What's New

2025 Vulnerability Forecast: Year-End Review

Mon, 29 Dec 2025 00:30:00 +0000

As 2025 draws to a close, we find ourselves in the satisfying position of reviewing forecasts that worked. Next year’s forecast will look and feel a bit different, but you can expect that in January and we like to keep them separate.

Upskilling Communications

Tue, 16 Dec 2025 00:00:00 +0000

Sharing information in cybersecurity is vital for prevention and response. There’s a lot of technical processes available, and best practice to learn from. FIRST, for example, was created for that exact reason back in the 90s, to share techniques and information between teams.

FIRST Reports Record Growth and Expanding Global Impact

Wed, 10 Dec 2025 14:00:00 +0000

Momentum Year Marked by Record Membership, New Resources, and Broader Collaboration Across 110+ Countries

Building Resilience Through Reporting

Mon, 01 Dec 2025 00:00:00 +0000

The Actioning Alerts and Advisories (A4) project aimed to improve threat reporting in cybersecurity by providing technical expertise, analysis, and communications support to National Cybersecurity Incident Response Teams (CSIRTs). The project worked with teams from four countries, fostering collaboration and knowledge-sharing

Building Resilience Through Reporting

Mon, 01 Dec 2025 00:00:00 +0000

he Actioning Alerts and Advisories (A4) project aimed to improve threat reporting in cybersecurity by providing technical expertise, analysis, and communications support to National Cybersecurity Incident Response Teams (CSIRTs). The project worked with teams from four countries, fostering collaboration and knowledge-sharing among stakeholders, and empowering CSIRTs to create actionable reports that can be used to prevent cyber threats.

2025 Q4 Vulnerability Publication Forecast

Thu, 16 Oct 2025 00:30:00 +0000

Usually, we begin a blog post with a review of last quarter, but our volunteer team couldn’t get a forecast out last quarter. We had several pressing matters between multiple team members, and we apologise. So, we’ll move swiftly on to this quarter’s predictions.

FIRST Accelerates Global Security Initiatives with Upcoming Conference, Leadership Expansion, and Technical Advancement Programs

Tue, 16 Sep 2025 00:00:00 +0000

Vulnerability Forecasting Colloquium, New Threat Hunting SIG, and International Partnerships Drive Global Cybersecurity Impact

FIRST POST: Jul-Sep 2025

Thu, 04 Sep 2025 00:00:00 +0000

Message from the Chair; Digital Sovereignty and Communities; Member Spotlight; FIRST CORE; Special Interest Group Updates; Training and CCB; Strategic Initiatives Amplification, Video Series Completion and LinkedIn Growth Surge; Upcoming Events

FIRST POST: Apr-Jun 2025

Thu, 31 Jul 2025 00:00:00 +0000

Message from the Chair; Incident Response Hall of Fame 2025 Recipient: Richard (Rich) D. Pethia, CERT/CC; New Board Member: Graciela Martinez Giordano; Building Bridges is fine, but you have to use them; Board Roles & Responsibilities; FIRST Welcomes New Members and Thanks Sponsoring Teams!; Women of FIRST; Strategic Campaign Success, Video Series Launch and Global Media Recognition; Upcoming Events

FIRSTCON25 Delivers Global Collaboration and Groundbreaking Cybersecurity Initiatives

Fri, 27 Jun 2025 12:00:00 +0000

Annual conference unveils new funding initiatives, platforms and tools, leadership appointments, and expanded global capacity building programs

Richard D. Pethia Inducted into FIRST's Incident Response Hall of Fame

Wed, 25 Jun 2025 04:00:00 +0000

Pioneer behind the first CERT honored for launching a global movement in cybersecurity

FIRST Announces New CORE Initiative with Fortinet as a Founding Partner

Mon, 23 Jun 2025 04:00:00 +0000

New initiative empowers cybersecurity and incident response teams worldwide through capacity building and community development

Women of FIRST

Mon, 16 Jun 2025 00:30:00 +0000

Cyber Incident Simulation: Piecing Together an Attack Through a Public Policy Lens

APAC DNS Forum 2025

Tue, 03 Jun 2025 00:30:00 +0000

Peter Lowe, FIRST’s DNS Abuse Policy Ambassador, shares a review of the APAC DNS Forum in Hanoi, Vietnam, where he met with representatives from various organizations and had valuable discussions about DNS abuse and data sharing.

Time to kick out Human Error?

