Women of FIRST
Women of FIRST| FIRST — Forum of Incident Response and Security Teams
Peter Lowe, FIRST’s DNS Abuse Policy Ambassador, shares a review of the APAC DNS Forum in Hanoi, Vietnam, where he met with representatives from various organizations and had valuable discussions about DNS abuse and data sharing.| What's New
In 2025 we expect another record-breaking year of CVE production. This year we expect 45505 +/- 4,363 CVEs to be published in the calendar year (CY). There’s a 5% chance the actual number exceeds the maximum (49868) and a 5% chance is less than the minimum (41142). Rather than give you a false sense of precision, it’s probably far easier to say we expect between 41-50k of vulnerabilities in calendar year CY 2025.| What's New
Last year I opened a presentation with this: «Human error are the words cyber security guys use when they don't know shit». The response was laughter. But I think it is true. Here's why, and why it's relevant to incident responders.| FIRST — Forum of Incident Response and Security Teams
We’re expecting 9006 +/- 1259 vulnerabilities this quarter, as we close out the year.| FIRST — Forum of Incident Response and Security Teams
The FIRST Board of Directors is introducing a new structured approach to strategic planning, aimed at enhancing the organization’s ability to fulfill its mission and solidify its position as a global leader in cybersecurity and incident response.| FIRST — Forum of Incident Response and Security Teams
In 2025 we expect another record-breaking year of CVE production. This year we expect 45505 +/- 4,363 CVEs to be published in the calendar year (CY). There’s a 5% chance the actual number exceeds the maximum (49868) and a 5% chance is less than the minimum (41142). Rather than give you a false sense of precision, it’s probably far easier to say we expect between 41-50k of vulnerabilities in calendar year CY 2025.| FIRST Blog
In calendar year 2024 we had another record breaking 40,704 CVEs published.| FIRST — Forum of Incident Response and Security Teams
The FIRST Multi-Stakeholder Ransomware SIG is very pleased to announce the release of the first version of the Ransomware Empowerment training. This has been a significant undertaking, requiring many months of dedicated effort from our dear SIG members. We have made it our priority to ensure that this training is TLP:CLEAR, so that it can be of benefit to all.| FIRST Blog
FIRST and the CVSS Special Interest Group (SIG) would like to wish a very happy first birthday to the newest version of CVSS, version 4.0!| FIRST — Forum of Incident Response and Security Teams
We’re expecting 9006 +/- 1259 vulnerabilities this quarter, as we close out the year.| FIRST — Forum of Incident Response and Security Teams
The 36th annual FIRST Conference, "FIRSTCON24," was held from June 9 to 14, 2024, in Fukuoka, Japan. This marked the first time in 15 years that the conference was hosted in Japan, with the last event taking place in Kyoto in 2009. The conference saw a remarkable turnout with 997 participants from 99 countries and regions.| FIRST — Forum of Incident Response and Security Teams
In this report, CyCraft research team analyzes 27 listed companies in Taiwan, Level-A government agencies and healthcare institutions, covering 46 AD Domains, with 1,057,000 objects included.| FIRST — Forum of Incident Response and Security Teams
As usual we like to verify our previous forecast before we make the next one. Due to travel, I must do this a few days before I should (normally on the 1st of June).| FIRST — Forum of Incident Response and Security Teams
So what are we expecting in terms of numbers of CVEs this quarter?| FIRST — Forum of Incident Response and Security Teams
Every year we make a prediction to the number of vulnerabilities we expect to see published by NVD. We define this as the number published between New Year’s Day in 2023 to New Year’s Eve 2023, which is not the same as CVE’s that begin with 2023 as an identifier.| FIRST — Forum of Incident Response and Security Teams
Back in the early days of the Internet, when everybody knew everybody, the way that you validated yourself to a Certificate Authority (CA) for an X509 certificate for Secure Sockets Layer (SSL) was to send a fax on company letterhead.| FIRST — Forum of Incident Response and Security Teams
Over two days in late September, attack surface management teams, incident responders, data scientists, and vulnerability management practitioners gathered in Cardiff, Wales.| FIRST — Forum of Incident Response and Security Teams
In today's rapidly evolving digital landscape, the need for robust cybersecurity solutions has never been more critical.| FIRST — Forum of Incident Response and Security Teams
Adobe has long focused on establishing a strong foundation of cybersecurity, built on a culture of collaboration, multiple capabilities, and deep engineering prowess. We aim to take a proactive approach to defending against security threats and issues and continuously monitor the threat landscape, learn from, and share our learnings with security experts around the world, and feed information back to our development teams to strengthen our products.| FIRST — Forum of Incident Response and Security Teams
It’s with great sadness that we learned Andrew Cormack had passed away in April. Andrew was more than just an expert. His curious and open mind inspired many in our community.| FIRST — Forum of Incident Response and Security Teams
People have become the main driver for breaches but the human factors remain insufficiently addressed in the IT security sector. We are working on changing that.| FIRST — Forum of Incident Response and Security Teams
