ISACARuSec – Telegram
ISACARuSec
@IsacaRuSec
2.27K subscribers
1.78K photos
13 videos
303 files
5.66K links
Канал направления ИБ Московского отделения ISACA

Направление канала новости ISACA, новости в области управления ИБ в России и мире, обмен лучшими практиками.

https://engage.isaca.org/moscow/home

Связь с администрацией
@popepiusXIII
Download Telegram
About
Blog
Apps
Platform
Join
ISACARuSec
2.27K subscribers
ISACARuSec
https://www.gdatasoftware.com/blog/malware-family-naming-hell
Gdatasoftware
Malware family naming hell is our own fault
EternalPetya has more than 10 different names. Many do not realize that CryptoLocker is long dead. These are not isolated cases but symptoms of a systemic problem: The way we name malware does not work. Why does it happen and how can we solve it?
290 views
ISACARuSec
https://cloudsecuritypodcast.libsyn.com/website/modern-threat-detection-at-google
Libsyn
Cloud Security Podcast by Google: Modern Threat Detection at Google
Guest: , Security Engineering Manager in the Detection and Response team @ Google Topics: What is special about detecting modern threats in modern environments? How does the Google team turn the knowledge of threats into detection logic? Run through an…
297 views
ISACARuSec
https://csrc.nist.gov/publications/detail/sp/800-216/draft
CSRC | NIST
NIST Special Publication (SP) 800-216 (Draft), Recommendations for Federal Vulnerability Disclosure Guidelines
Reporting known or suspected security vulnerabilities in digital products is one of the best ways for developers and services to become aware of issues. Formalizing actions to accept, assess, and manage vulnerability disclosure reports can help reduce known…
279 views
ISACARuSec
Live stream from the FIRST 2021 security conference

FIRST stands for Forum of Incident Response and Security Teams

https://t.co/hTw2E0oZcz https://t.co/8M0DeZCvXN
315 views
ISACARuSec
https://twitter.com/cloudsa/status/1402037713239347210
Twitter
CloudSecurityAlliance
The European Commission has issued 2 new sets of #StandardContractualClauses that enhance requirements of the #GDPR. These clauses address some of the issues related to the transfer of personal data of EU/EEA citizens. Learn more in our blog: ow.ly/3V1Q50F4UhP
285 viewsedited  
ISACARuSec
Серия видео и других ресурсов по использованию материалов NIST зарубежом
https://www.nist.gov/cyberframework/international-resources
NIST
CSF 1.1 International Resources
General
314 viewsedited  
ISACARuSec
Стала возможной сертификация решений на соответствие бенчмаркам CIS.

https://www.cisecurity.org/blog/cis-configuration-certified-combines-security-and-function/
CIS
Blog | CIS Configuration Certified Combines Security and Function
The new CIS Benchmarks Configuration Certification enables vendors to develop new products with the CIS Benchmarks built in, tested, and certified.
289 views
ISACARuSec
https://www.cisecurity.org/blog/cis-benchmarks-june-2021-update/
CIS
Blog | CIS Benchmarks Update June 2021
News about recent CIS Benchmark releases, mappings to Controls v8, and upcoming webinars. Thanks to our community contributors!
286 views
ISACARuSec
328 views
ISACARuSec
Советы NIST по инфраструктуре
276 viewsedited  
ISACARuSec
https://twitter.com/yuridiogenes/status/1401875450281009155
Twitter
Yuri Diogenes
Have you heard about the ARM Template Best Practice Analyzer (BPA)? he Template BPA is an ARM template security validator that scans #ARM templates and checks that #security best practices are being followed before deployment. github.com/Azure/template…
271 viewsedited  
ISACARuSec
https://twitter.com/NISTcyber/status/1402379175441301504
Twitter
Cybersecurity @ NIST
The first official release of Open Security Controls Assessment Language (OSCAL) is now available for download! This release marks an important milestone for the OSCAL project & for the earlier adopters/implementers of OSCAL #securityautomation: pages.nist.gov/OSCAL/
277 viewsedited  
ISACARuSec
https://csrc.nist.gov/publications/detail/nistir/8336/draft
CSRC | NIST
NIST Internal or Interagency Report (NISTIR) 8336 (Draft), Background on Identity Federation Technologies for the Public Safety…
This report provides the public safety and first responder (PSFR) community with a basic primer on identity federation—a form of trust relationship and partnership involving the verification of a claimed identity. Identity federation technologies can help…
279 views
ISACARuSec
https://csrc.nist.gov/publications/detail/nistir/8374/draft
CSRC | NIST
NIST Internal or Interagency Report (NISTIR) 8374 (Withdrawn), Cybersecurity Framework Profile for Ransomware Risk Management
Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. In some instances, attackers may also steal an organization’s information and demand an additional payment in return for not disclosing…
286 views
ISACARuSec
https://securityintelligence.com/posts/using-fair-and-nist-csf-security-risk-management/
Security Intelligence
Using FAIR and NIST CSF for Security Risk Management
Risk management and assessments go together. Combine models like FAIR and NIST CSF with a risk-based approach to assess your cybersecurity position.
298 views
ISACARuSec
Forwarded from SecAtor
Одна из благодатных инфосек компаний - японская Trend Micro - выпустила статью из разряда "все что Вы хотели знать о ransomware, но боялись спросить".