Mon, 21 Apr 2025 00:30:00 +0000

Last year I opened a presentation with this: «Human error are the words cyber security guys use when they don't know shit». The response was laughter. But I think it is true. Here's why, and why it's relevant to incident responders.

FIRST POST: Jan-Mar 2025

Fri, 11 Apr 2025 00:00:00 +0000

Message from the Chair; Strategy and Governance: Launch of the FIRST Strategy Framework; FIRST Welcomes New Members and Thanks Sponsoring Teams!; Special Interest Group Updates; The role of National CERTs/CSIRTs in Implementing the UN Norms of Responsible Behavior in Cyberspace; Growth Stack Media Q1FY25 PR Highlights: Media Coverage Expansion & Successful Campaigns; Green Copenhagen; FIRST on Social Media; and Upcoming Events

2025 Q2 Vulnerability Forecast

Tue, 08 Apr 2025 00:30:00 +0000

We’re expecting 9006 +/- 1259 vulnerabilities this quarter, as we close out the year.

FIRST Announces Global Event Series to Unite Incident Response and Security Teams Worldwide

Wed, 05 Mar 2025 00:00:00 +0000

Flagship events in Raleigh, Berlin, and Copenhagen set to strengthen international cybersecurity collaboration amid surge in cross-border security incidents

The FIRST Board of Directors Launches FIRST’s Strategy Framework

Mon, 03 Mar 2025 00:30:00 +0000

The FIRST Board of Directors is introducing a new structured approach to strategic planning, aimed at enhancing the organization’s ability to fulfill its mission and solidify its position as a global leader in cybersecurity and incident response.

Vulnerability Forecast for 2025

Tue, 25 Feb 2025 00:30:00 +0000

In 2025 we expect another record-breaking year of CVE production. This year we expect 45505 +/- 4,363 CVEs to be published in the calendar year (CY). There’s a 5% chance the actual number exceeds the maximum (49868) and a 5% chance is less than the minimum (41142). Rather than give you a false sense of precision, it’s probably far easier to say we expect between 41-50k of vulnerabilities in calendar year CY 2025.

APAC DNS Forum 2025

Tue, 25 Feb 2025 00:30:00 +0000

The 2024 Vulnerability Forecast: Year in Review

Mon, 06 Jan 2025 00:30:00 +0000

In calendar year 2024 we had another record breaking 40,704 CVEs published.

FIRST POST: Oct-Dec 2024

Tue, 31 Dec 2024 00:00:00 +0000

Message from the Chair; The Growing Role of Cyber Diplomacy in Managing Digital Conflicts; APCERT & FIRST Regional Symposium; FIRST Membership Committee - Updated Liaison Process; FIRST Welcomes New Members and Thanks Sponsoring Teams!; Trainer Recognition; Growth Stack Media Q4 PR Highlights: CISA Endorsement & Emerging Industry Leadership; Special Interest Group Updates; Early Bird Registration for FIRSTCON25 Copenhagen Ends February 10!; Upcoming Events

Ransomware Empowerment Training

Mon, 23 Dec 2024 00:30:00 +0000

The FIRST Multi-Stakeholder Ransomware SIG is very pleased to announce the release of the first version of the Ransomware Empowerment training. This has been a significant undertaking, requiring many months of dedicated effort from our dear SIG members. We have made it our priority to ensure that this training is TLP:CLEAR, so that it can be of benefit to all.

FIRST Drives Global Cybersecurity Progress Through Community-Led Innovation

Thu, 05 Dec 2024 05:00:00 +0000

White House recognizes FIRST's Traffic Light Protocol (TLP) as cybersecurity best practice; Record attendance at FIRSTCON Fukuoka marks Asia-Pacific expansion; Historic FIRST & AfricaCERT Symposium strengthens African cybersecurity collaboration

CVSS v4.0 Turns One Year Old

Mon, 04 Nov 2024 00:30:00 +0000

FIRST and the CVSS Special Interest Group (SIG) would like to wish a very happy first birthday to the newest version of CVSS, version 4.0!

FIRST POST: Jul-Sep 2024

Fri, 04 Oct 2024 00:00:00 +0000

Message from the Chair; Board members Roles and Responsibilities for 2024/2025; FIRST-AJCCBC Workshop Series – Summer 2024; First NETSEC training in Fukuoka; Looking back at the Fukuoka Annual Conference; Training on Fundamentals of Cyber Threat Intelligence successfully delivered at the International Information Technology University (IITU), Almaty, Kazakhstan; FIRST at the Summer School on Internet Governance in Meissen; Special Interest Group Updates; FIRST Newcomers & Membership Committee; IMPORTANT: Heads-Up on VAT for FIRST for all events in EUROPE from 2025 onward; FIRST Gains Momentum in Media Landscape; Upcoming Events; FIRST on Social Media

2024 Q4 Vulnerability Forecast

Mon, 23 Sep 2024 00:30:00 +0000

We’re expecting 9006 +/- 1259 vulnerabilities this quarter, as we close out the year.

