Events
ThreatModeler Help
FAQ

👋 Welcome to the Threat Modeling Community

460 Topics
586 Replies
317 Members

Implement your threat models
Learn how to automate your processes
Scale your entire threat modeling practice

Let's Dive In

ThreatModeler Community News Feed

Recently active
Unanswered Questions
Discussion Categories

ThreatModeler

ThreatModeler Blogs

Iranian State-Linked Hackers Target Israeli Entities in Advanced Spear-Phishing Campaign.Blog

Ever wondered how vulnerable our digital world can be? Meet MuddyWater, a group linked to the Iranian state, weaving cunning spear-phishing tactics to target Israeli organizations. The effort, which was made public by cybersecurity companies Group-IB and Deep Instinct, reveals a worrying uptick in the threat actor's method of operation and illuminates the expanding strategies they use to breach systems. The attack's specifics: This recent move marks a notable shift from MuddyWater's past strategies. Their adoption of N-able's Advanced Monitoring Agent, a legitimate remote administration tool, signifies a substantial change in their cyber defense arsenal. Intriguingly, this marks the first instance of MuddyWater utilizing N-able software, signaling a tactical shift for successful breaches.The attack vectors predominantly revolve around spear-phishing emails featuring direct links or file attachments housing deceptive content like HTML, PDF, and RTF files. These attachments lead to arch

5 days ago

ThreatModeler

ThreatModeler Blogs

ThreatModeler 7.0 vs. 6.0: What's the Upgrade Buzz About?Blog

Welcome to the New Era of Threat Modeling with ThreatModeler 7.0! 1. Meet WingMan™️ - Your Threat Modeling Sidekick: ThreatModeler 7.0 brings you WingMan™️, your friendly AI assistant, making threat modeling a cakewalk. WingMan™️ is here to help developers and security teams, saving time and letting you focus on the cool security stuff. 2. Team Up with Real-Time Collaboration:In the fast-paced world of coding, waiting for approvals is a buzzkill. ThreatModeler 7.0 changes the game by letting your team collaborate in real-time. No more waiting around – it's like Google Docs but for threat modeling. Plus, it plays nice with GitHub, keeping your security game up-to-date. 3. Custom Risk Calculation - Your Way:Now, you can be the boss of your threat models with Custom Risk Calculation in ThreatModeler 7.0. It's like having a superpower to decide what's a big deal and what's not. Want to prioritize your attack surface? No problem. This feature gives you the keys to the kingdom. 4. Enterprise

New Security Challenge: Malicious generative AIBlog

Imagine a world where technology keeps evolving, pushing the boundaries of what's possible. Now, picture a new, unsettling threat - malicious Generative AI. It's real, and it's here. Recent creations like FraudGPT and WormGPT have unveiled a fresh breed of vulnerabilities, putting our digital security at risk. In this article, we dive deep into the realm of Generative AI, unraveling the very nature of these risks. But don't worry, we won't leave you hanging – we'll present a proactive strategy to bolster your cybersecurity defenses. In our hyper-connected world, understanding and addressing this issue is paramount. Understanding Generative AI Threats:FraudGPT, a subscription-based malicious Generative AI, leverages advanced machine learning algorithms to generate deceptive content. Unlike ethical AI models, it knows no boundaries, enabling it to craft tailored spear-phishing emails, counterfeit invoices, and fabricated news articles for cyberattacks, scams, and public opinion manipulat

Multi-Factor Authentication: Protecting Your Digital SpaceBlog

Ever wonder if your passwords are the digital equivalent of leaving your front door wide open? In the ever-changing world of cybersecurity, the vulnerabilities of traditional passwords have become glaringly apparent. From commonplace attacks like relaying and spraying to the more sophisticated threats of spear-phishing and pharming, hackers have mastered their skills in stealing credentials and gaining unauthorized access. Enter multi-factor authentication (MFA), a robust electronic authentication method that demands users to provide two or more forms of identity verification before accessing a system. Unveiling the Layers of MFA MFA operates on three pillars: something you know like passwords, PINs, something you have like physical objects like keys or smart cards, and something you are- biometric verification such as fingerprints or retina scans. Two-factor authentication (2FA) employs two of these checks, while MFA goes a step further, employing two or more, rendering it a formidabl

Cyber Monday, Guarding Your Digital Wonderland! 🌐🛒Blog

This Cyber Monday, transform your online shopping into a secure digital wonderland! Imagine presents wrapped with caution tape, symbolizing the importance of safeguarding your digital gifts from cyber threats with our humorous guide to hack-proof your holiday shopping. Deal-icious Passwords Tip: List & Shop!List down unique passwords, much like checking your shopping list but for cyber goodies. No Phishing on SaleTip: Shine Bright!Illuminate your awareness and spot phishing attempts like Cyber Monday deal gems. Cyber Monday Safety Zone - 4 Tips for a Secure Shopping Spree!Shop on Secure Sites Only Look for "https://" in the website URL and a padlock icon in the address bar. These indicate a secure, encrypted connection, keeping your data safe during transactions. Clear Your Digital Footprint Regularly clear your browser's cache and cookies to minimize digital traces. This helps reduce the risk of tracking and targeted cyber attacks. Upgrade your Cyber Monday experience by incorpora

Black Friday AlertBlog

Unwrap Savings, Not Cyber Threats: This Black Friday, secure your digital gifts and shop smartly this festive season. Shop exclusively on secure sites, steering clear of phishing scams.Clear your digital footprint, use a secure network, and stay vigilant against scareware. Our Cybersecurity Shield ensures you shop securely and confidently.Happy and Secure Black Friday from ThreatModeler!

