Month: April 2025

An Open Letter to ENISA

April 17, 2025 / CyberSec_Cafe / 0 Comments

Safeguarding European Vulnerability Management

Following up on yesterday’s post, today we are publishing the full text of the open letter sent to ENISA and key European cybersecurity stakeholders.
The letter addresses the urgent need for a reliable, independent European approach to vulnerability management in light of the recent MITRE announcement (see image below).

We invite the entire cybersecurity community to read, share, and support this initiative.

Open Letter Text

Subject: Open Letter to ENISA – Ensuring European Continuity and Governance for the CVE Program

To the attention of ENISA Management and to the EUVD team,

Dear ENISA Management and EUVD Team,

As representatives of various Italian CISO communities, we would like to express our sincere concern regarding the future of the CVE (Common Vulnerabilities and Exposures) program, as indicated in the recent communication from MITRE (source: https://bsky.app/profile/tib3rius.bsky.social/post/3lmulrbygoe2g).

The CVE program has long served as a cornerstone for global vulnerability identification, tracking, and coordinated response. Any disruption to this service would significantly impact European cybersecurity, affecting national vulnerability databases, tool vendors, incident response teams, and the protection of critical infrastructure, potentially reducing our collective capacity to respond effectively.

The recent announcement of the formation of the CVE Foundation (source: https://www.thecvefoundation.org/) — in response to the end of U.S. government sponsorship — represents an important moment for the global cybersecurity community. For 25 years, the CVE Program has been the pillar of vulnerability management, yet its future would benefit from broader international support.

We respectfully invite ENISA to consider assuming a European coordination role — at least temporarily — to develop a European alternative system that preserves existing CVE data while ensuring the continuity of these essential services —potentially through the integration and further development of the EUVD platform currently in beta phase. This would represent a reliable alternative, preventing future service interruptions and granting Europe independent governance over a capability of such critical importance.

We kindly ask ENISA to help safeguard the current CVE ecosystem and, drawing on the cross-disciplinary expertise of the undersigned associations, to explore possible improvements to the system for the benefit of the entire European community.

We would also recommend that ENISA establish direct contact with MITRE to explore avenues for collaboration and support, helping ensure that Europe remains an active and reliable partner in the global vulnerability management ecosystem.

As CISOs and as members of major Italian cybersecurity associations we declare our full availability to support ENISA and MITRE in any technical, operational, or advocacy capacity required.

We believe that Europe has an opportunity to take proactive steps to safeguard its digital resilience and avoid fragmentation. This aligns closely with the ongoing enhancements of cyber robustness and resilience promoted by multiple European directives and regulations.

We are ready to participate in any working groups, task forces, or initiatives that ENISA may wish to activate on this urgent matter.

This represents an important moment for European cybersecurity:

A coordinated response will strengthen our collective resilience and set a positive precedent for international cooperation.

We look forward to your response and remain at your disposal for further discussion.

Best regards,

Andrea Succi, creator of this initiative, on behalf of 45 Italian CISOs (or similar profiles) and of CISOs4AI https://cisos4ai.org/

Luca Moroni on behalf of CSA Cyber Security Angels https://cybersecurityangels.it/

Alessandro Oteri on behalf PensieroSicuro Network https://www.pensierosicuronetwork.it/

If you are interested in joining as a signatory or supporting this initiative, please let us know so we can include your name in future correspondence with ENISA.

The Future of CVE Is at Risk

April 16, 2025 / CyberSec_Cafe / 0 Comments

European Cybersecurity Must Take Action

Yesterday, MITRE released an urgent communication to the global cybersecurity community: the funding pathway for the CVE (Common Vulnerabilities and Exposures) program is set to expire today, April 16, 2025.

Without immediate intervention, the world’s most critical reference for vulnerability management could face a service disruption, with potentially devastating consequences for all digital ecosystems.

Why does this matter?

CVE is the backbone of vulnerability identification and coordination. Every security tool, advisory, and incident response process relies on it. As MITRE warns in their letter, a break in service would mean:

Deterioration of national vulnerability databases and advisories
Disruption for tool vendors and incident response teams
Increased risks for critical infrastructure across the globe

“If a break in service were to occur, we anticipate multiple impacts to CVE, including deterioration of national vulnerability databases and advisories, tool vendors, incident response operations, and all manner of critical infrastructure.”
— MITRE, April 15, 2025

What can we do in Europe?

As a CISO and member of the Italian and European cybersecurity community, I believe this is a wake-up call.

We cannot afford to be passive spectators. The time has come for Europe to step forward and ensure the continuity of this essential service.

Our proposal:

Immediate engagement with ENISA (the European Union Agency for Cybersecurity) to coordinate a European response and ensure continuity of the CVE program, even temporarily.
Direct contact with MITRE to offer European support and collaboration.
Mobilization of the CISO community and all relevant associations to advocate for a unified, proactive approach.