2024 Events and 2025 Preview

Fri, 23 Aug 2024 12:00:00 +0000

Greetings FIRST Community,

2024 has been an exciting year of memorable programming, including the annual conference, which visited Japan in June! With just four months before the end of the year, we want to highlight the content and opportunities still to come.

Global Security Leaders Convene at FIRSTCON to Address Critical Infrastructure Threats

Wed, 24 Jul 2024 00:00:00 +0000

Fukuoka, Japan - July 24, 2024 - The Forum of Incident Response and Security Teams (FIRST) recently concluded its intensive five-day conference, FIRSTCON 2024, held this year in Fukuoka.

From Fukuoka to Copenhagen: LAC’s Insights on the Latest Cyber Threat Trends

Fri, 28 Jun 2024 10:30:00 +0000

The 36th annual FIRST Conference, "FIRSTCON24," was held from June 9 to 14, 2024, in Fukuoka, Japan. This marked the first time in 15 years that the conference was hosted in Japan, with the last event taking place in Kyoto in 2009. The conference saw a remarkable turnout with 997 participants from 99 countries and regions.

Unveiling Active Directory Security Risks: A Comprehensive Analysis of Management Issues and Vulnerabilities

Fri, 21 Jun 2024 10:30:00 +0000

In this report, CyCraft research team analyzes 27 listed companies in Taiwan, Level-A government agencies and healthcare institutions, covering 46 AD Domains, with 1,057,000 objects included.

FIRST Annual Report Released

Mon, 10 Jun 2024 00:00:00 +0000

FIRST published its eighth Annual Report which covers the organization’s accomplishments towards its vision of bringing together incident response and security teams from every country across the world to ensure a safe internet for all. The report is available at FIRST Annual Report 2023-2024.

2024 Q3 Vulnerability Forecast

Wed, 29 May 2024 00:30:00 +0000

As usual we like to verify our previous forecast before we make the next one. Due to travel, I must do this a few days before I should (normally on the 1^st of June).

FIRST POST: Apr-Jun 2024

Mon, 20 May 2024 00:00:00 +0000

Message from the Chair; Message from the Chair; FIRST Standards Committee; CTI Conference in Berlin; FIRST Newcomers & Membership Committee; On the Road to Fukuoka - See you soon!; FIRST as a Diana Initiative Community Partner; Growth Stack Media PR Updates; Special Interest Group Updates; FIRST Impressions Podcast; FIRST on Social Media

2024 Q2 Vulnerability Forecast

Thu, 25 Apr 2024 10:30:00 +0000

So what are we expecting in terms of numbers of CVEs this quarter?

FIRST POST: Jan-Mar 2024

Tue, 20 Feb 2024 00:00:00 +0000

Message from the Chair; Christmas CTF in Norway; Incentivizing anti-abuse proactivity among online service providers; FIRST Newcomers & Membership Committee; Growth Stack Media Appointed as FIRST's Agency of Record; On the Road to Fukuoka - Registration is Open!; FIRST Standards Committee update (aka “the wheel reinvention prevention committee”); Special Interest Group Updates; FIRST on Social Media; Upcoming Events

Growth Stack Media Appointed as FIRST's Agency of Record

Thu, 08 Feb 2024 13:30:00 +0000

FIRST Elevates Public Relations Efforts with Appointment of Growth Stack Media as Agency of Record

Balkan Cybersecurity Days 2024: Call for Speakers Open

Mon, 29 Jan 2024 00:00:00 +0000

Join us for the second edition of Balkan Cybersecurity Days! Organized by DCAF in collaboration with partners AKCESK and FIRST, the event will take place from March 20-22, 2024, in Durrës, Albania.

The Call for Speakers for this event is open through February 9th. Interested presenters can learn more at here.

Bringing together cybersecurity professionals from the public and private sectors, the agenda includes a high-level opening, a panel on promoting cybersecurity talent, and plenary sessions in response to FIRST’s call for papers. Days two and three feature technical training sessions.
#BCD2024

The vulnerability forecast for 2024

Thu, 11 Jan 2024 10:30:00 +0000

Every year we make a prediction to the number of vulnerabilities we expect to see published by NVD. We define this as the number published between New Year’s Day in 2023 to New Year’s Eve 2023, which is not the same as CVE’s that begin with 2023 as an identifier.