Sadly, this year I wasn't able to join everyone at the Annual FIRST Conference in Montreal. By all accounts it was a brilliant time and I'm genuinely jealous of everyone who got to be there - especially the DNS Abuse SIG members who got to meet up in person.| FIRST — Forum of Incident Response and Security Teams
National CERT and CSIRT teams regularly need to write alerts on upcoming CVEs, and might want to know how many alerts to expect to write.| FIRST — Forum of Incident Response and Security Teams
The DNS Abuse SIG is very pleased to announce the publication of the DNS Abuse Techniques Matrix, the work of many months and a great number of people from various parts of the security and DNS worlds.| FIRST — Forum of Incident Response and Security Teams
"Long time no see!” was the most popular phrase at the TF-CSIRT – FIRST Regional Symposium in Bilbao, Spain. And it has been a long time indeed – last time we met all together was in Malaga in 2020. We had some virtual events in the meantime, but it was certainly nice to see old faces and meet new colleagues in real life. The first joint post-pandemic event took place from 30th of January to 2nd of February, kindly hosted by the Basque Cybersecurity Centre.| FIRST — Forum of Incident Response and Security Teams
Alexander Jaeger shares his expirience after 100 days being on the board of directors of FIRST.| FIRST — Forum of Incident Response and Security Teams
Klée Aiken, APNIC's External Relations Manager, shares his views on cyber norms and how they will impact incident responders.| FIRST — Forum of Incident Response and Security Teams
Background on the issue| FIRST — Forum of Incident Response and Security Teams
Microsoft's Principal Security Program Manager, Jerry Bryant, discusses a long history of building trust and engagement in security.| FIRST — Forum of Incident Response and Security Teams
An overview of the Global Conference on Cyberspace, and the work FIRST does in the policy community.| FIRST — Forum of Incident Response and Security Teams
EUrope is in the course of introducing completely new legisaltion regulation privacy and data protection. Much of the data that CSIRTs use potentially is affected by this.| FIRST — Forum of Incident Response and Security Teams
As the internet becomes imorteant in every more areas of our daily lifes ways need to be found to ensure resilience. The by far most important to achieve cyber resilience is collaboration across boarders.| FIRST — Forum of Incident Response and Security Teams
Recent updates from the Board of Directors about recent activities and an outlook what we are currently working on.| FIRST — Forum of Incident Response and Security Teams
For the longest time the growing Internet and digital communication was hailed as the path to a new and better world. But poorer countries where mostly left out from the benefits. Serge Droz writes about how FIRST delivers training in these regions.| FIRST — Forum of Incident Response and Security Teams
The FIRST Conference’s Keynote sessions concluded today with a presentation by Brian LaMacchia, Director of the Security & Cryptography group within Microsoft Research (MSR). In this department, his team conducts basic and applied research and advanced development.| FIRST — Forum of Incident Response and Security Teams
Day four of the FIRST Conference began with a keynote presentation by Martijn de Hamer, the head of the National Cyber Security Operations Center (NCSOC) at the National Cyber Security Center (NCSC-NL) in the Netherlands. After having had various roles in the field of information security, de Hamer first started working for NCSC-NL (previously GOVCERT.NL) in 2005. Additionally, he is active in the field of CSIRT maturity and other aspects of CSIRT capacity building.| FIRST — Forum of Incident Response and Security Teams
Day 3 of the FIRST Conference got started with keynote speaker Florian Egloff. Florian Egloff is a Clarendon Scholar, a D. Phil (PhD) Candidate in Cyber Security at the Centre for Doctoral Training in Cyber Security at the University of Oxford, and a Research Affiliate at the Cyber Studies Programme at Oxford University's Department of Politics and International Relations. He is currently working on his thesis entitled "Cybersecurity and non-state actors: a historical analogy with mercantile ...| FIRST — Forum of Incident Response and Security Teams
Day 2 of the FIRST Conference got started with keynote speaker Darren Bilby, a manager in Google’s Enterprise Infrastructure protection team, who is also a staff security engineer and self-described digital janitor. A 10-year veteran at Google, Bilby was the tech lead for Google’s Global Incident Response Team for six years, managed Google's European detection team in Zürich for two years and has also worked as a software engineer building out Google’s security tools. He was also the f...| FIRST — Forum of Incident Response and Security Teams
FIRST's Annual Conference kicked off on Monday morning, June 12th of 2017 with its opening keynote speaker, Facebook Chief Security Officer (CSO) Alex Stamos. As security lead for one of the world’s most noted companies, Stamos began his lecture with some of the biggest security challenges Facebook deals with.| FIRST — Forum of Incident Response and Security Teams
In September, ICANN invited me to talk about DNS Abuse at the ICANN75 AGM in Kuala Lumpur, Malaysia. It was a great success! My presentation ‘The Challenge of Defining DNS Abuse’ was well received, and many attending industry specialists asked good questions, especially about FIRST's work. I made many valuable connections, including people from ICANN, the DNS Abuse Institute, registries, registrars, CERTs, commercial companies, government organizations, and many more.| FIRST — Forum of Incident Response and Security Teams
