam, Netherlands, April 12–14. It was great to see nearly 100 people attend and over 50 people participating in training at this long-awaited in-person event. The program featured 17 speakers and two on-site trainers who held several popular workshops.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="CSIRT,FIRST,collaboration"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20220224_GGE">Keep CSIRTs out of the lines of fire</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2022-02-24T16:00:00+00:00">Thu, 24 Feb 2022 16:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>FIRST encourages states to not attack CSIRTs and critical infrastructure</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20220105-Automation_SIG_A_New_SIG_Adventure">Automation SIG: A New SIG Adventure</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2022-01-05T00:00:00+00:00">Wed, 05 Jan 2022 00:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>Every incident response team globally is facing a serious increase of workload. As attackers scan and penetrate networks via automation, so must defenders look at automation.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20211129-meeting_person_first_oslo_technical_colloquium">Meeting in person at the FIRST Oslo Technical Colloquium</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2021-12-07T17:00:00+00:00">Tue, 07 Dec 2021 17:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>Last month, I was honored to be one of the planners and participants of the FIRST Technical Colloquium (TC) in Norway. Organized by FIRST members, the event was held just outside of Oslo at the Telenor Expo, Telenor headquarters in Fornebu.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="Threat hunting,APT"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20210802-Threat_hunting_an_outdated_technique_or_a_tactical_advantage">Threat hunting: an outdated technique or a tactical advantage?</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2021-08-02T00:00:00+00:00">Mon, 02 Aug 2021 00:00:00 +0000</p> <div class="p-summary" itemprop="description"></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="velociraptor,printNightmare"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20210726-Velociraptor_vs_PrintNightmare">Velociraptor vs. PrintNightmare</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2021-07-26T00:00:00+00:00">Mon, 26 Jul 2021 00:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>Hunting a Zero day!</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="Secureworks,cybersecurity"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20210719-Ongoing_campaign_leveraging_Exchange_vulnerability_potentially_linked_to_Iran">Ongoing campaign leveraging Exchange vulnerability potentially linked to Iran</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2021-07-19T00:00:00+00:00">Mon, 19 Jul 2021 00:00:00 +0000</p> <div class="p-summary" itemprop="description"></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="Threat intelligence,cybersecurity"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20210712-Industry_Peers_Are_the_Path_Towards_a_Collective_Defense">Industry Peers Are the Path Towards a Collective Defense</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2021-07-12T00:00:00+00:00">Mon, 12 Jul 2021 00:00:00 +0000</p> <div class="p-summary" itemprop="description"></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="conference,cybersecurity"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20210118-Thank_You_FIRST_Community_for_Helping_Team_Cymru">Thank You FIRST Community for Helping Team Cymru Reach a New CSIRT Assistance Program Milestone</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2021-01-28T17:00:00+00:00">Thu, 28 Jan 2021 17:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>Together, We’re Creating Better Threat Intelligence Sharing for the World</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="conference,ransomware"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20210111-Preparing_for_Post-Intrusion_Ransomware">Preparing for Post-Intrusion Ransomware</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2021-01-11T17:00:00+00:00">Mon, 11 Jan 2021 17:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>This evolving and brutally effective threat can have a significant impact on an organization’s resources, finances, and reputation, but it can be stopped</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="clustering,file similarity,ioc,similarity,tactical intelligence,threat campaigns,threat context,threat intelligence"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20210104-Using_similarity_to_expand_context_and_map_out_threat_campaigns">Using similarity to expand context and map out threat campaigns</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2021-01-04T17:00:00+00:00">Mon, 04 Jan 2021 17:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>Cyber Threat Intelligence (CTI) practitioners can gain insight into adversary operations by tracking conflicts or geopolitical tensions. Similar to a “follow the money” approach in criminal investigations, looking at conflict zones can reveal cyber capabilities deployed as part of events —either by the parties to the conflict itself, or third parties interested in monitoring events for their own purposes.