VulnCon 2024 - Call for Papers!

Tue, 09 Jan 2024 16:00:00 +0000

WHEN: Monday, March 25 through Wednesday, March 27, 2024.

LOCATION North Carolina State University, McKimmon Center 1101 Gorman Street Raleigh, NC, 27606

We are seeking individuals to submit abstracts for talks, panels, birds-of-a-feather sessions. Any interested persons can submit no later than January 31, 2024.

Is the LoA DoA for Routing

Fri, 22 Dec 2023 10:30:00 +0000

Back in the early days of the Internet, when everybody knew everybody, the way that you validated yourself to a Certificate Authority (CA) for an X509 certificate for Secure Sockets Layer (SSL) was to send a fax on company letterhead.

Event Opportunities in 2024 & Last Call for FIRSTCON24 Speakers

Tue, 28 Nov 2023 00:00:00 +0000

Are you interested in getting involved in FIRST’s 2024 events? If so, take special note of the details and dates below.

This digest covers…

FIRSTCON24 Call for Speakers and Trainings Closing This Month
2024 Events Speaking and Sponsorship Opportunities
2024 Events Save the Date Information

The rising tide of vulnerabilities…might be more predictable than you think.

Wed, 22 Nov 2023 18:00:00 +0000

Over two days in late September, attack surface management teams, incident responders, data scientists, and vulnerability management practitioners gathered in Cardiff, Wales.

Save the Date for VulnCon 2024!

Thu, 09 Nov 2023 00:00:00 +0000

Focused on the Global Vulnerability Management Ecosystem, attendees will have the opportunity to advance the art and science of vulnerability management with industry leaders.

FIRST has officially published the latest version of the Common Vulnerability Scoring System (CVSS v4.0)

Wed, 01 Nov 2023 17:00:00 +0000

In June 2023, attendees at the 35th Annual FIRST Conference, in Montréal, Canada got a first-look preview of the new version of the Common Vulnerability Scoring System (CVSS), version 4.0. After two month of public comment followed by two months of addressing those comments, FIRST is proud to announce the official publication of CVSS version 4.0.

FIRST POST: Oct-Dec 2023

Wed, 18 Oct 2023 00:00:00 +0000

Message from the Chair; CVSS v4.0 is now available; The Board in Oslo; Migrating to the new FIRST SSO; SIGs; On the Road to Fukuoka / Call for presentations; New Teams Members: August, September, October; Upcoming Events

New Cyber Security Conference Announced For 2024

Fri, 01 Sep 2023 00:00:00 +0000

Open CSIRT Foundation and FIRST join forces to bring European cyber security experts together in Spain

FIRST Impressions Podcast featured in Feedspot Top 10 Incident Response Podcasts

Mon, 28 Aug 2023 00:00:00 +0000

FIRST Impressions Podcast has been selected as one of the Top 10 Incident Response Podcasts on the web.

The FIRST Impressions podcast brings you regularly scheduled content focused on discussions from across the incident response and security spectrum. Hosted by Chris John Riley and Martin McKeay, new episodes released first Friday of the month!

FIRST POST: Jul-Sep 2023

Tue, 18 Jul 2023 00:00:00 +0000

Message from the Chair; Conference Roundup; Special Interest Groups; Weekend Training; Training on DNS Prevention, Detection, Disruption and Defense; Diversity and Inclusion; New Board Member Introduction; M3AAWG 58 Meeting; 36th Annual FIRST Conference to take place June 9-14, 2024 in Fukuoka, Japan; New Members; Standards; Communications; Upcoming Events.

New Common Vulnerability Scoring System (CVSS) set to be cyber sector game-changer

Thu, 13 Jul 2023 00:00:00 +0000

The latest tool will be critical to properly assess and prioritize dealing with vulnerabilities and prepare defences against cyber-attacks.
Critical CVSS 4.0 will also allow consumers to assess real-time threats.

FIRST appoints new chair as organization continues to grow globally

Thu, 08 Jun 2023 13:00:00 +0000

FIRST’s AGM took place during the 35th Annual Conference in Montréal, Canada at the start of June 2023. Senior cybersecurity expert Tracy Bills, CERT/CC was elected to lead FIRST’s Board of Directors with the organization’s leadership team further strengthened with the appointment of Carlos Alvarez from ICANN to the Board.

