Microsoft security chief: IE is not a browser, so stop using it as your default | ZDNet
https://www.zdnet.com/article/microsoft-security-chief-ie-is-not-a-browser-so-stop-using-it-as-your-default/
https://www.zdnet.com/article/microsoft-security-chief-ie-is-not-a-browser-so-stop-using-it-as-your-default/
ZDNET
Microsoft security chief: IE is not a browser, so stop using it as your default
Internet Explorer is a 'compatibility solution' and should only be used selectively, warns Microsoft exec.
Forwarded from SecurityLab.ru
28 февраля в Москве пройдет Privacy Day - первая в России тематическая конференция, посвященная защите данных в сети. В рамках российской конференции будут обсуждаться регулирование, кейсы, методы корректной работы с ПД и многое другое.
В Москве пройдет первый Privacy Day
В Москве пройдет первый Privacy Day
SecurityLab.ru
В Москве пройдет первый Privacy Day
28 февраля в Москве пройдет Privacy Day - первая в России тематическая конференция, посвященная защите данных в сети.
Google раскрыла исходники платформы для выявления ошибок и уязвимостей в открытом ПО https://t.co/WGejykzYEg
Forwarded from RUSCADASEC news: Кибербезопасность АСУ ТП (Anton Shipulin)
Опубликованы слайды с конференции SANS Cyber Threat Intelligence Summit 2019
Конечно не явно про ICS, но MITRE ATT&CK и многое другое, что важно и нужно для промышленной кибербезопасности, для OT SOC и т.д.
Например, интересный топ 20 техник по популярности у атакующих по версии MITRE и Red Canary
https://www.sans.org/cyber-security-summit/archives/dfir
Конечно не явно про ICS, но MITRE ATT&CK и многое другое, что важно и нужно для промышленной кибербезопасности, для OT SOC и т.д.
Например, интересный топ 20 техник по популярности у атакующих по версии MITRE и Red Canary
https://www.sans.org/cyber-security-summit/archives/dfir
www.sans.org
SANS Institute: Summit Archives
Computer security training, certification and free resources. We specialize in computer/network security, digital forensics, application security and IT audit.
Forwarded from RUSCADASEC news: Кибербезопасность АСУ ТП (Anton Shipulin)
Напомню, то год назад в январе OPAF опубликовала "business guide", которые рассказывает о целях организации
https://publications.opengroup.org/g182
https://publications.opengroup.org/g182
publications.opengroup.org
The Open Process Automation™ Business Guide
This Business Guide expresses the motivation and vision for a standards-based, open, interoperable, and secure process automation architecture as a business imperative for both users and suppliers of industrial control systems. The Open Group Open Process
IT Security Leaders Summit Recap 2018
http://m.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/IT-Security-Leaders-Summit-Recap-2018.aspx
http://m.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/IT-Security-Leaders-Summit-Recap-2018.aspx
Еще одна организация продолжает цифровую трансформацию. На рынке трула похоже опять не будет застоя в этом году.
ВТБ удвоит ИТ-штат, набрав тысячи новых программистов - CNews
http://www.cnews.ru/news/top/2019-02-07_bank_vtb_udvoit_itshtatnabrav_tysyachi_novyh_spetsialistov
ВТБ удвоит ИТ-штат, набрав тысячи новых программистов - CNews
http://www.cnews.ru/news/top/2019-02-07_bank_vtb_udvoit_itshtatnabrav_tysyachi_novyh_spetsialistov
CNews.ru
ВТБ удвоит ИТ-штат, набрав тысячи новых программистов - CNews
Завершив к началу 2018 г. интеграцию ВТБ24 в ВТБ, объединенный банк начал активно расширять ИТ-штат. В 2018 г. было набрано...
Forwarded from Vulnerability Management and more
No left boundary for Vulnerability Detection
It’s another common problem in nearly all #VulnerabilityManagement products. In the post “What’s wrong with patch-based #VulnerabilityManagement checks?” I wrote about the issues in plugin denoscriptions, now let’s see what can go wrong with the #detection logic.
The problem is that #VulnerabilityManagement vendors, in many cases, have no idea which versions of the Software were actually vulnerable.
OMG?! How this can be true? 🙂 Let’s take an example.
Each #vulnerability at some points in time:
* was implemented in the program code as a result of some mistake (intentional or not)
* existed in some versions of the program
* was detected and fixed
Read more about this in “Vulnerability Life Cycle and Vulnerability Disclosures“.
Let’s suppose that we have some Software A with released versions 1, 2 … 20.
Just before the release of #version 10, some programmer made a mistake (bug) in the code and since the #version 10 Software A has become critically vulnerable. Before the release of #version 20, Software Vendor was informed about this #vulnerability and some programmer fixed it in #version 20. Then Software Vendor released a security bulletin: “Critical vulnerabilities in the Software A. You are not vulnerable if you have installed the latest #version 20.”
And what does #VulnerabilityManagement vendor? This vendor only sees this #securitybulletin. It is logical for him to decide that all versions of Software A starting from 1 are vulnerable. So, it will mark installed versions 1 … 9 of the Software A as vulnerable, even so actually they are NOT.
#version #Ubuntu #securitybulletin #bug #VulnerabilityManagement #Concept
Read more: https://avleonov.com/2019/02/11/no-left-boundary-for-vulnerability-detection/
It’s another common problem in nearly all #VulnerabilityManagement products. In the post “What’s wrong with patch-based #VulnerabilityManagement checks?” I wrote about the issues in plugin denoscriptions, now let’s see what can go wrong with the #detection logic.
The problem is that #VulnerabilityManagement vendors, in many cases, have no idea which versions of the Software were actually vulnerable.
OMG?! How this can be true? 🙂 Let’s take an example.
Each #vulnerability at some points in time:
* was implemented in the program code as a result of some mistake (intentional or not)
* existed in some versions of the program
* was detected and fixed
Read more about this in “Vulnerability Life Cycle and Vulnerability Disclosures“.
Let’s suppose that we have some Software A with released versions 1, 2 … 20.
Just before the release of #version 10, some programmer made a mistake (bug) in the code and since the #version 10 Software A has become critically vulnerable. Before the release of #version 20, Software Vendor was informed about this #vulnerability and some programmer fixed it in #version 20. Then Software Vendor released a security bulletin: “Critical vulnerabilities in the Software A. You are not vulnerable if you have installed the latest #version 20.”
And what does #VulnerabilityManagement vendor? This vendor only sees this #securitybulletin. It is logical for him to decide that all versions of Software A starting from 1 are vulnerable. So, it will mark installed versions 1 … 9 of the Software A as vulnerable, even so actually they are NOT.
#version #Ubuntu #securitybulletin #bug #VulnerabilityManagement #Concept
Read more: https://avleonov.com/2019/02/11/no-left-boundary-for-vulnerability-detection/
Если вы решили начать принимать криптовалюту в оплату, вот небольшая шпаргалка от CIS на эту тему
https://www.cisecurity.org/white-papers/security-primer-cryptocurrency/
https://www.cisecurity.org/white-papers/security-primer-cryptocurrency/
CIS
Security Primer - CryptoCurrency
As cryptocurrency sees increased adoption, state, local, tribal, and territorial (SLTT) governments are encountering malware designed to steal or mine cryptocurrency or their systems are held for ransom payable only via cryptocurrency.