Forwarded from Vulnerability Management and more
Vulnerability Management vendors and Vulnerability Remediation problems
It’s not a secret, that #VulnerabilityManagement vendors don’t pay much attention to the actual process of fixing vulnerabilities, that they detect in the infrastructure (Vulnerability Remediation).
In fact, most of VM vendors see their job in finding a potential problem and providing a link to the Software Vendor’s website page with the #remediation denoscription. How exactly the #remediation will be done is not their business.
Remediation is a painful topic and it’s difficult to sell it as a ready-made solution. And even when Vulnerability Vendors try to sell it this way, it turns out pretty ugly and does not really work. Mainly because the Remediation feature is sold to the Security Team, and the IT Team will have to use it.
#Windows #remediation #patch #Linux #VulnerabilityManagement
Read more: https://avleonov.com/2019/04/29/vulnerability-management-vendors-and-vulnerability-remediation-problems/
It’s not a secret, that #VulnerabilityManagement vendors don’t pay much attention to the actual process of fixing vulnerabilities, that they detect in the infrastructure (Vulnerability Remediation).
In fact, most of VM vendors see their job in finding a potential problem and providing a link to the Software Vendor’s website page with the #remediation denoscription. How exactly the #remediation will be done is not their business.
Remediation is a painful topic and it’s difficult to sell it as a ready-made solution. And even when Vulnerability Vendors try to sell it this way, it turns out pretty ugly and does not really work. Mainly because the Remediation feature is sold to the Security Team, and the IT Team will have to use it.
#Windows #remediation #patch #Linux #VulnerabilityManagement
Read more: https://avleonov.com/2019/04/29/vulnerability-management-vendors-and-vulnerability-remediation-problems/
Cybersecurity: The key lessons of the Triton malware cyberattack you need to learn | ZDNet
https://www.zdnet.com/article/cybersecurity-the-key-lessons-of-the-triton-malware-cyberattack-you-need-to-learn/
https://www.zdnet.com/article/cybersecurity-the-key-lessons-of-the-triton-malware-cyberattack-you-need-to-learn/
ZDNet
Cybersecurity: The key lessons of the Triton malware cyberattack you need to learn | ZDNet
Triton is a particularly dangerous form of malware; learning these lessons could make you a lot safer.
This agency is preparing to score its cyber risk with a new algorithm
https://www.fedscoop.com/cyber-risk-aware-algorithm/
https://www.fedscoop.com/cyber-risk-aware-algorithm/
FedScoop
This agency is preparing to score its cyber risk with a new algorithm - FedScoop
The Department of Labor is integrating into its continuous monitoring dashboard a new algorithm that will measure the security of IT assets to help the agency address vulnerabilities over time. Known as the Agency-Wide Adaptive Risk Enumeration, or AWARE…
Federal Register :: Announcing Issuance of Federal Information Processing Standard (FIPS) 140-3, Security Requirements for Cryptographic Modules
https://www.federalregister.gov/documents/2019/05/01/2019-08817/announcing-issuance-of-federal-information-processing-standard-fips-140-3-security-requirements-for
https://www.federalregister.gov/documents/2019/05/01/2019-08817/announcing-issuance-of-federal-information-processing-standard-fips-140-3-security-requirements-for
Federal Register
Announcing Issuance of Federal Information Processing Standard (FIPS) 140-3, Security Requirements for Cryptographic Modules
This notice announces the Secretary of Commerce's issuance of Federal Information Processing Standard (FIPS) 140-3, Security Requirements for Cryptographic Modules. FIPS 140-3 includes references to existing International Organization for Standardization/…
Putin signs Runet law to cut Russia's internet off from rest of world | ZDNet
https://www.zdnet.com/article/putin-signs-runet-law-to-cut-russias-internet-off-from-rest-of-world/
https://www.zdnet.com/article/putin-signs-runet-law-to-cut-russias-internet-off-from-rest-of-world/
ZDNet
Putin signs Runet law to cut Russia's internet off from rest of world | ZDNet
Russia's sovereign internet bill has been signed into law, giving authorities an easier way to block content.