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="conference,cybersecurity"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20201221-Forecasting_All_for_One_and_One_for_All_in_Cybersecurity">Forecasting: All for One and One for All in Cybersecurity</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2020-12-21T17:00:00+00:00">Mon, 21 Dec 2020 17:00:00 +0000</p> <div class="p-summary" itemprop="description"></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="conference,cyber,threat,inteligence"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20201214-Current_Events_to_Widespread_Campaigns">Current Events to Widespread Campaigns: Pivoting from Samples to Identify Activity</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2020-12-14T17:00:00+00:00">Mon, 14 Dec 2020 17:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>Cyber Threat Intelligence (CTI) practitioners can gain insight into adversary operations by tracking conflicts or geopolitical tensions. Similar to a “follow the money” approach in criminal investigations, looking at conflict zones can reveal cyber capabilities deployed as part of events —either by the parties to the conflict itself, or third parties interested in monitoring events for their own purposes.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="conference,cybersecurity"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20201207-Pay2Key">Pay2Key – The Plot Thickens</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2020-12-07T17:00:00+00:00">Mon, 07 Dec 2020 17:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>Last weekend we issued a ransomware alert about a wave of attacks using a never-seen-before strain dubbed ‘Pay2Key.’ Our investigation suggested the ransomware operators were mostly targeting Israeli companies. The ransomware used in the attacks spread rapidly across victims’ networks, leaving significant parts of the network encrypted along with a ransom note, threatening to leak stolen corporate data unless the ransom is paid.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="first,community,ethics,cvd"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20200518_Ethics_Responsibilities_Vulnerabilities">Ethics, Responsibilities, Vulnerabilities</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2020-05-18T15:00:00+00:00">Mon, 18 May 2020 15:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>Coordinated Vulnerability Disclosure is hard: Here is what to do about it.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="psirt,maturity,community,services"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20190124-Maturity-Level-3">Maturity Level 3 (Advanced) - Proactive...we’re ready for anything (mostly)</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2019-01-24T14:00:00+00:00">Thu, 24 Jan 2019 14:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>Hopefully what we’ve outlined as suggested services and functions a PSIRT could offer at the various stages of their development will be helpful and inspires your team to raise their game.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="psirt,maturity,community,services"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20190123-Maturity-Level-2">Maturity Level 2 (Intermediate) - I am reactive, but I’ve trained for it!</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2019-01-23T14:00:00+00:00">Wed, 23 Jan 2019 14:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>Are you mature, are you immature - what are you? Maturity Level 2 is about adapting the ad-hoc PSIRT strategies into full blown policies and processes.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="psirt,maturity,community,services"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20190122-The-Beginning">The Beginning - a very fine place to start!</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2019-01-22T14:00:00+00:00">Tue, 22 Jan 2019 14:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>To start you on your path to PSIRT goodness, you’ll want to read and digest the PSIRT Maturity Document created by your friendly global FIRST PSIRT representatives. And what’s a better place to start than at the beginning?