Fun Friday : Cyber Security- Myths and Facts

We often come across a lot of common myths, misconceptions and a general lack of understanding around some of the most common threats. Dive into the fascinating world of cybersecurity as we unravel the truth behind common myths and unveil eye-opening facts. Get ready to test your knowledge and share your thoughts on which ones you think are myths and which are undeniable facts. Only the IT department is accountable for Cyber Security. The expenditure of a sound Cybersecurity solution is zero compared to the price of a successful attack. There is nothing like absolute or excellent Cyber Security against attacks.

1 month ago

Shaiphali Mishra

Water Cooler Talk

Beat These Monday Blues with Cybersecurity Fun Facts!

Are you feeling these Monday morning woes? Don't worry! We've got just the solution to kickstart your week with a dose of lighthearted cybersecurity knowledge. Who says cybersecurity can't be fun? Here's your chance to spice up your Monday with some cybersecurity facts that will have you grinning from ear to ear! Salting Your PasswordsYou might think "salting" has something to do with seasoning your coffee, but in the world of cybersecurity, it's all about adding some extra spice to your passwords! Just like adding a pinch of salt enhances the flavor of your food, in the cybersecurity realm, salting means enhancing the security of your passwords.When you salt a password, you add random characters or values to it before encrypting it. This makes it much harder for cybercriminals to crack your password, turning it into a cryptographic masterpiece. So, next time you hear salting, don't reach for the salt shaker; it's all about protecting your digital secrets! The Original Computer BugYo

1 month ago

Shaiphali Mishra

Water Cooler Talk

Fun Friday: Cybersecurity Quiz! 💻🔐

It's Fun Friday, and we've got a cybersecurity quiz for you! Test your digital defense skills and see how well you know the ins and outs of staying safe online. Question 1:🔒 What's the most secure way to create a password?A) Using your birthdateB) A combination of letters, numbers, and special charactersC) Your pet's nameD) "Password123" Question 2:📧 You receive an email from an unknown sender with a subject line that says, "You've won a million dollars!" What should you do?A) Click on all the links in the emailB) Reply with your bank detailsC) Delete it – it's likely a phishing scamD) Share it with all your friends Comment your answers below!

1 month ago

Harsh Patel

Got a Question?

Critical Infrastructure Assets

What are the top 3 assets that come to your mind when you hear the term Critical Infrastructure? Why?

3 months ago

Todd

ThreatModeling AutoMotive

Automotive Standards and Compliance Frameworks

Are you part of the automotive industry? What automotive standards and compliance frameworks are most important to your organization? ISO 21434? UNECE?

3 months ago

appio

Marketplace Discussion

An advanced interactive application security tool

AIAST – An advanced interactive application security tool identifying vulnerabilities in both self-developed code and open-source dependencies. Seamlessly integrate into CI/CD and can be applied in both application development phase and application deployment phase.

5 months ago

Shaiphali Mishra

Water Cooler Talk

Fun Friday: ”Guess the Password" challenge

A man locked his personal computer with a password and wrote some phrases in the hint box. One day his wife tries to login in his absence using the hints which contained following: 4 grapes 🍇 1 apple 🍎 7 bananas 🍌 7 mangoes 🍋 2 pineapples 🍍 1 orange 🍊 8 pomegranates 🍅What is the password? and share your fun logic puzzles

7 months ago

Udipt Bhuyan

Security News

DDoS (Distributed Denial of Service) attacks are a major concern in today's Internet security.

Google's Threat Analysis Group (TAG) published a blog update on October 16, 2020, outlining how threats and threat actors are adapting their strategies in light. Similarly GitHub, was hit with a DDoS attack that clocked in at 1.35 terabits per second and lasted for roughly 20 minutes. According to GitHub, the traffic was traced back to “over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints.”A distributed denial of service (DDoS) attack is a cybercrime in which the attacker floods a server with internet traffic to prohibit users from accessing linked online services and websites. It is a brute-force attempt to slow down or fully crash a server. https://portswigger.net/daily-swig/ddosI came across similar news and experiences while working with a travel company, where they experienced website downtime, which affected their SEO and increased website vulnerabilities, which harmed the company's commercial as well. As a result, they took too long to

8 months ago

Shaiphali Mishra

Security News

Threat Modeling Tools Market to Experience Rapid Expansion, Worth $1.6 Billion by 2027.