Исследователи рассматривают эволюцию ransomware, а на примере банды вымогателей Nefilim подробно описывают работу подобных хакерских групп.

Nefilim, напомним, тоже русскоязычная бригада. По крайней мере, как говорили еще год назад эксперты из голландской Tesorion, они являются родственной группой вымогателям из Nemty, а уж последние свое происхождение засветили чуть более чем полностью, когда оставляли в коде ransomware приветы Кремезу в виде строчек из песен Скриптонита.

Конечно на звание всеобъемлющего гайда по ransomware статья японцев не претендует, но в качестве одного из базовых материалов про вымогателей зайдет очень даже. Мы, по крайней мере, с интересом прочитали.
Trendmicro
Modern Ransomware's Double Extortion Tactics and How to Protect Enterprises Against Them
Modern ransomware like Nefilim present new challenges and security concerns for enterprises across the world. How do these new families differ from traditional ransomware? And what can organizations do to mitigate risks?
202 views
ISACARuSec
https://twitter.com/cyb3rops/status/1403024255688773642
Twitter
Florian Roth
The slides of the 7th @MITREattack workshop are now online Agenda attack-community.org/event/ Slides web.tresorit.com/l/OUWDd#B7bBNM…
833 viewsedited  
ISACARuSec
https://cloudsecurityalliance.org/artifacts/telehealth-risk-management

https://cloudsecurityalliance.org/download/artifacts/telehealth-risk-management/
cloudsecurityalliance.org
Telehealth Risk Management | CSA
This paper focuses on having the processes and controls in place necessary to ensure the privacy and security of telehealth patient information in the cloud with respect to the HIPAA privacy rule and the GDPR. Maintaining the sanctity and integrity of healthcare…
289 viewsedited  
ISACARuSec
Как строить SOC в духе культуры хиппи.

https://www.socstock2021.com/
Socstock2021
SOCstock2021 - The Grooviest Event for Security Operations Professionals
SOCstock is a free-to-attend, one-day global virtual event from Siemplify and friends featuring speakers and attendees who are tackling the biggest challenges facing the security operations industry with the most moving ideas.
278 views
ISACARuSec
https://www.cockroachlabs.com/guides/2021-cloud-report/
Cockroach Labs
2021 Cloud Report
The 2021 Cloud Report is the only cloud performance report to compare AWS, Azure, and GCP on benchmarks that reflect critical applications and workloads.
267 views
ISACARuSec
Forwarded from SecAtor
Кевин Бэкхаус, исследователь GitHub Security Lab, нашел уязвимость в службе polkit в Linux, которая позволяет непривилегированному локальному пользователю получить рутовые права.

Polkit - это служба, предоставляющая возможность непривилегированным процессам запускать привилегированные. Используется в Ubuntu, Fedora, Red Hat и др.

Ошибка получила CVE-2021-3560 и была исправлена 3 июня. Судя по всему, она появилась в версии polkit 0.113 еще в ноябре 2013 года (а Baron Samedit в sudo просуществовала все 10 лет до своего исправления).

Эксплуатация уязвимости весьма проста и подробно описана Бэкхаусом в своей статье. Оценка критичности по CVSS - 7,8.

Всем, кто использует дистрибутивы с polkit рекомендуем обновиться (хотя это не RCE, конечно, и тем не менее).
The GitHub Blog
Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug
polkit is a system service installed by default on many Linux distributions. It’s used by systemd, so any Linux distribution that uses systemd also uses polkit.
180 views