</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="psirt,maturity,community,services"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20190121-What-is-a-PSIRT-and-where-do-I-start">What is a PSIRT and where do I start?</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2019-01-21T14:00:00+00:00">Mon, 21 Jan 2019 14:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>The right place to get your fill on how to make a world-class Product Security Incident Response Team.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="first,board,community,volunteer"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20181105_Cold_IR">Cold Incident Response 2018</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2018-10-29T19:00:00+00:00">Mon, 29 Oct 2018 19:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>An organizers view on the 2018 Oslo Technical Symposium</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="first,board,community,volunteer"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20181029-100_days_on_board_of_directors">100 days on the board of directors of FIRST</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2018-10-29T19:00:00+00:00">Mon, 29 Oct 2018 19:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>Alexander Jaeger shares his expirience after 100 days being on the board of directors of FIRST.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="Cyber norms,GCSC,UNGGE,IGF"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20180923-GCSC_address">FIRST address to the Global Commission on the Stability of Cyberspace</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2018-09-22T10:00:00+00:00">Sat, 22 Sep 2018 10:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>Maarten Van Horenbeeck, Board Member of FIRST, delivers a statement to the Global Commission on the Stability of Cyberspace, in Singapore.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="Cyber norms,APNIC,UNGGE,IGF"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20180423-cyber-norms">Ready to Respond to the Cyber Norms Debate</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2018-04-23T10:00:00+00:00">Mon, 23 Apr 2018 10:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>Klée Aiken, APNIC's External Relations Manager, shares his views on cyber norms and how they will impact incident responders.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="ICANN,GDPR,WHOIS"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20180412_GDPR_and_WHOIS">The GDPR and WHOIS privacy</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2018-04-12T07:00:00+00:00">Thu, 12 Apr 2018 07:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>Background on the issue</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="ICANN,GDPR,WHOIS"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20180410-CERT_NZ_Statement_on_WHOIS">CERT NZ Statement about WHOIS and GDPR</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2018-04-10T07:00:00+00:00">Tue, 10 Apr 2018 07:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>CERT NZ describes how important the usage of WHOIS is during an incident investigation.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="Product Security,Microsoft,Patch Tuesday"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20180327-A_long_history_of_building_trust_and_engagement">A Long History of Building Trust and Engagement</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2018-03-27T10:00:00+00:00">Tue, 27 Mar 2018 10:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>Microsoft's Principal Security Program Manager, Jerry Bryant, discusses a long history of building trust and engagement in security.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="Policy,Internet Governance"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20180106-FIRST_at_the_GCCS">FIRST at the Global Conference on Cyberspace (GCCS)</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2018-01-06T10:00:00+00:00">Sat, 06 Jan 2018 10:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>An overview of the Global Conference on Cyberspace, and the work FIRST does in the policy community.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="GDPR,Data Protection,Privacy"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20171211_GDPR_for_CSIRTs">Security, Incident Response, Privacy and Data Protection</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2017-12-11T13:00:00+00:00">Mon, 11 Dec 2017 13:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>EUrope is in the course of introducing completely new legisaltion regulation privacy and data protection. Much of the data that CSIRTs use potentially is affected by this.