DoD proposal would establish new Senate-confirmed IT officials for Army, Navy, Air Force | Federal News Network
https://federalnewsnetwork.com/defense-main/2019/05/dod-proposal-would-establish-new-senate-confirmed-it-officials-for-army-navy-air-force/
https://federalnewsnetwork.com/defense-main/2019/05/dod-proposal-would-establish-new-senate-confirmed-it-officials-for-army-navy-air-force/
Federal News Network
DoD proposal would establish new Senate-confirmed IT officials for Army, Navy, Air Force | Federal News Network
The tri-service proposal would elevate IT issues in each service’s organizational chart. Its chief advocate is the Department of the Navy, which has already expressed its desire to appoint an…
Lawmakers offer measure requiring cyber, IT training for House | TheHill
https://thehill.com/policy/cybersecurity/443152-lawmakers-offer-measure-requiring-cyber-it-training-for-house
https://thehill.com/policy/cybersecurity/443152-lawmakers-offer-measure-requiring-cyber-it-training-for-house
TheHill
Lawmakers offer measure requiring cyber, IT training for House
Lawmakers on Friday introduced a resolution to require members and employees of the House of Representatives to undergo annual cybersecurity and information technology training.
Forwarded from Пост Лукацкого
Концепция "низковисящих фруктов" и кибербезопасность https://t.co/9b6eKElcWw
— Alexey Lukatsky (@alukatsky) May 14, 2019
— Alexey Lukatsky (@alukatsky) May 14, 2019
Forwarded from Пост Лукацкого
Дональд Трамп подписал указ о защите информационных технологий США. Китайские ИТ/ИБ-компании могут попасть в черный список https://t.co/zKyJtnjBvp
— Alexey Lukatsky (@alukatsky) May 16, 2019
— Alexey Lukatsky (@alukatsky) May 16, 2019
Коммерсантъ
Дональд Трамп подписал указ о защите информационных технологий США
Подробнее на сайте
Hacktivist attacks dropped by 95% since 2015 | ZDNet
https://www.zdnet.com/article/hacktivist-attacks-dropped-by-95-since-2015/
https://www.zdnet.com/article/hacktivist-attacks-dropped-by-95-since-2015/
ZDNET
Hacktivist attacks dropped by 95% since 2015
Hacktivist scene collapses as Anonymous hacker collective dies a slow death.
Выбираете на какой ОС стоит безопасно строить свое частное облако? Ниже методический документ для этого.
P.s. Взгляните еще на hardening guide от red hat openstack.
https://cloudsecurityalliance.org/articles/cloud-security-alliance-releases-cloud-operating-system-security-specification-report/
P.s. Взгляните еще на hardening guide от red hat openstack.
https://cloudsecurityalliance.org/articles/cloud-security-alliance-releases-cloud-operating-system-security-specification-report/
Cloud Security Alliance
Cloud Security Alliance Releases Cloud | Cloud Security Alliance
Интересная статистика по ит инфраструктуре крупной компании
https://twitter.com/amontalenti/status/1129548391753691138?s=09
https://twitter.com/amontalenti/status/1129548391753691138?s=09
Twitter
Andrew Montalenti
"At Netflix, we have... - 100s of microservices - 1,000s of daily prod changes - 10,000s of AWS VMs - 100,000s customer interactions/sec - 1,000,000s of customers - 1,000,000,000s of time series metrics ... and we do this with 10s of ops engineers and 0 data…
Если ваши корпоративные телефоны это Huawei, то нужно оценить необходимость миграции на другого вендора, они имеют шансы остаться без патчей.
https://www.theverge.com/platform/amp/2019/5/19/18631558/google-huawei-android-suspension
https://www.theverge.com/platform/amp/2019/5/19/18631558/google-huawei-android-suspension
The Verge
Google pulls Huawei’s Android license, forcing it to use open source version
A dramatic escalation in the US war on Chinese tech firms
Forwarded from Vulnerability Management and more
I think that 2019 is the best and truly revolutionary year for the whole Vulnerability Management industry, since top VM vendors (well, at least 2 of them) finally publicly recognized the problem with Vulnerability Prioritization and began to offer some solutions.
The problem is that most of vulnerabilities that can be detected by a Vulnerability Scanner are actually unexploitable and worthless for an attacker. And it's hard to say which of them exactly. These can be vulnerabilities labeled as “Critical”, “High” level or with “Exploit exists”.
And you still have to fix such unexploitable vulnerabilities and face negative reactions from IT because of unnecessarily remediation efforts, down time, and “The Boy Who Cried Wolf” effect.
Certainly, it's not a secret for those who have ever launched a vulnerability scan, but this state of the things was here for decades (Tenable/Nessus, Qualys, Rapid7 are more than 20 years old!). "We give you information about vulnerabilities that we received from software vendors as is, and it's up to you how to make this data actionable". This always drove me crazy, and I am glad that finally some vendors started to talk publicly that it's not ok (of course, with their own marketing reasons).
The problem is that most of vulnerabilities that can be detected by a Vulnerability Scanner are actually unexploitable and worthless for an attacker. And it's hard to say which of them exactly. These can be vulnerabilities labeled as “Critical”, “High” level or with “Exploit exists”.
And you still have to fix such unexploitable vulnerabilities and face negative reactions from IT because of unnecessarily remediation efforts, down time, and “The Boy Who Cried Wolf” effect.
Certainly, it's not a secret for those who have ever launched a vulnerability scan, but this state of the things was here for decades (Tenable/Nessus, Qualys, Rapid7 are more than 20 years old!). "We give you information about vulnerabilities that we received from software vendors as is, and it's up to you how to make this data actionable". This always drove me crazy, and I am glad that finally some vendors started to talk publicly that it's not ok (of course, with their own marketing reasons).
Forwarded from ZLONOV security
Ранкинг TAdviser100: Крупнейшие ИТ-компании в России 2019 http://www.tadviser.ru/index.php/Статья:Ранкинг_TAdviser100:_Крупнейшие_ИТ-компании_в_России_2019
Теперь похоже требуют оценки и возможность замены поставок оборудования. Кто знает есть у huawei линейка оборудования на китайских процессорах?