ISACARuSec – Telegram
ISACARuSec
@IsacaRuSec
2.27K subscribers
1.78K photos
13 videos
303 files
5.65K links
Канал направления ИБ Московского отделения ISACA

Направление канала новости ISACA, новости в области управления ИБ в России и мире, обмен лучшими практиками.

https://engage.isaca.org/moscow/home

Связь с администрацией
@popepiusXIII
Download Telegram
About
Blog
Apps
Platform
Join
ISACARuSec
2.27K subscribers
ISACARuSec
To tackle vulnerabilities in the UEFI space, the duo proposed a multi-step ideal scenerio to work toward:

Promote software bills of materials (SBOMS) extending to the firmware level
Have vendors include the intent of the components of the system
Produce analysis of code
Provide public risk scoring
Reduce purchasing of products that shape up poorly

https://www.scmagazine.com/home/security-news/vulnerabilities/dhs-announces-program-to-mitigate-vulnerabilities-below-the-operating-system/
SC Media
Cybersecurity News Articles | SC Media
The latest in IT security news and information for cybersecurity professionals.
302 views
ISACARuSec
https://www.eventbrite.com/e/cybersecurity-risk-management-virtual-event-series-part-1-tickets-153961363583
Eventbrite
Cybersecurity Risk Management Virtual Event Series: Part 1
International Cybersecurity Risk Management: Promoting Interoperability through Standards and Frameworks
283 views
ISACARuSec
https://twitter.com/cyb3rops/status/1338180505511063554
Twitter
Florian Roth
We'd like to share a draft of a Sigma extension named "Sigma Correlations" that extends the standard & allows the definition of aggregations & relations between Sigma rules - please provide feedback in the issues section on Github 1drv.ms/w/s!AmV9jfmd5V…
277 viewsedited  
ISACARuSec
https://www.cyberlands.io/securityfintechmvp
www.cyberlands.io
Get to Know How to Secure Your FinTech MVP
What to take into account when you developing MVP with front-end \ web, mobile, back-end \ api and cloud pieces - and need to securely store at least some customer data
258 views
ISACARuSec
https://gca.globalcyberalliance.org/cyber-trends-2021-resource-page
268 views
ISACARuSec
https://twitter.com/ArchieScorp/status/1397080637811609601
Twitter
Alexander Redchits
Marco Lancini, автор блога CloudSecDocs (cloudsecdocs.com), выпустил страницу, на которой собрал все активности, относящиеся к построению полноценной программы безопасности в современной облачной среде roadmap.cloudsecdocs.com
279 viewsedited  
ISACARuSec
Forwarded from Пост Лукацкого
Завтра в онлайне пройдет два GDPR Day, посвященных GDPR-дню. Я участвую в одном из GDPR-дней (https://t.co/ZcldD6SD1n) с рассказом об уведомлениях по утечкам ПДн в соответствие с требованиями GDPR. Всех с днем GDPR!
— Alexey Lukatsky (@alukatsky) May 24, 2021
gdprday.ru
GDPR Day Russia
Практическая онлайн-конференция по GDPR для бизнеса и специалистов по защите персональных данных
157 views
ISACARuSec
В рамках конференции DevOpsConf2021 традиционно будет представлена серия докладов, посвященных технологиям DevSecOps.

Дни конференции 31 мая и 1 июня.

Подробности и билеты https://devopsconf.io/moscow/2021
devopsconf.io
Профессиональная конференция по интеграции процессов разработки, тестирования и эксплуатации 2021
284 views
ISACARuSec
Forwarded from SecAtor
VMware выпустили апдейт, исправляющий новую уязвимость CVE-2021-21985, которой подвержен vCenter версий 6.5, 6.7 и 7.0.

Ошибка является критической (9.8 из 10 по CVSS) и позволяет злоумышленнику осуществить удаленное выполнение кода (RCE) без прохождения аутентификации. Для этого хакеру нужно лишь иметь доступ к 443 порту. Уязвимость находится в модуле vSAN Health Check, который по умолчанию включен во всех развернутых vCenter.

CVE-2021-21985 была найдена исследователями из китайской Qihoo 360, которые в феврале подгадили VMware, резко выпустив PoC для критической CVE-2021-21972 в том же самом vCenter.

В дополнение к указанной критической дырке свежий патч закрывает также CVE-2021-21986 с критичностью 6,5, которая связана с механизмом аутентификации в нескольких модулях vCenter. Но это, на самом деле, не так важно. Поскольку закрыв более критичную ошибку вы закроете и эту.

