https://www.enisa.europa.eu/news/enisa-news/csirts-and-incident-response-capabilities-in-europe
ENISA publishes a study on the recent and current evolution of Computer Security Incident Response Teams (CSIRTs) and Incident Response (IR) capabilities in Europe.
ENISA publishes a study on the recent and current evolution of Computer Security Incident Response Teams (CSIRTs) and Incident Response (IR) capabilities in Europe.
www.enisa.europa.eu
CSIRTs and incident response capabilities in Europe — ENISA
As part of its continuous efforts to assist the EU Member States with their incident response capabilities, ENISA publishes a study on the recent and current evolution of Computer Security Incident Response Teams (CSIRTs) and Incident Response (IR) capabilities…
Smart manufacturing: new ISO guidance to reduce the risks of cyber-attacks on machinery
https://www.iso.org/news/ref2365.html
https://www.iso.org/news/ref2365.html
ISO
Smart manufacturing: new ISO guidance to reduce the risks of cyber-attacks on machinery
In our hyper-connected world, IT security covers not just our data but virtually everything that moves – including machinery. Cyber-attacks or IT malfunctions in manufacturing can pose risks to the safety measures in place, thus having an impact on production…
Microsoft security chief: IE is not a browser, so stop using it as your default | ZDNet
https://www.zdnet.com/article/microsoft-security-chief-ie-is-not-a-browser-so-stop-using-it-as-your-default/
https://www.zdnet.com/article/microsoft-security-chief-ie-is-not-a-browser-so-stop-using-it-as-your-default/
ZDNET
Microsoft security chief: IE is not a browser, so stop using it as your default
Internet Explorer is a 'compatibility solution' and should only be used selectively, warns Microsoft exec.
Forwarded from SecurityLab.ru
28 февраля в Москве пройдет Privacy Day - первая в России тематическая конференция, посвященная защите данных в сети. В рамках российской конференции будут обсуждаться регулирование, кейсы, методы корректной работы с ПД и многое другое.
В Москве пройдет первый Privacy Day
В Москве пройдет первый Privacy Day
SecurityLab.ru
В Москве пройдет первый Privacy Day
28 февраля в Москве пройдет Privacy Day - первая в России тематическая конференция, посвященная защите данных в сети.
Google раскрыла исходники платформы для выявления ошибок и уязвимостей в открытом ПО https://t.co/WGejykzYEg
Forwarded from RUSCADASEC news: Кибербезопасность АСУ ТП (Anton Shipulin)
Опубликованы слайды с конференции SANS Cyber Threat Intelligence Summit 2019
Конечно не явно про ICS, но MITRE ATT&CK и многое другое, что важно и нужно для промышленной кибербезопасности, для OT SOC и т.д.
Например, интересный топ 20 техник по популярности у атакующих по версии MITRE и Red Canary
https://www.sans.org/cyber-security-summit/archives/dfir
Конечно не явно про ICS, но MITRE ATT&CK и многое другое, что важно и нужно для промышленной кибербезопасности, для OT SOC и т.д.
Например, интересный топ 20 техник по популярности у атакующих по версии MITRE и Red Canary
https://www.sans.org/cyber-security-summit/archives/dfir
www.sans.org
SANS Institute: Summit Archives
Computer security training, certification and free resources. We specialize in computer/network security, digital forensics, application security and IT audit.
Forwarded from RUSCADASEC news: Кибербезопасность АСУ ТП (Anton Shipulin)
Напомню, то год назад в январе OPAF опубликовала "business guide", которые рассказывает о целях организации
https://publications.opengroup.org/g182
https://publications.opengroup.org/g182
publications.opengroup.org
The Open Process Automation™ Business Guide
This Business Guide expresses the motivation and vision for a standards-based, open, interoperable, and secure process automation architecture as a business imperative for both users and suppliers of industrial control systems. The Open Group Open Process
IT Security Leaders Summit Recap 2018
http://m.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/IT-Security-Leaders-Summit-Recap-2018.aspx
http://m.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/IT-Security-Leaders-Summit-Recap-2018.aspx
Еще одна организация продолжает цифровую трансформацию. На рынке трула похоже опять не будет застоя в этом году.