I am coordinating an open letter to ENISA on behalf of the Italian CISO community, calling for urgent action and offering our collective expertise and support. If you want to be part of it let me know!

How you can help:

Share this news to raise awareness.
If you are a CISO, represent an association or organization, join our initiative.
Let’s make our voice heard: Europe must not be left vulnerable.

You can read more here and the MITRE communication here.

This is a crucial moment for our digital future.

If you want to join or support the open letter, comment below or contact me directly. Together, we can make a difference.

The Threat Intelligence Sharing Project

April 11, 2025 / CyberSec_Cafe / 0 Comments

When information sharing can concretely help our companies to anticipate cyber attacks.

It’s always a pleasure to feature insightful guest contributions here on CyberSec Café. Today, I bring you an article that dives into the transformative power of collaboration in cybersecurity.

This piece explores the Threat Intelligence Sharing Project, an initiative that exemplifies how collective efforts and innovative platforms— like Malware Information Sharing Platform (MISP) —can redefine the way we tackle cyber threats. I’m thrilled to share this with our readers, as it highlights practical approaches to making our digital world safer.

Threat Intelligence Sharing Project leveraging MISP for cybersecurity

Introduction to the Threat Intelligence Sharing Project

In today’s digital age, cybersecurity is a top priority for all businesses, large and small. Increasing cyberattack attempts require sophisticated tools and collaborative strategies to ensure the protection of sensitive data and corporate infrastructure. In this context, in 2024 several CISOs decided to join forces and develop a project called “Threat Intelligence Sharing”; an initiative to optimize the rapid and efficient sharing of Indicators of Compromise (IoCs), to materialize a common vision of collaboration.

Objectives of the Threat Intelligence Sharing project

The main objective of the Threat Intelligence Sharing project is to share, in the shortest possible time, the Impairment Indices defined as Gold. These IOCs, identified as particularly relevant and critical, are collected by the various companies participating in the project, through their security systems. Timely implementation of these IOCs in a preventative mode can help all companies involved stop attack attempts before they can cause damage.

What Are Gold IOCs?

Gold IOCs are compromise identifiers that have passed a rigorous validation process and have been classified as highly reliable.

Transforming a Compromise Indicator (IoC) into a Golden IoC requires several key steps:

IoC identification
Collection of all available data
In-depth analysis
Assessment of severity and assignment of Golden IoC status.

These steps ensure the accuracy, reliability, and relevance of the indicator for sharing.

These indexes include information about malicious IP addresses, malicious file hashes, phishing URLs, and other characteristics that can be used to detect and prevent cyber threats. Sharing these Gold IOCs allows companies to obtain a high level of protection, based on verified and up-to-date data.

How MISP Powers Collaboration

The strength of the Threat Intelligence Sharing project lies in the collaboration between the participating companies. Each company contributes its own observations and analysis of security systems, creating a shared database of IOC Gold. This database is accessible to all the entities involved in the project, which can use it to improve their defenses. Collaboration allows you to have a more complete and up-to-date view of threats, facilitating the prevention and response to attacks.

Implementation and benefits

How to share

Gold IOCs are shared through the Malware Information Sharing Platform (MISP), an open-source platform that facilitates the exchange of threat information between different entities. MISP allows you to automate the sharing process, ensuring that IOCs are deployed quickly and securely. Companies can configure MISPs to receive real-time updates, immediately integrating them into their defense systems.

Benefits of implementation

Implementing Gold IOCs in preemptive mode offers several benefits:

Proactive protection: The ability to block attack attempts before they can compromise business systems.
Constant updates: Gold IOCs are continuously updated, ensuring that defenses are always based on current information.
Reduce risk: Sharing information allows you to identify and mitigate emerging threats in a timely manner.
Resource efficiency: Using validated IOCs reduces the time and resources required for investigation and incident response.

The crucial advantage of having validated Threat Intelligence information through the Threat Intelligence Sharing project is its ability to enhance risk mitigation against targeted cyber threats across industries and regions. Unlike using IOCs from open or paid intelligence sources, which can provide millions of indicators of compromise, but often not relevant to the business context, the information shared in the Threat Intelligence Sharing project is highly selective and relevant. These Gold IOCs are validated and contextualized, ensuring that companies receive accurate and relevant data to the real threats they face. This targeted approach reduces noise and false positives, allowing companies to focus their resources on preventing and responding to attacks that have a high impact in their specific context, thus improving the efficiency and effectiveness of their cyber defenses.

Conclusions

The “Threat Intelligence Sharing” project represents a fundamental step in the collaborative protection of corporate infrastructures. Sharing Gold Impairment Ratios allows you to achieve a proactive and efficient defense, based on verified and up-to-date data. The collaboration between the participating companies, facilitated by the MISP platform, guarantees a rapid and coordinated response to cyber threats, improving the overall security of all the entities involved. In an increasingly interconnected and vulnerable world, initiatives such as Threat Intelligence Sharing are essential for protecting corporate data and infrastructure, ensuring a more secure digital future.