Ну а кто при таких вводных не будет апдейтить свои vCenter - тот сам себе Дженнифер Псаки.
VMware Cloud Foundation (VCF) Blog
Home Page
VMware Cloud Foundation (VCF) - The simplest path to hybrid cloud that delivers consistent, secure and agile cloud infrastructure. Read more.
199 views
ISACARuSec
https://www.enisa.europa.eu/news/enisa-news/crossing-a-bridge-the-first-eu-cybersecurity-certification-scheme-is-availed-to-the-commission
ENISA
Crossing a bridge: the first EU cybersecurity certification scheme is availed to the Commission
The European Union Agency for Cybersecurity formally transmits to the European Commission the first candidate cybersecurity certification scheme on Common Criteria.
255 views
ISACARuSec
https://medium.com/the-recovering-analyst/xdr-requires-soar-in-enterprise-environments-9e60d62a42b4
Medium
XDR Requires SOAR In Enterprise Environments
Don’t settle for half baked SOAR capabilities slapped on an XDR solution when your organization requires enterprise response…
270 views
ISACARuSec
https://twitter.com/3dwave/status/1397426138989858819
272 viewsedited  
ISACARuSec
SP 1800-15, Mitigating Network-Based Attacks Using MUD | CSRC
https://csrc.nist.gov/publications/detail/sp/1800-15/final
CSRC | NIST
NIST Special Publication (SP) 1800-15, Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based…
The goal of the Internet Engineering Task Force’s Manufacturer Usage Denoscription (MUD) specification is for Internet of Things (IoT) devices to behave as the devices’ manufacturers intended. MUD provides a standard way for manufacturers to indicate the network…
264 views
ISACARuSec
https://twitter.com/teschulz/status/1397558854842568704
Twitter
Tim Schulz
List of Purple Team Blogs I've done: - NEW: Purple Maturity Model scythe.io/library/introd… - Why assume breach? scythe.io/library/why-as… - Pain of PowerShell: scythe.io/library/the-co… - Intro to Adversary Emulation: scythe.io/library/introd… #PurpleTeam…
263 viewsedited  
ISACARuSec
List of Purple Team Blogs I've done:
- NEW: Purple Maturity Model https://t.co/bHvSJjMFQY
- Why assume breach? https://t.co/x0JbXC3xRD
- Pain of PowerShell: https://t.co/qYq683nkes
- Intro to Adversary Emulation: https://t.co/KvMskh9etj
#PurpleTeam #infosec #PurpleTeamSummit
www.scythe.io
SCYTHE Library: Introducing the Purple Team Maturity Model
Today we are proposing a preliminary answer to that question, which initially started out as Advanced Purple Teaming and evolved into something even larger in scope (sidenote: Advanced Purple Teaming is coming). Our answer is what we are calling the Purple…
309 views
ISACARuSec
https://csrc.nist.gov/publications/detail/nistir/8320/draft
CSRC | NIST
NIST Internal or Interagency Report (NISTIR) 8320 (Draft), Hardware-Enabled Security: Enabling a Layered Approach to Platform Security…
In today’s cloud data centers and edge computing, attack surfaces have significantly increased, hacking has become industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computing…
273 views
ISACARuSec
Forwarded from ZLONOV security
This media is not supported in your browser
VIEW IN TELEGRAM
Про облака и их безопасность =) #пятничное
205 views
ISACARuSec
https://medium.com/anton-on-security/a-soc-tried-to-detect-threats-in-the-cloud-your-wont-believe-what-happened-next-4a2ba0ab5d81
Medium
A SOC Tried To Detect Threats in the Cloud … You Won’t Believe What Happened Next
Now, we all agree that various cloud technologies such as SaaS SIEM help your Security Operations Center (SOC). However, there’s also a need to talk about how traditional SOCs are challenged by the…
286 views
ISACARuSec
https://www.isaca.org/why-isaca/about-us/newsroom/press-releases/2021/it-security-and-risk-experts-share-ransomware-insights-in-the-colonial-pipeline-attack
ISACA
IT Security and Risk Experts Share Ransomware Insights in the Colonial Pipeline Attack
In the aftermath of the Colonial Pipeline attack, global IT association and learning community ISACA polled more than 1,200 members in the United States and found that 84 percent of respondents believe ransomware attacks will become more prevalent in the…
258 views
ISACARuSec
https://www.helpnetsecurity.com/2021/05/27/kali-linux-team-releases-kaboxer/
Help Net Security
Kali Linux team releases Kaboxer, a tool for managing applications in containers - Help Net Security
The Kali Linux team has released Kaboxer, a tool for packaging tricky applications into Docker containers and managing them on Kali Linux.
259 views
ISACARuSec
https://twitter.com/harshbothra_/status/1398287253533696001
Twitter
Harsh Bothra
I have created a simple mindmap to organise various test cases around Android Application Penetration Testing. Android Application Penetration Testing Mindmap: xmind.net/m/paUMuU I hope you find it useful. #appsec #mobileappsec #infosec #bugbountytips #bugbounty
339 viewsedited