MUST READ

Google addressed two Android flaws actively exploited in targeted attacks

 | 

U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog

 | 

Android droppers evolved into versatile tools to spread malware

 | 

Jaguar Land Rover shuts down systems after cyberattack, no evidence of customer data theft

 | 

Cloudflare blocked a record 11.5 Tbps DDoS attack

 | 

Palo Alto Networks disclose a data breach linked to Salesloft Drift incident

 | 

Von der Leyen’s plane hit by suspected Russian GPS Jamming in Bulgaria, landed Safely

 | 

Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info

 | 

Crooks exploit Meta malvertising to target Android users with Brokewell

 | 

North Korea’s APT37 deploys RokRAT in new phishing campaign against academics

 | 

Fraudster stole over $1.5 million from city of Baltimore

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 60

 | 

Security Affairs newsletter Round 539 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Amazon blocks APT29 campaign targeting Microsoft device code authentication

 | 

Lab Dookhtegan hacking group disrupts communications on dozens of Iranian ships

 | 

New zero-click exploit allegedly used to hack WhatsApp users

 | 

US and Dutch Police dismantle VerifTools fake ID marketplace

 | 

Experts warn of actively exploited FreePBX zero-day

 | 

Google: Salesloft Drift breach hits all integrations

 | 

Dutch intelligence warn that China-linked APT Salt Typhoon targeted local critical infrastructure

 | 

MITRE released EMB3D Threat Model for embedded devices

Pierluigi Paganini May 14, 2024

The non-profit technology organization MITRE released the EMB3D threat model for embedded devices used in critical infrastructure.

MITRE announced the public release of its EMB3D threat model for embedded devices used in various industries (i.e. Automotive, healthcare, and manufacturing), including critical infrastructure.

The threat model provides a knowledge base of cyber threats to embedded devices. EMB3D serves as a valuable resource for various industries, including critical infrastructure, IoT, automotive, healthcare, and manufacturing, providing insights to vendors, asset owners/operators, test organizations, and security researchers to enhance the security of embedded devices.

Multiple partners have contributed to the design of the threat model, including Red Balloon Security, Narf Industries, and Niyo ‘Little Thunder’ Pearson of ONE Gas.  

The framework can allow vendors, asset owners and operators to improve the security of embedded devices.

“The threat model is intended to be a resource to help vendors, asset owners/operators, test organizations, and security researchers to improve the overall security of embedded devices’ hardware and software. This threat model aims to serve as a central repository of information, defining known threats to embedded devices and their unique device features/properties that enable specific threat actions.” reads the announcement. “By mapping the threats to the associated device features/properties, the user can easily enumerate threat exposure based on the known device features.”

MITRE EMB3D

EMB3D was designed as a dynamic framework that will continuously evolve over time, including new threats and mitigations as they are identified by threat actors and security researchers.

It operates as a public community resource, allowing open access to all information and enabling contributions and revisions from the security community. This collaborative approach ensures that EMB3D™ remains up-to-date and comprehensive, serving as a valuable resource for enhancing the security of embedded devices.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Mitre)

embedded devices Hacking hacking news information security news IT Information Security MITRE MITRE EMB3D Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini September 03, 2025
Crooks turn HexStrike AI into a weapon for fresh vulnerabilities
Read more
Pierluigi Paganini September 03, 2025
Google addressed two Android flaws actively exploited in targeted attacks
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Crooks turn HexStrike AI into a weapon for fresh vulnerabilities

Cyber Crime / September 03, 2025

Google addressed two Android flaws actively exploited in targeted attacks

Security / September 03, 2025

U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog

Hacking / September 03, 2025

Android droppers evolved into versatile tools to spread malware

Malware / September 03, 2025

Jaguar Land Rover shuts down systems after cyberattack, no evidence of customer data theft

Hacking / September 03, 2025