Statement on Diversity & Inclusion

Wed, 24 May 2023 00:00:00 +0000

(v1. Approved by FIRST Board 05-17-2023)

At FIRST, we believe that diversity is essential to achieving our missions of global cooperation and shared language. We embrace diversity in all its forms, reflecting the global and diverse membership of FIRST.

FIRST POST: May-Jun 2023

Fri, 12 May 2023 17:00:00 +0000

SIG updates: Human Factors in Security (HFS-SIG), EPSS SIG, SecLounge SIG; Remembering Andrew Cormack - by Serge Droz; Profile Deactivation on FIRST Portal; Board in Tokyo; Team Profiling - RWANDA NATIONAL CSIRT; Suguru Yamaguchi Fellowship Program; and New Teams.

123456 again?! Why aren't we learning to address the human factor more successfully?

Fri, 05 May 2023 00:00:00 +0000

People have become the main driver for breaches but the human factors remain insufficiently addressed in the IT security sector. We are working on changing that.

DNS Abuse Techniques Matrix

Wed, 01 Mar 2023 00:00:00 +0000

The DNS Abuse SIG is very pleased to announce the publication of the DNS Abuse Techniques Matrix, the work of many months and a great number of people from various parts of the security and DNS worlds.

FIRST - Global Incident Response & Security Team organization to hold 35th Conference in Canada in June

Fri, 24 Feb 2023 00:00:00 +0000

The Forum of Incident Response and Security Teams (FIRST) plans to hold its 35th Annual Conference with the theme ‘Empowering Communities,’ in Montreal, Quebec, Canada, from June 4 to 9, 2023. This six-day event brings the incident prevention community together with cyber security experts to foster information sharing, cooperation, and coordination. Typically, over 1,000 people from around the world attend.

Long Time No See!

Thu, 23 Feb 2023 00:00:00 +0000

"Long time no see!” was the most popular phrase at the TF-CSIRT – FIRST Regional Symposium in Bilbao, Spain. And it has been a long time indeed – last time we met all together was in Malaga in 2020. We had some virtual events in the meantime, but it was certainly nice to see old faces and meet new colleagues in real life. The first joint post-pandemic event took place from 30th of January to 2nd of February, kindly hosted by the Basque Cybersecurity Centre.

FIRST POST: January - March 2023

Wed, 18 Jan 2023 00:00:00 +0000

Upcoming Events - Bilbao, Kigali, Amsterdam; TF-CSIRT Meeting & 2023 FIRST Regional Symposium Europe; 2023 FIRST & AfricaCERT Symposium: Africa and Arab Regions; Date for your Diaries - Amsterdam 2023 FIRST Technical Colloquium, April 17-19; Chair Sherif Hashem and Board Member Michael Hausding participate in the FIRST & ITU-ARCC Regional Symposium for Africa and Arab Regions; First 100 days on the FIRST board; Are you interested in becoming a future board member?; Be a FIRST trainer! David Rüfenacht, Senior Threat Intelligence Analyst, provides a first-hand account; Special Interest Groups Update; Messaging Malware and Mobile Anti-Abuse Working Group (M3AAWG) and Forum of Incident Response and Security Teams (FIRST) Join Forces to Address Global Internet and Security Issues; Twenty More Members Join FIRST;

Messaging Malware and Mobile Anti-Abuse Working Group (M3AAWG) and Forum of Incident Response and Security Teams (FIRST) Join Forces to Address Global Internet and Security Issues

Mon, 19 Dec 2022 13:00:00 +0000

The Messaging Malware and Mobile Anti-Abuse Working Group (M3AAWG) and Forum of Incident Response and Security Teams (FIRST) announced today they will work together to combat growing Internet abuse and cybersecurity issues.

ICANN was a massive success in getting the word out about DNS Abuse and FIRST

Thu, 27 Oct 2022 00:00:00 +0000

In September, ICANN invited me to talk about DNS Abuse at the ICANN75 AGM in Kuala Lumpur, Malaysia. It was a great success! My presentation ‘The Challenge of Defining DNS Abuse’ was well received, and many attending industry specialists asked good questions, especially about FIRST's work. I made many valuable connections, including people from ICANN, the DNS Abuse Institute, registries, registrars, CERTs, commercial companies, government organizations, and many more.