The European Union Agency for Cybersecurity is dedicated to achieving a high common level of cybersecurity across Europe. For more than 15 years, ENISA has played a key role in enabling digital trust and security across Europe, together with its stakeholders including the Member States and EU bodies and agencies.| FIRST — Forum of Incident Response and Security Teams
With the recent release of the 2022 Unit 42 Ransomware Threat Report, we thought it would be a good time to take a quick look at ransomware activity that we’ve seen so far in 2022.| FIRST — Forum of Incident Response and Security Teams
Just a few years ago, security orchestration, automation and response (SOAR) was the new buzzword associated with security modernization. Today, however, SOAR platforms are increasingly assuming a legacy look and feel. Although SOARs still have their place in a modern SecOps strategy, the key to driving SecOps forward today is no-code security automation. Read on to learn what lightweight security automation means, how it compares to SOAR and why SOARs alone won’t help you stay ahead of tod...| FIRST — Forum of Incident Response and Security Teams
I want the needle, and the haystack to go along with it. Attackers take advantage of siloed data and security tools to exploit systems using misconfigurations and move laterally. This lateral movement across different attack surfaces has attackers flowing between the control plane and data plane of your environment to escalate privileges and seek out targeted access.| FIRST — Forum of Incident Response and Security Teams
DNS Abuse is a pretty widely used term. On the surface, it might seem like a simple term that's easily understood. But when you look more closely, the definition depends on your perception of the issue—and can be defined both broadly, or more narrowly.| FIRST — Forum of Incident Response and Security Teams
I had the absolute pleasure of participating in and attending the recent FIRST Technical Colloquium at the W Hotel in Amsterdam, Netherlands, April 12–14. It was great to see nearly 100 people attend and over 50 people participating in training at this long-awaited in-person event. The program featured 17 speakers and two on-site trainers who held several popular workshops.| FIRST — Forum of Incident Response and Security Teams
FIRST encourages states to not attack CSIRTs and critical infrastructure| FIRST — Forum of Incident Response and Security Teams
Every incident response team globally is facing a serious increase of workload. As attackers scan and penetrate networks via automation, so must defenders look at automation.| FIRST — Forum of Incident Response and Security Teams
Last month, I was honored to be one of the planners and participants of the FIRST Technical Colloquium (TC) in Norway. Organized by FIRST members, the event was held just outside of Oslo at the Telenor Expo, Telenor headquarters in Fornebu.| FIRST — Forum of Incident Response and Security Teams
Threat hunting: an outdated technique or a tactical advantage?| FIRST — Forum of Incident Response and Security Teams
Hunting a Zero day!| FIRST — Forum of Incident Response and Security Teams
Ongoing campaign leveraging Exchange vulnerability potentially linked to Iran| FIRST — Forum of Incident Response and Security Teams
Industry Peers Are the Path Towards a Collective Defense| FIRST — Forum of Incident Response and Security Teams
Together, We’re Creating Better Threat Intelligence Sharing for the World| FIRST — Forum of Incident Response and Security Teams
This evolving and brutally effective threat can have a significant impact on an organization’s resources, finances, and reputation, but it can be stopped| FIRST — Forum of Incident Response and Security Teams
Cyber Threat Intelligence (CTI) practitioners can gain insight into adversary operations by tracking conflicts or geopolitical tensions. Similar to a “follow the money” approach in criminal investigations, looking at conflict zones can reveal cyber capabilities deployed as part of events —either by the parties to the conflict itself, or third parties interested in monitoring events for their own purposes.| FIRST — Forum of Incident Response and Security Teams
Forecasting: All for One and One for All in Cybersecurity| FIRST — Forum of Incident Response and Security Teams
Cyber Threat Intelligence (CTI) practitioners can gain insight into adversary operations by tracking conflicts or geopolitical tensions. Similar to a “follow the money” approach in criminal investigations, looking at conflict zones can reveal cyber capabilities deployed as part of events —either by the parties to the conflict itself, or third parties interested in monitoring events for their own purposes.| FIRST — Forum of Incident Response and Security Teams
Last weekend we issued a ransomware alert about a wave of attacks using a never-seen-before strain dubbed ‘Pay2Key.’ Our investigation suggested the ransomware operators were mostly targeting Israeli companies. The ransomware used in the attacks spread rapidly across victims’ networks, leaving significant parts of the network encrypted along with a ransom note, threatening to leak stolen corporate data unless the ransom is paid.| FIRST — Forum of Incident Response and Security Teams
Hopefully what we’ve outlined as suggested services and functions a PSIRT could offer at the various stages of their development will be helpful and inspires your team to raise their game.| FIRST — Forum of Incident Response and Security Teams
An organizers view on the 2018 Oslo Technical Symposium| FIRST — Forum of Incident Response and Security Teams
Maarten Van Horenbeeck, Board Member of FIRST, delivers a statement to the Global Commission on the Stability of Cyberspace, in Singapore.| FIRST — Forum of Incident Response and Security Teams
