MUST READ

Cisco fixed actively exploited zero-day in Cisco IOS and IOS XE software

 | 

Nation-State hackers exploit Libraesva Email Gateway flaw

 | 

SolarWinds fixed a critical RCE flaw in its Web Help Desk software

 | 

How threat actors breached a U.S. federal civilian agency by exploiting a GeoServer flaw

 | 

Cloudflare mitigates largest-ever DDoS attack at 22.2 Tbps

 | 

U.S. CISA adds Google Chromium flaw to its Known Exploited Vulnerabilities catalog

 | 

US Secret Service dismantled covert communications network near the U.N. in New York

 | 

A suspected Scattered Spider member suspect detained for casino network attacks

 | 

$150K awarded for L1TF Reloaded exploit that bypasses cloud mitigations

 | 

Canada's RCMP closes TradeOgre, seizes $40M in country’s largest crypto bust

 | 

Stellantis probes data breach linked to third-party provider

 | 

FBI alerts public to spoofed IC3 site used in fraud schemes

 | 

EU agency ENISA says ransomware attack behind airport disruptions

 | 

Researchers expose MalTerminal, an LLM-enabled malware pioneer

 | 

Beware: GitHub repos distributing Atomic Infostealer on macOS

 | 

ESET uncovers Gamaredon–Turla collaboration in Ukraine cyberattacks

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 63

 | 

Security Affairs newsletter Round 542 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

A cyberattack on Collins Aerospace disrupted operations at major European airports

 | 

Fortra addressed a maximum severity flaw in GoAnywhere MFT software

 | 

MITRE released EMB3D Threat Model for embedded devices

Pierluigi Paganini May 14, 2024

The non-profit technology organization MITRE released the EMB3D threat model for embedded devices used in critical infrastructure.

MITRE announced the public release of its EMB3D threat model for embedded devices used in various industries (i.e. Automotive, healthcare, and manufacturing), including critical infrastructure.

The threat model provides a knowledge base of cyber threats to embedded devices. EMB3D serves as a valuable resource for various industries, including critical infrastructure, IoT, automotive, healthcare, and manufacturing, providing insights to vendors, asset owners/operators, test organizations, and security researchers to enhance the security of embedded devices.

Multiple partners have contributed to the design of the threat model, including Red Balloon Security, Narf Industries, and Niyo ‘Little Thunder’ Pearson of ONE Gas.  

The framework can allow vendors, asset owners and operators to improve the security of embedded devices.

“The threat model is intended to be a resource to help vendors, asset owners/operators, test organizations, and security researchers to improve the overall security of embedded devices’ hardware and software. This threat model aims to serve as a central repository of information, defining known threats to embedded devices and their unique device features/properties that enable specific threat actions.” reads the announcement. “By mapping the threats to the associated device features/properties, the user can easily enumerate threat exposure based on the known device features.”

MITRE EMB3D

EMB3D was designed as a dynamic framework that will continuously evolve over time, including new threats and mitigations as they are identified by threat actors and security researchers.

It operates as a public community resource, allowing open access to all information and enabling contributions and revisions from the security community. This collaborative approach ensures that EMB3D™ remains up-to-date and comprehensive, serving as a valuable resource for enhancing the security of embedded devices.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Mitre)

embedded devices Hacking hacking news information security news IT Information Security MITRE MITRE EMB3D Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini September 25, 2025
Cisco fixed actively exploited zero-day in Cisco IOS and IOS XE software
Read more
Pierluigi Paganini September 24, 2025
Nation-State hackers exploit Libraesva Email Gateway flaw
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Cisco fixed actively exploited zero-day in Cisco IOS and IOS XE software

Hacking / September 25, 2025

Nation-State hackers exploit Libraesva Email Gateway flaw

Hacking / September 24, 2025

SolarWinds fixed a critical RCE flaw in its Web Help Desk software

Security / September 24, 2025

How threat actors breached a U.S. federal civilian agency by exploiting a GeoServer flaw

Hacking / September 24, 2025

Cloudflare mitigates largest-ever DDoS attack at 22.2 Tbps

Security / September 24, 2025