FIRST POST: October - December 2022

Mon, 24 Oct 2022 00:00:00 +0000

Traffic Light Protocol Version 2.0 is Now Available; FIRST delivers training in Uganda, and the Western Balkans; Peter Lowe speaks about DNS Abuse at ICANN75 AGM in Kuala Lumpur; FIRST Chair Sherif Hashem participates in the Cyber Diplomacy and Norms panel at The Second Community of African Cyber Experts; The World Opens - FIRST Events Round Up; Special Interest Groups Update and New NETSEC SIG Formed; The Board meets in Davos; Board of Directors Organization and Roles for 2022/23; Twenty new members join FIRST

Building a trusted and Cyber Secure Europe

Fri, 05 Aug 2022 00:00:00 +0000

The European Union Agency for Cybersecurity is dedicated to achieving a high common level of cybersecurity across Europe. For more than 15 years, ENISA has played a key role in enabling digital trust and security across Europe, together with its stakeholders including the Member States and EU bodies and agencies.

FIRST Releases Traffic Light Protocol Version 2.0 with important updates

Fri, 05 Aug 2022 00:00:00 +0000

The Forum of Incident Response and Security Team (FIRST) has updated the globally renowned Traffic Light Protocol (TLP) for the cybersecurity industry - a vital system used by organizations all around the world to share sensitive information. The new version of the TLP results from a thorough consultation with over 50 security industry experts over three years with the goals to standardize, unify and modernize the content and language and provide improved supporting materials.

Average Ransom Payment Up 71% This Year, Approaches $1 Million

Fri, 29 Jul 2022 00:00:00 +0000

With the recent release of the 2022 Unit 42 Ransomware Threat Report, we thought it would be a good time to take a quick look at ransomware activity that we’ve seen so far in 2022.

FIRST POST: July - September 2022

Thu, 28 Jul 2022 00:00:00 +0000

Annual FIRST Conference in Dublin, the Republic of Ireland, is a triumph; Dr. Sherif Hashem is the new Chair of FIRST, and four new members join the FIRST Board of Directors; Four new additions to the FIRST Board of Directors; The FIRST 2021-22 Annual Report is now available; FIRST adds a New Director of Community and Capacity Building to the team; 34 new members join FIRST;

SOARs vs. No-Code Security Automation: The Case for Both

Fri, 22 Jul 2022 00:00:00 +0000

Just a few years ago, security orchestration, automation and response (SOAR) was the new buzzword associated with security modernization. Today, however, SOAR platforms are increasingly assuming a legacy look and feel. Although SOARs still have their place in a modern SecOps strategy, the key to driving SecOps forward today is no-code security automation. Read on to learn what lightweight security automation means, how it compares to SOAR and why SOARs alone won’t help you stay ahead of today’s security threats.

Is true multi-stakeholderism failing? FIRST fears so.

Thu, 21 Jul 2022 13:00:00 +0000

Last week FIRST learned that it is among a large group of organizations that were rejected from participating in the Open ended Working Group (OEWG) process, despite the groups expressed commitment to work with non-governmental organizations.

Dr. Sherif Hashem is the new Chair of FIRST, and four new members join the Board of Directors

Wed, 20 Jul 2022 13:00:00 +0000

A new Chair and four new cyber security experts joined the Forum of Incident Response and Security Team (FIRST) Board of Directors during the recent AGM to serve the 2022-24 term. Current board member Dr. Sherif Hashem was voted in as the new chair and brings extensive knowledge, experience, and international relations to the role.

I Want the Needle and the Haystack: YARA + Security Analytics for Incident Response

Fri, 15 Jul 2022 00:00:00 +0000

I want the needle, and the haystack to go along with it. Attackers take advantage of siloed data and security tools to exploit systems using misconfigurations and move laterally. This lateral movement across different attack surfaces has attackers flowing between the control plane and data plane of your environment to escalate privileges and seek out targeted access.

Cybersecurity Defenders United in Global Fight Against Cyber Threats

Fri, 01 Jul 2022 00:00:00 +0000

Over the past five days, 1,000 specialists representing six continents united in the cyber-crime fight at the Forum of Incident Response and Security Teams (FIRST) conference in Dublin, Ireland

From how Ukraine is dealing with cyber attacks against its critical infrastructure, to the rapidly growing access to online child sexual abuse material and the sophisticated approaches to ransomware, phishing, and online fraud as well discussing cooperation with the United Nations and with INTERPOL and law enforcement– no stone was left unturned for delegates working together to protect societies world-wide

Leading Computer Security Experts to Gather in Dublin for Critical Discussions at World-Renowned Conference

Mon, 20 Jun 2022 00:00:00 +0000

Over 1,000 specialists representing six continents to participate in the Forum of Incident Response and Security Teams (FIRST) five-day program in Ireland

Google’s Maddie Stone addresses the 0-day cyber-attack in-the-wild and how combating the unknown can help future online defense

The Challenge of Defining DNS Abuse

Thu, 19 May 2022 13:00:00 +0000

DNS Abuse is a pretty widely used term. On the surface, it might seem like a simple term that's easily understood. But when you look more closely, the definition depends on your perception of the issue—and can be defined both broadly, or more narrowly.