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="conference,FIRST,collaboration"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20171127_Resilience">Towards efficient cyber resilience</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2017-11-27T10:00:00+00:00">Mon, 27 Nov 2017 10:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>As the internet becomes imorteant in every more areas of our daily lifes ways need to be found to ensure resilience. The by far most important to achieve cyber resilience is collaboration across boarders.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="infrastructure,first-tech"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20171107-new-CA">Behind the scenes at the FIRST-tech team</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2017-11-06T16:00:00+00:00">Mon, 06 Nov 2017 16:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>The FIRST tech team is re-working a lot of things behind the scenes. Some insights from the frontier.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="Board of Directors,Strategy"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20171030_Strengthen_Community">Strengthening the community of Incident Response and Security Teams</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2017-11-01T02:00:00+00:00">Wed, 01 Nov 2017 02:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>Recent updates from the Board of Directors about recent activities and an outlook what we are currently working on.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="conference,keynote,San Juan,Microsoft,cryptography"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20171017-Serge_Droz_education">Training in emerging nations: Laying the seed to close the digital divide</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2017-10-19T10:00:00+00:00">Thu, 19 Oct 2017 10:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>For the longest time the growing Internet and digital communication was hailed as the path to a new and better world. But poorer countries where mostly left out from the benefits. Serge Droz writes about how FIRST delivers training in these regions.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="conference,keynote,San Juan,Microsoft,cryptography"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20170616-Brian_LaMacchia">Keynote by Brian LaMacchia: “Post-Quantum Cryptography”</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2017-06-17T10:00:00+00:00">Sat, 17 Jun 2017 10:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>The FIRST Conference’s Keynote sessions concluded today with a presentation by Brian LaMacchia, Director of the Security & Cryptography group within Microsoft Research (MSR). In this department, his team conducts basic and applied research and advanced development.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="conference,keynote,San Juan,NCSC,CSIRT Maturity"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20170615-Martijn_de_Hamer_keynote">Keynote by Martijn de Hamer: “18 years old, it’s time to become mature”</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2017-06-16T01:00:00+00:00">Fri, 16 Jun 2017 01:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>Day four of the FIRST Conference began with a keynote presentation by Martijn de Hamer, the head of the National Cyber Security Operations Center (NCSOC) at the National Cyber Security Center (NCSC-NL) in the Netherlands. After having had various roles in the field of information security, de Hamer first started working for NCSC-NL (previously GOVCERT.NL) in 2005. Additionally, he is active in the field of CSIRT maturity and other aspects of CSIRT capacity building.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="conference,keynote,San Juan,Oxford"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20170614-Florian_Egloff_keynote">Keynote by Florian Egloff: “Cybersecurity and the Age of Privateering”</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2017-06-15T23:55:00+00:00">Thu, 15 Jun 2017 23:55:00 +0000</p> <div class="p-summary" itemprop="description"><p>Day 3 of the FIRST Conference got started with keynote speaker Florian Egloff. Florian Egloff is a Clarendon Scholar, a D. Phil (PhD) Candidate in Cyber Security at the Centre for Doctoral Training in Cyber Security at the University of Oxford, and a Research Affiliate at the Cyber Studies Programme at Oxford University's Department of Politics and International Relations. He is currently working on his thesis entitled "Cybersecurity and non-state actors: a historical analogy with mercantile companies, privateers, and pirates."