ВТБ удвоит ИТ-штат, набрав тысячи новых программистов - CNews
http://www.cnews.ru/news/top/2019-02-07_bank_vtb_udvoit_itshtatnabrav_tysyachi_novyh_spetsialistov
ВТБ удвоит ИТ-штат, набрав тысячи новых программистов - CNews
http://www.cnews.ru/news/top/2019-02-07_bank_vtb_udvoit_itshtatnabrav_tysyachi_novyh_spetsialistov
CNews.ru
ВТБ удвоит ИТ-штат, набрав тысячи новых программистов - CNews
Завершив к началу 2018 г. интеграцию ВТБ24 в ВТБ, объединенный банк начал активно расширять ИТ-штат. В 2018 г. было набрано...
Forwarded from Vulnerability Management and more
No left boundary for Vulnerability Detection
It’s another common problem in nearly all #VulnerabilityManagement products. In the post “What’s wrong with patch-based #VulnerabilityManagement checks?” I wrote about the issues in plugin denoscriptions, now let’s see what can go wrong with the #detection logic.
The problem is that #VulnerabilityManagement vendors, in many cases, have no idea which versions of the Software were actually vulnerable.
OMG?! How this can be true? 🙂 Let’s take an example.
Each #vulnerability at some points in time:
* was implemented in the program code as a result of some mistake (intentional or not)
* existed in some versions of the program
* was detected and fixed
Read more about this in “Vulnerability Life Cycle and Vulnerability Disclosures“.
Let’s suppose that we have some Software A with released versions 1, 2 … 20.
Just before the release of #version 10, some programmer made a mistake (bug) in the code and since the #version 10 Software A has become critically vulnerable. Before the release of #version 20, Software Vendor was informed about this #vulnerability and some programmer fixed it in #version 20. Then Software Vendor released a security bulletin: “Critical vulnerabilities in the Software A. You are not vulnerable if you have installed the latest #version 20.”
And what does #VulnerabilityManagement vendor? This vendor only sees this #securitybulletin. It is logical for him to decide that all versions of Software A starting from 1 are vulnerable. So, it will mark installed versions 1 … 9 of the Software A as vulnerable, even so actually they are NOT.
#version #Ubuntu #securitybulletin #bug #VulnerabilityManagement #Concept
Read more: https://avleonov.com/2019/02/11/no-left-boundary-for-vulnerability-detection/
It’s another common problem in nearly all #VulnerabilityManagement products. In the post “What’s wrong with patch-based #VulnerabilityManagement checks?” I wrote about the issues in plugin denoscriptions, now let’s see what can go wrong with the #detection logic.
The problem is that #VulnerabilityManagement vendors, in many cases, have no idea which versions of the Software were actually vulnerable.
OMG?! How this can be true? 🙂 Let’s take an example.
Each #vulnerability at some points in time:
* was implemented in the program code as a result of some mistake (intentional or not)
* existed in some versions of the program
* was detected and fixed
Read more about this in “Vulnerability Life Cycle and Vulnerability Disclosures“.
Let’s suppose that we have some Software A with released versions 1, 2 … 20.
Just before the release of #version 10, some programmer made a mistake (bug) in the code and since the #version 10 Software A has become critically vulnerable. Before the release of #version 20, Software Vendor was informed about this #vulnerability and some programmer fixed it in #version 20. Then Software Vendor released a security bulletin: “Critical vulnerabilities in the Software A. You are not vulnerable if you have installed the latest #version 20.”
And what does #VulnerabilityManagement vendor? This vendor only sees this #securitybulletin. It is logical for him to decide that all versions of Software A starting from 1 are vulnerable. So, it will mark installed versions 1 … 9 of the Software A as vulnerable, even so actually they are NOT.
#version #Ubuntu #securitybulletin #bug #VulnerabilityManagement #Concept
Read more: https://avleonov.com/2019/02/11/no-left-boundary-for-vulnerability-detection/