В США издан приказ на повышение качества подготовки кибербезопасников.
Executive Order on America’s Cybersecurity Workforce | The White House
https://www.whitehouse.gov/presidential-actions/executive-order-americas-cybersecurity-workforce/
Executive Order on America’s Cybersecurity Workforce | The White House
https://www.whitehouse.gov/presidential-actions/executive-order-americas-cybersecurity-workforce/
The White House
Executive Order on America’s Cybersecurity Workforce | The White House
By the authority vested in me as President by the Constitution and the laws of the United States of America, and to better ensure continued American econom
DHS Sets List of National Critical Functions, Marking Shift from CI Sectors – MeriTalk
https://www.meritalk.com/articles/dhs-sets-list-of-national-critical-functions-marking-shift-from-ci-sectors/
https://www.meritalk.com/articles/dhs-sets-list-of-national-critical-functions-marking-shift-from-ci-sectors/
Meritalk
DHS Sets List of National Critical Functions, Marking Shift from CI Sectors
The Department of Homeland Security (DHS) and its Cybersecurity and Infrastructure Security Agency (CISA) released a list of 55 “national critical functions” today, signaling a shift from protecting specific critical infrastructure sectors to protecting specific…
Теперь для устранения критических уязвимостей в интернет системах американским фоив дают 15 дней, а не 30, как раньше.
DHS Shortens Deadline For Gov Agencies to Fix Critical Flaws | Threatpost
https://threatpost.com/dhs-deadline-gov-agencies-fix-critical/144269/
DHS Shortens Deadline For Gov Agencies to Fix Critical Flaws | Threatpost
https://threatpost.com/dhs-deadline-gov-agencies-fix-critical/144269/
Threat Post
DHS Shortens Deadline For Gov Agencies to Fix Critical Flaws
A new binding directive gives U.S. agencies just 15 days - as opposed to 30 days - to remediate critical flaws on their systems.
Американская счетная палата считает, что 6 человек мало для обспечения кибербезопасности американских трубопроводов.
Only six TSA staffers are overseeing US oil & gas pipeline security | ZDNet
https://www.zdnet.com/article/only-six-tsa-staffers-are-overseeing-us-oil-gas-pipeline-security/
Only six TSA staffers are overseeing US oil & gas pipeline security | ZDNet
https://www.zdnet.com/article/only-six-tsa-staffers-are-overseeing-us-oil-gas-pipeline-security/
ZDNet
Only six TSA staffers are overseeing US oil & gas pipeline security
GAO report highlight lack of oil & gas security staff, outdated cyber-security risk assessment methodologies.
How a data-driven approach to security helps a small healthcare team embrace automation | CSO Online
https://www.csoonline.com/article/3390683/how-a-data-driven-approach-to-security-helps-a-small-healthcare-team-embrace-automation.html
https://www.csoonline.com/article/3390683/how-a-data-driven-approach-to-security-helps-a-small-healthcare-team-embrace-automation.html
CSO Online
How a data-driven approach to security helps a small healthcare team embrace automation
Not-for-profit Martin's Point Health Care created a data-driven security framework to automate how threats are evaluated.
Гартнер в 2019 планирует обновить исследования по vulnerability management.
https://blogs.gartner.com/blog/category/all/?c=vulnerability-management
https://blogs.gartner.com/blog/category/all/?c=vulnerability-management
Forwarded from RUSCADASEC news: Кибербезопасность АСУ ТП (Anton Shipulin)
Обновилась база техник атакующих MITRE ATT&CK. Кратко на фото, зеленные - новые техники, жёлтым - изменённые
https://attack.mitre.org/resources/updates/updates-april-2019/index.html
https://attack.mitre.org/resources/updates/updates-april-2019/index.html