ISACARuSec – Telegram
ISACARuSec
@IsacaRuSec
2.27K subscribers
1.78K photos
13 videos
303 files
5.65K links
Канал направления ИБ Московского отделения ISACA

Направление канала новости ISACA, новости в области управления ИБ в России и мире, обмен лучшими практиками.

https://engage.isaca.org/moscow/home

Связь с администрацией
@popepiusXIII
Download Telegram
About
Blog
Apps
Platform
Join
ISACARuSec
2.27K subscribers
ISACARuSec
В рамках конференции DevOpsConf2021 традиционно будет представлена серия докладов, посвященных технологиям DevSecOps.

Дни конференции 31 мая и 1 июня.

Подробности и билеты https://devopsconf.io/moscow/2021
devopsconf.io
Профессиональная конференция по интеграции процессов разработки, тестирования и эксплуатации 2021
284 views
ISACARuSec
Forwarded from SecAtor
VMware выпустили апдейт, исправляющий новую уязвимость CVE-2021-21985, которой подвержен vCenter версий 6.5, 6.7 и 7.0.

Ошибка является критической (9.8 из 10 по CVSS) и позволяет злоумышленнику осуществить удаленное выполнение кода (RCE) без прохождения аутентификации. Для этого хакеру нужно лишь иметь доступ к 443 порту. Уязвимость находится в модуле vSAN Health Check, который по умолчанию включен во всех развернутых vCenter.

CVE-2021-21985 была найдена исследователями из китайской Qihoo 360, которые в феврале подгадили VMware, резко выпустив PoC для критической CVE-2021-21972 в том же самом vCenter.

В дополнение к указанной критической дырке свежий патч закрывает также CVE-2021-21986 с критичностью 6,5, которая связана с механизмом аутентификации в нескольких модулях vCenter. Но это, на самом деле, не так важно. Поскольку закрыв более критичную ошибку вы закроете и эту.