FIRST Technical Colloquium in the Netherlands – sees global experts converge in Amsterdam to share knowledge and inspire collaborations

Thu, 28 Apr 2022 01:00:00 +0000

I had the absolute pleasure of participating in and attending the recent FIRST Technical Colloquium at the W Hotel in Amsterdam, Netherlands, April 12–14. It was great to see nearly 100 people attend and over 50 people participating in training at this long-awaited in-person event. The program featured 17 speakers and two on-site trainers who held several popular workshops.

FIRST POST: April-June 2022

Mon, 25 Apr 2022 00:00:00 +0000

New Director of IT & Security role to bolster FIRST’s Business Plan; Upcoming Technical Colloquia, Symposiums, and Annual Conference; Last chance to nominate individuals or teams for the Incident Response Hall of Fame; FIRST contributes to important global policy and governance discussions; Mentors sought for new FIRST Mentorship Program; Eleven more member teams join FIRST; FIRST Infrastructure Updates - New Application Process

2022 Call for Nominations for the FIRST Board of Directors

Fri, 01 Apr 2022 00:00:00 +0000

Each year, the FIRST membership elects five individuals to the FIRST board of directors.

Teams suspension from FIRST

Fri, 25 Mar 2022 00:00:00 +0000

The Board of Directors strongly believes that FIRST should be an inclusive organization with broad global participation and collaboration to make the internet safe for everyone.

Keep CSIRTs out of the lines of fire

Thu, 24 Feb 2022 16:00:00 +0000

FIRST encourages states to not attack CSIRTs and critical infrastructure

Cybersecurity Nonprofits Form “Nonprofit Cyber” Coalition

Wed, 23 Feb 2022 00:00:00 +0000

Nonprofits that focus on action and tangible results to more effectively collaborate and coordinate to increase efficiency and impact globally

FIRST POST: January-March 2022

Thu, 03 Feb 2022 00:00:00 +0000

Three new Special Interest Groups created by FIRST members; FIRST partcipates in several important UN actvites; 19 events organized in 2021 - registraton opens for FIRST Annual Conference in 2022; Twelve more member teams join FIRST

Need to prioritize security bug patches? Don't forget to scan Twitter as well as use CVSS scores

Wed, 19 Jan 2022 21:22:00 +0000

Organizations looking to minimize exposure to exploitable software should scan Twitter for mentions of security bugs as well as use the Common Vulnerability Scoring System or CVSS, Kenna Security argues.

Automation SIG: A New SIG Adventure

Wed, 05 Jan 2022 00:00:00 +0000

Every incident response team globally is facing a serious increase of workload. As attackers scan and penetrate networks via automation, so must defenders look at automation.

Meeting in person at the FIRST Oslo Technical Colloquium

Tue, 07 Dec 2021 17:00:00 +0000

Last month, I was honored to be one of the planners and participants of the FIRST Technical Colloquium (TC) in Norway. Organized by FIRST members, the event was held just outside of Oslo at the Telenor Expo, Telenor headquarters in Fornebu.

FIRST POST: September 2021

Tue, 28 Sep 2021 00:00:00 +0000

Norwegian members of FIRST to host a technical colloquium in Oslo in November; More FIRST events to add to your calendar; The FIRST Board of Directors meets across two continents to build our two-year business plan; Empowering Women in Cybersecurity: ITU, FIRST, and EQUALS Global Mentorship Pilot Program concludes; 16 more member teams join FIRST;

Threat hunting: an outdated technique or a tactical advantage?

Mon, 02 Aug 2021 00:00:00 +0000

Velociraptor vs. PrintNightmare

Mon, 26 Jul 2021 00:00:00 +0000

Hunting a Zero day!