</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="conference,keynote,San Juan,Google"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20170613-DarrenBilby_keynote">Keynote by Darren Bilby: “A Decade of Lessons in Incident Response”</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2017-06-13T23:00:00+00:00">Tue, 13 Jun 2017 23:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>Day 2 of the FIRST Conference got started with keynote speaker Darren Bilby, a manager in Google’s Enterprise Infrastructure protection team, who is also a staff security engineer and self-described digital janitor. A 10-year veteran at Google, Bilby was the tech lead for Google’s Global Incident Response Team for six years, managed Google's European detection team in Zürich for two years and has also worked as a software engineer building out Google’s security tools. He was also the founder and a core developer of the open source GRR Incident Response project.</p></div> </article> <article class="h-entry search-item visible" itemscope itemtype="http://schema.org/Article" data-subject="conference,keynote,San Juan,Facebook"> <h3 class="p-name" itemprop="name"><a class="p-url" itemprop="url" href="/blog/20170613-Opening-Keynote-San-Juan">Opening keynote by Alex Stamos at the 29th Annual FIRST Conference in San Juan, Puerto Rico</a></h3> <p class="dt-published" itemprop="datePublished" datetime="2017-06-13T15:00:00+00:00">Tue, 13 Jun 2017 15:00:00 +0000</p> <div class="p-summary" itemprop="description"><p>FIRST's Annual Conference kicked off on Monday morning, June 12th of 2017 with its opening keynote speaker, Facebook Chief Security Officer (CSO) Alex Stamos. As security lead for one of the world’s most noted companies, Stamos began his lecture with some of the biggest security challenges Facebook deals with.</p></div> </article> </div> <ul class="years page-control"> <li><a href="/blog/2024">2024</a></li> <li><a href="/blog/2023">2023</a></li> <li><a href="/blog/2022">2022</a></li> <li><a href="/blog/2021">2021</a></li> <li><a href="/blog/2020">2020</a></li> <li><a href="/blog/2019">2019</a></li> <li><a href="/blog/2018">2018</a></li> <li><a href="/blog/2017">2017</a></li> </ul></div></div><div id="navbar" data-studio="CU52CV1W8g"><div id="c4" data-studio="Yu8FjCC11g" class="h3labels subbox"><h3 id="FIRST-Blog"><a href="/blog">FIRST Blog</a></h3> <p>FIRST runs a blog open to members and invited guest authors. It publishes contributions relevant to incident responders. Articles should focus on general topics interesting to members. It will not be used to promote individual organisations, products or services. If you are interested in contributing, please get in touch with <a href="mailto:first-blog@first.org">first-blog@first.org</a>.</p> <p>Learn more about the Forum of Incident Response and Security Teams through regular blog posts about our organization, events and other programs. Questions or comments? Contact <a href="mailto:first-press@first.org">first-press@first.org</a>.</p></div><div id="c5" data-studio="Yu8FjCC11g"></div></div><div id="sidebar" data-studio="CU52CV1W8g"><div id="c6" data-studio="Yu8FjCC11g" class="h3labels orange subbox"><h3 id="Subscribe-via-RSS">Subscribe via RSS</h3> <p>RDF Site Summary (RSS) is a lightweight multipurpose extensible metadata description and syndication format.</p> <p>Subscribe to the <strong>FIRST Blog</strong> using our RSS feed:<br /> <a href="/blog/rss.xml"><span class="icon-feed"></span> RSS 2.0</a></p></div><div id="c7" data-studio="Yu8FjCC11g"><div id="tag-cloud" data-url="/blog/"><a href="#abuse" class="l-1">Abuse</a> <a href="#amsterdam" class="l-1">Amsterdam</a> <a href="#apnic" class="l-1">APNIC</a> <a href="#apt" class="l-1">APT</a> <a href="#attack" class="l0">attack</a> <a href="#board" class="l-1">board</a> <a href="#board-of-directors" class="l-1">Board of Directors</a> <a href="#certificate" class="l-1">certificate</a> <a href="#clustering" class="l-1">clustering</a> <a href="#collaboration" class="l0">collaboration</a> <a href="#community" class="l2">community</a> <a href="#conference" class="l5">conference</a> <a href="#cryptography" class="l-1">cryptography</a> <a href="#csirt" class="l-1">CSIRT</a> <a href="#csirt-maturity" class="l-1">CSIRT Maturity</a> <a href="#cvd" class="l-1">cvd</a> <a href="#cvss" class="l-1">cvss</a> <a href="#cyber" class="l-1">cyber</a> <a href="#cyber-norms" class="l-1">Cyber norms</a> <a href="#cybersecurity" class="l2">Cybersecurity</a> <a href="#data-protection" class="l-1">Data Protection</a> <a href="#dns" class="l-1">DNS</a> <a href="#dns-abuse" class="l-1">DNS Abuse</a> <a href="#doa" class="l-1">doa</a> <a