No actively exploited zero-days have been found in Linux, Safari, or macOS since 2014, when Google began tracking this stat.
2019 was the first year when an Android zero-day was discovered.
Not all zero-days impacted the latest version of the OS/software.
Google suspects some software vendors are hiding actively exploited zero-days as mundane bugfixes.
Google says there's a detection bias towards Microsoft, as there are more security tools specialized in detecting Windows bugs.
Google says it's hard to find zero-days on mobile platforms due to walled garden and app sandbox approaches.
63% of 2019's 0-day vulnerabilities were memory corruption bugs (Same 63% figure also applies to 2020 H1's zero-days. This is also in tune with stats released by Microsoft and Google in 2019, both claiming that 70% of all Microsoft security bugs and 70% of all Chrome vulnerabilities are memory safety issues) (In 2020, 63% of all).
Google said that it plans to publish an annual Zero-Day Year in Review report each year, going forward.
2019 was the first year when an Android zero-day was discovered.
Not all zero-days impacted the latest version of the OS/software.
Google suspects some software vendors are hiding actively exploited zero-days as mundane bugfixes.
Google says there's a detection bias towards Microsoft, as there are more security tools specialized in detecting Windows bugs.
Google says it's hard to find zero-days on mobile platforms due to walled garden and app sandbox approaches.
63% of 2019's 0-day vulnerabilities were memory corruption bugs (Same 63% figure also applies to 2020 H1's zero-days. This is also in tune with stats released by Microsoft and Google in 2019, both claiming that 70% of all Microsoft security bugs and 70% of all Chrome vulnerabilities are memory safety issues) (In 2020, 63% of all).
Google said that it plans to publish an annual Zero-Day Year in Review report each year, going forward.
ITL Bulletin , Security Considerations for Exchanging Files Over the Internet | CSRC
https://csrc.nist.gov/publications/detail/itl-bulletin/2020/08/security-considerations-for-exchanging-files-over-the-internet/final
https://csrc.nist.gov/publications/detail/itl-bulletin/2020/08/security-considerations-for-exchanging-files-over-the-internet/final
CSRC | NIST
ITL Bulletin August 2020, Security Considerations for Exchanging Files Over the Internet
Every day, in order to perform their jobs, workers exchange files over the Internet through email attachments, file sharing services, and other means. To help organizations reduce potential exposure of sensitive information, NIST has released a new Information…
Forwarded from Пост Лукацкого
Проект национального стандарта ГОСТ Р
«Защита информации. Обнаружение, предупреждение и ликвидация последствий компьютерных атак и реагирование на компьютерные инциденты. Термины и определения» https://t.co/N0WAs5uirc— Alexey Lukatsky (@alukatsky) August 4, 2020
«Защита информации. Обнаружение, предупреждение и ликвидация последствий компьютерных атак и реагирование на компьютерные инциденты. Термины и определения» https://t.co/N0WAs5uirc— Alexey Lukatsky (@alukatsky) August 4, 2020
Cyber Career Pathways Tool | National Initiative for Cybersecurity Careers and Studies
https://niccs.us-cert.gov/workforce-development/cyber-career-pathways
https://niccs.us-cert.gov/workforce-development/cyber-career-pathways
National Initiative for Cybersecurity Careers and Studies
Cyber Career Pathways Tool
Interactively explore the NICE Cybersecurity Workforce Framework according to five distinct skill communities and attributes for 52 work roles.
AI-enabled future crime | Crime Science | Full Text
https://crimesciencejournal.biomedcentral.com/articles/10.1186/s40163-020-00123-8
https://crimesciencejournal.biomedcentral.com/articles/10.1186/s40163-020-00123-8
SpringerLink
AI-enabled future crime
Crime Science - A review was conducted to identify possible applications of artificial intelligence and related technologies in the perpetration of crime. The collected examples were used to devise...
Forwarded from Пост Лукацкого
ФСТЖК выложила проект ГОСТа по мониторингу ИБ - https://t.co/MABIsGZgdu
— Alexey Lukatsky (@alukatsky) August 11, 2020
— Alexey Lukatsky (@alukatsky) August 11, 2020
fstec.ru
Проект национального стандарта ГОСТ Р - ФСТЭК России
Официальный сайт Федеральной службы по техническому и экспортному контролю (ФСТЭК России)
SP 800-207, Zero Trust Architecture | CSRC
https://csrc.nist.gov/publications/detail/sp/800-207/final
https://csrc.nist.gov/publications/detail/sp/800-207/final
CSRC | NIST
NIST Special Publication (SP) 800-207, Zero Trust Architecture
Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources. A zero trust architecture (ZTA) uses zero trust principles to plan industrial and…
Программа Yandex Scale 2020
https://cloud.yandex.ru/events/scale-2020/program
separated security track
https://cloud.yandex.ru/events/scale-2020/program
separated security track
Программа Yandex Scale 2020
О чём рассказывали на большой конференции облачной платформы Яндекса