Expansion of the Threat Modeling Tools Market and its estimated worth of $1.6 billion by 2027 suggests that there is growing demand for these tools in the cybersecurity industry.Read Full Article- https://finance.yahoo.com/news/threat-modeling-tools-market-worth-163000694.htmlFrom my understanding, the threat modeling tools market is experiencing significant growth due to the increasing need for cybersecurity measures in various industries. As technology advances and more businesses rely on digital systems, the potential for cyber attacks also increases. Threat modeling tools help identify potential vulnerabilities and risks in these systems and provide solutions to mitigate them.My knowledge on this topic comes from analyzing and processing large amounts of data and information from various sources, such as news articles, research papers, and industry reports. Through natural language processing and machine learning algorithms, I can understand and interpret complex information and pr

8 months ago

Anonymous

Security News

Heart Device Maker Says Hack Affected 1 Million Patients

https://www.govinfosecurity.com/heart-device-maker-says-hack-affected-1-million-patients-a-21425It looks like it was personal information that was stolen, but that’s the sort of information that would be helpful in hacking into actual connected devices, which already exist and have had security issues: https://www.ahajournals.org/doi/10.1161/CIRCULATIONAHA.118.037331My CPAP has a device that communicated with the insurance company to ensure that I was using it a minimum number of hours a night. Fortunately that is removable and after a certain number of years they no longer check on you and the device is yours outright. I’m sure once that one dies, my next one will have an app to connect and view my data from anywhere. Not sure if I’ll be enabling that feature. Anyone else have any connected medical devices?

8 months ago

Forum

Get inspired and gain all the knowledge you need

ThreatModeling Medical Devices

3 topics
8 Replies

ThreatModeling Cloud

2 topics
20 Replies

ThreatModeling AutoMotive

4 topics
21 Replies

ThreatModeling AppSec

2 topics
4 Replies

ThreatModeling Critical Infrastructure

1 topic
2 Replies

ThreatModeling Containers

0 topics
0 Replies

Got a Question?

10 topics
26 Replies

Marketplace Discussion

5 topics
5 Replies

Share your best practices

17 topics
33 Replies

Security News

33 topics
95 Replies

Water Cooler Talk

31 topics
194 Replies

Community HQ

Here is the heart of the Community. Come and get to know our community members!

Thought Leadership

9 topics
14 Replies

News & Announcements

157 topics
112 Replies

ThreatModeler Blogs

87 topics
35 Replies

Cartoons

13 topics
8 Replies

Podcast

2 topics
4 Replies

ThreatModeler Videos

0 topics
0 Replies

Commonly Asked Questions

Commonly asked questions.

About ThreatModeler

13 topics
3 Replies

Check out our podcast

Upcoming Events

Threat Model Marketplace

Awarded Badges widget

Anjali RAiihas earned the badge Easy talker
DhruvSol79has earned the badge Easy talker
Disha Parmarhas earned the badge Easy talker
vaidehiranahas earned the badge Easy talker
Muneebahas earned the badge Easy talker

Show all badges

Need more help?

Contact support

Contact our support team and we'll be happy to help you get up and running!

Products

Decoding Threats, Delivering Solutions.

Resources

Find all the guidance you need as you navigate through our success resources.

DISCORD

Level up your security game by joining the ThreatModeler Discord Community!

SLACK

Unite Against Threats: Join the ThreatModeler Slack Community Today!

Collaborate, Innovate, Secure: Join our r/ThreatModeler Reddit community!

Terms & Conditions Cookie settings

Sign up

Already have an account? Login

Social Login

Username *

E-mail address *

Company

(Private)

Only you and moderators can see this information

Job Title

(Private)

Only you and moderators can see this information

A bit about yourself *

Phone Number

(Private)

Only you and moderators can see this information

City

(Private)

Only you and moderators can see this information

Country

Password *

I accept the terms & conditions

loginBox.register.email_repeat

Login to the community

No account yet? Create an account

Social Login

Username or Email

Password

Remember me

Forgot password?

Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.

Username or e-mail

Back to overview

Scanning file for viruses.

Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.

This file cannot be downloaded

Sorry, our virus scanner detected that this file isn't safe to download.

👋 Welcome to the Threat Modeling Community

ThreatModeler Community News Feed

Enhancing Security through Decoupling: A Strategic ApproachBlog

Generative AI and Cyber SecurityBlog

Cloud Computing: Impact on Cyber SecurityBlog

A Growing Concern in Healthcare CybersecurityBlog

Iranian State-Linked Hackers Target Israeli Entities in Advanced Spear-Phishing Campaign.Blog

ThreatModeler 7.0 vs. 6.0: What's the Upgrade Buzz About?Blog

New Security Challenge: Malicious generative AIBlog

Multi-Factor Authentication: Protecting Your Digital SpaceBlog

Cyber Monday, Guarding Your Digital Wonderland! 🌐🛒Blog

Black Friday AlertBlog

Check out our podcast

Upcoming Events

Featured Video

Threat Model Marketplace

Awarded Badges widget

Need more help?

Sign up

Social Login

Login to the community

Social Login

Scanning file for viruses.

This file cannot be downloaded