href="#ethics" class="l-1">ethics</a> <a href="#facebook" class="l-1">Facebook</a> <a href="#factors" class="l-1">Factors</a> <a href="#file-similarity" class="l-1">file similarity</a> <a href="#first" class="l1">FIRST</a> <a href="#first-tech" class="l-1">first-tech</a> <a href="#forecast" class="l0">forecast</a> <a href="#forecasting" class="l-1">forecasting</a> <a href="#gcsc" class="l-1">GCSC</a> <a href="#gdpr" class="l0">GDPR</a> <a href="#google" class="l-1">Google</a> <a href="#human" class="l-1">Human</a> <a href="#icann" class="l-1">ICANN</a> <a href="#igf" class="l-1">IGF</a> <a href="#incident-response" class="l-1">incident response</a> <a href="#infrastructure" class="l-1">infrastructure</a> <a href="#insights" class="l-1">insights</a> <a href="#inteligence" class="l-1">inteligence</a> <a href="#internet-governance" class="l-1">Internet Governance</a> <a href="#ioc" class="l-1">ioc</a> <a href="#keynote" class="l1">keynote</a> <a href="#loa" class="l-1">loa</a> <a href="#management" class="l-1">management</a> <a href="#matrix" class="l-1">Matrix</a> <a href="#maturity" class="l0">maturity</a> <a href="#microsoft" class="l0">Microsoft</a> <a href="#ncsc" class="l-1">NCSC</a> <a href="#netherlands" class="l-1">Netherlands</a> <a href="#oxford" class="l-1">Oxford</a> <a href="#patch-tuesday" class="l-1">Patch Tuesday</a> <a href="#policy" class="l-1">Policy</a> <a href="#printnightmare" class="l-1">printNightmare</a> <a href="#privacy" class="l-1">Privacy</a> <a href="#product-security" class="l-1">Product Security</a> <a href="#psirt" class="l0">psirt</a> <a href="#ransom" class="l-1">ransom</a> <a href="#ransomware" class="l-1">ransomware</a> <a href="#regional" class="l-1">Regional</a> <a href="#san-juan" class="l1">San Juan</a> <a href="#secureworks" class="l-1">Secureworks</a> <a href="#security" class="l0">Security</a> <a href="#security-analytics" class="l-1">Security Analytics</a> <a href="#services" class="l0">services</a> <a href="#sig" class="l-1">sig</a> <a href="#similarity" class="l-1">similarity</a> <a href="#soar" class="l-1">SOAR</a> <a href="#stakeholders" class="l-1">stakeholders</a> <a href="#strategy" class="l-1">Strategy</a> <a href="#symposium" class="l-1">Symposium</a> <a href="#tactical-intelligence" class="l-1">tactical intelligence</a> <a href="#technical-colloquium" class="l-1">Technical Colloquium</a> <a href="#threat" class="l-1">threat</a> <a href="#threat-campaigns" class="l-1">threat campaigns</a> <a href="#threat-context" class="l-1">threat context</a> <a href="#threat-hunting" class="l-1">Threat hunting</a> <a href="#threat-intelligence" class="l-1">Threat intelligence</a> <a href="#tools" class="l0">tools</a> <a href="#trends" class="l-1">trends</a> <a href="#ungge" class="l-1">UNGGE</a> <a href="#velociraptor" class="l-1">velociraptor</a> <a href="#volunteer" class="l-1">volunteer</a> <a href="#vulnerabilities" class="l0">vulnerabilities</a> <a href="#vulnerability" class="l0">vulnerability</a> <a href="#whois" class="l-1">WHOIS</a> </div></div></div><footer><div id="footer" data-studio="CU52CV1W8g"><div id="c2" data-studio="Yu8FjCC11g"><div class="content"> <div class="support"> <div class="kbsearch bottom"> <p><a href="https://support.first.org"><img src="/_/img/icon-portal_support.svg" alt="FIRST Support" title="FIRST Support" /></a> <input class="kb-search" type="search" placeholder="Do you need help?"></p> </div> </div> <div id="socialnetworks"><a href="/about/sdg" title="FIRST Supported Sustainable Development Goals (SDG)" class="icon-sdg"></a><a rel="me" href="https://infosec.exchange/@firstdotorg" target="_blank" title="@FIRSTdotOrg@infosec.exchange" class="icon-mastodon"></a><a href="https://twitter.com/FIRSTdotOrg" target="_blank" title="Twitter @FIRSTdotOrg" class="icon-tw"></a><a href="https://www.linkedin.com/company/firstdotorg" target="_blank" title="FIRST.Org at LinkedIn" class="icon-linkedin"></a><a href="https://www.facebook.com/FIRSTdotorg" target="_blank" title="FIRST.Org at Facebook" class="icon-fb"></a><a href="https://github.com/FIRSTdotorg" target="_blank" title="FIRST.Org at Github" class="icon-github"></a><a href="https://www.youtube.com/c/FIRSTdotorg" target="_blank" title="FIRST.Org at Youtube" class="icon-youtube"></a><a href="/podcasts" title="FIRST.Org Podcasts" class="icon-podcast"></a></div> <p><a href="/copyright">Copyright</a> © 2015—2024 by Forum of Incident Response and Security Teams, Inc. All Rights Reserved.</p> </div> <p><span class="tlp"></span></p></div></div></footer><script nonce="IzofCAbf_d8OPgmQjsbegg" async="async" src="/_/web.js?20241125212614"></script><script nonce="IzofCAbf_d8OPgmQjsbegg" async="async" src="/_/s.js?20241125-212616"></script></body></html>