Ongoing campaign leveraging Exchange vulnerability potentially linked to Iran

Mon, 19 Jul 2021 00:00:00 +0000

Industry Peers Are the Path Towards a Collective Defense

Mon, 12 Jul 2021 00:00:00 +0000

FIRST appoints new Chair Dave Schwartzburg and welcomes five new Board of Directors

Thu, 08 Jul 2021 00:00:00 +0000

Alexander Jäger, Senior Security Engineer of Google, continues in his role as Chief Financial Officer

FIRST POST: June - August 2021

Thu, 08 Jul 2021 00:00:00 +0000

Did you miss our Virtual 33rd FIRST Annual Conference?; ICASI integrates into FIRST PSIRT SIG, bolstering the incident response and security team industry; FIRST Welcomes a new Chair and Five New Board of Directors; FIRST publishes its fifth Annual Reportt; A new fellowship team joins FIRST - Malawi CERT; Jeffrey Carpenter and Dan Kaminsky newly inducted into FIRST’s Incident Response Hall of Fame; FIRST membership continues to grow - we’re now at 575 members from 98 countries.

Jeffrey Carpenter and Dan Kaminsky newly inducted into FIRST's Incident Response Hall of Fame

Thu, 01 Jul 2021 00:00:00 +0000

Jeffrey and Dan join past inductees Ian Cook, Don Stikvoort, and Klaus-Peter Kossakowski

FIRST releases its 2020-21 Annual Report

Mon, 14 Jun 2021 00:00:00 +0000

FIRST published its fifth Annual Report which covers the organization’s accomplishments towards its vision of bringing together incident response and security teams from every country across the world to ensure a safe internet for all. The report is available at FIRST Annual Report 2020-2021.

ICASI integrates into FIRST PSIRT SIG bolstering the incident response and security team industry

Tue, 01 Jun 2021 13:00:00 +0000

ICASI – the Industry Consortium for Advancement of Security on the Internet was officially integrated into the Forum of Incident Response and Security Teams (FIRST) on May 28, 2021. Established in 2008, ICASI’s purpose was to strengthen the global security landscape by driving excellence and innovation in security response practices; facilitating collaboration among members to analyze, mitigate, and resolve multi-stakeholder, global security challenges. This role will continue but as part of the existing FIRST PSIRT SIG, expand and improve the community’s ability to respond to vulnerabilities across multiple vendors. Founded in 1990, FIRST is the global leader in incident response.

FIRST POST: March 2021

Wed, 31 Mar 2021 00:00:00 +0000

33rd FIRST Annual Conference: Crossing Uncertain Times; Mark your calendars: FIRST reveals 2021 events calendar; FIRST welcomes its 97th country and member 562: Benin bjCSIRT; FIRST, ITU and Equals launches Women in Cyber Mentorship Program for Arab and Africa Regions; Get your nominations in for the third edition of The Incident Response Hall of Fame; New Podcast - FIRST Impressions - is launched!

Thank You FIRST Community for Helping Team Cymru Reach a New CSIRT Assistance Program Milestone

Thu, 28 Jan 2021 17:00:00 +0000

Together, We’re Creating Better Threat Intelligence Sharing for the World

Preparing for Post-Intrusion Ransomware

Mon, 11 Jan 2021 17:00:00 +0000

This evolving and brutally effective threat can have a significant impact on an organization’s resources, finances, and reputation, but it can be stopped

Using similarity to expand context and map out threat campaigns

Mon, 04 Jan 2021 17:00:00 +0000

Cyber Threat Intelligence (CTI) practitioners can gain insight into adversary operations by tracking conflicts or geopolitical tensions. Similar to a “follow the money” approach in criminal investigations, looking at conflict zones can reveal cyber capabilities deployed as part of events —either by the parties to the conflict itself, or third parties interested in monitoring events for their own purposes.

Forecasting: All for One and One for All in Cybersecurity

Mon, 21 Dec 2020 17:00:00 +0000

FIRST POST: December 2020

Mon, 21 Dec 2020 00:00:00 +0000

Over 2500 Cybersecurity Professionals Participate In 32nd FIRST Annual Conference - Where Defenders Share. 2021 33rd Annual Conference Theme And Call For Papers. 2020 FIRST Virtual Symposium For Africa And The Arab Region - Supporting The Effectiveness Of Incident Response Within Africa. Ian Cook And Don Stikvoort Receive Joint Honors In The Incident Response Hall Of Fame Awards. New Code Of Ethics Launched On Global Ethics Day. FIRST Partners With Itu And Equals Global Partnership To Empower Women In Cybersecurity. FIRST To Contribute To Itu National Cybersecurity Strategy Guide. Mou Signed Between First And Ocf To Advance Membership Of Incident Responders And Security Teams Across The Globe. Reminder - 2021 First Membership Renewal.

Current Events to Widespread Campaigns: Pivoting from Samples to Identify Activity

Mon, 14 Dec 2020 17:00:00 +0000