Ну а кто при таких вводных не будет апдейтить свои vCenter - тот сам себе Дженнифер Псаки.
VMware Cloud Foundation (VCF) Blog
Home Page
VMware Cloud Foundation (VCF) - The simplest path to hybrid cloud that delivers consistent, secure and agile cloud infrastructure. Read more.
199 views
ISACARuSec
https://www.enisa.europa.eu/news/enisa-news/crossing-a-bridge-the-first-eu-cybersecurity-certification-scheme-is-availed-to-the-commission
ENISA
Crossing a bridge: the first EU cybersecurity certification scheme is availed to the Commission
The European Union Agency for Cybersecurity formally transmits to the European Commission the first candidate cybersecurity certification scheme on Common Criteria.
255 views
ISACARuSec
https://medium.com/the-recovering-analyst/xdr-requires-soar-in-enterprise-environments-9e60d62a42b4
Medium
XDR Requires SOAR In Enterprise Environments
Don’t settle for half baked SOAR capabilities slapped on an XDR solution when your organization requires enterprise response…
270 views
ISACARuSec
https://twitter.com/3dwave/status/1397426138989858819
272 viewsedited  
ISACARuSec
SP 1800-15, Mitigating Network-Based Attacks Using MUD | CSRC
https://csrc.nist.gov/publications/detail/sp/1800-15/final
CSRC | NIST
NIST Special Publication (SP) 1800-15, Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based…
The goal of the Internet Engineering Task Force’s Manufacturer Usage Denoscription (MUD) specification is for Internet of Things (IoT) devices to behave as the devices’ manufacturers intended. MUD provides a standard way for manufacturers to indicate the network…
264 views
ISACARuSec
https://twitter.com/teschulz/status/1397558854842568704
Twitter
Tim Schulz
List of Purple Team Blogs I've done: - NEW: Purple Maturity Model scythe.io/library/introd… - Why assume breach? scythe.io/library/why-as… - Pain of PowerShell: scythe.io/library/the-co… - Intro to Adversary Emulation: scythe.io/library/introd… #PurpleTeam…
263 viewsedited  
ISACARuSec
List of Purple Team Blogs I've done:
- NEW: Purple Maturity Model https://t.co/bHvSJjMFQY
- Why assume breach? https://t.co/x0JbXC3xRD
- Pain of PowerShell: https://t.co/qYq683nkes
- Intro to Adversary Emulation: https://t.co/KvMskh9etj
#PurpleTeam #infosec #PurpleTeamSummit
www.scythe.io
SCYTHE Library: Introducing the Purple Team Maturity Model
Today we are proposing a preliminary answer to that question, which initially started out as Advanced Purple Teaming and evolved into something even larger in scope (sidenote: Advanced Purple Teaming is coming). Our answer is what we are calling the Purple…
309 views
ISACARuSec
https://csrc.nist.gov/publications/detail/nistir/8320/draft
CSRC | NIST
NIST Internal or Interagency Report (NISTIR) 8320 (Draft), Hardware-Enabled Security: Enabling a Layered Approach to Platform Security…
In today’s cloud data centers and edge computing, attack surfaces have significantly increased, hacking has become industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computing…
273 views
ISACARuSec
Forwarded from ZLONOV security
This media is not supported in your browser
VIEW IN TELEGRAM
Про облака и их безопасность =) #пятничное
205 views
ISACARuSec
https://medium.com/anton-on-security/a-soc-tried-to-detect-threats-in-the-cloud-your-wont-believe-what-happened-next-4a2ba0ab5d81
Medium
A SOC Tried To Detect Threats in the Cloud … You Won’t Believe What Happened Next
Now, we all agree that various cloud technologies such as SaaS SIEM help your Security Operations Center (SOC). However, there’s also a need to talk about how traditional SOCs are challenged by the…
286 views
ISACARuSec
https://www.isaca.org/why-isaca/about-us/newsroom/press-releases/2021/it-security-and-risk-experts-share-ransomware-insights-in-the-colonial-pipeline-attack
ISACA
IT Security and Risk Experts Share Ransomware Insights in the Colonial Pipeline Attack
In the aftermath of the Colonial Pipeline attack, global IT association and learning community ISACA polled more than 1,200 members in the United States and found that 84 percent of respondents believe ransomware attacks will become more prevalent in the…
258 views
ISACARuSec
https://www.helpnetsecurity.com/2021/05/27/kali-linux-team-releases-kaboxer/
Help Net Security
Kali Linux team releases Kaboxer, a tool for managing applications in containers - Help Net Security
The Kali Linux team has released Kaboxer, a tool for packaging tricky applications into Docker containers and managing them on Kali Linux.
259 views
ISACARuSec
https://twitter.com/harshbothra_/status/1398287253533696001
Twitter
Harsh Bothra
I have created a simple mindmap to organise various test cases around Android Application Penetration Testing. Android Application Penetration Testing Mindmap: xmind.net/m/paUMuU I hope you find it useful. #appsec #mobileappsec #infosec #bugbountytips #bugbounty
339 viewsedited  
ISACARuSec
https://www.helpnetsecurity.com/2021/05/24/state-of-appsec-2021/
Help Net Security
The state of AppSec and the journey to DevSecOps
A ZeroNorth survey of 250 global security, DevOps and IT professionals, highlights the current state of AppSec and the journey to DevSecOps.
253 views
ISACARuSec
https://rusrim.blogspot.com/2021/05/isotr-21332.html
Blogspot
ИСО: Опубликован техотчёт ISO/TR 21332 по связанным с облачными вычислениями вопросам безопасности и защиты персональных данных…
Сайт Международной организации по стандартизации (ИСО) сообщил о публикации в марте 2021 года нового технического отчёта ISO/TR 21332:2021 «...
272 views
ISACARuSec
Часть университетского курса в части безопасности.

https://github.com/ossu/computer-science#core-security
GitHub
GitHub - ossu/computer-science: 🎓 Path to a free self-taught education in Computer Science!
🎓 Path to a free self-taught education in Computer Science! - ossu/computer-science
302 viewsedited  
ISACARuSec
https://www.attack-community.org/event/
www.attack-community.org
2025 EU MITRE ATT&CK® Community Workshop
# EU MITRE ATT&CK® Community Workshop – Slide decks The 2025 EU ATT&CK Community Workshop has taken place on 15 May 2025. The slide decks of the presentations at the event can be downloaded on the following link: Presentations at the 2025 EU MITRE ATT&CK…
279 views
ISACARuSec
https://www.weforum.org/whitepapers/cyber-resilience-in-the-oil-and-gas-industry-playbook-for-boards-and-corporate-officers
World Economic Forum
Cyber Resilience in the Oil and Gas Industry: Playbook for Boards and Corporate Officers
To help the energy industry improve its resilience against cyber risk, the World Economic Forum has convened over 40 senior executives to establish a blueprint for evaluating cyber risk across the oil and gas industry. This White Paper is the result of their…
282 views
ISACARuSec
Forwarded from Листок бюрократической защиты информации
Состав НПА по ПДн.pdf
222.5 KB
297 views
ISACARuSec
Forwarded from Security Wine (бывший - DevSecOps Wine) (Denis Yakimov)
Security Gym - Secure Software Development Training Platform

Security Gym - открытая open-source платформа Яндекса для проведения тренингов разработчиков безопасному программированию. Есть Python, Javanoscript, Golang. Поднимаются как баги OWASP, так и меры по исправлению уязвимостей. Поиграться без развертывания можно здесь.

#dev
235 views