NEW BOT Телеграм, страница - 190335384

ISACARuSec

2.26K subscribers

1.78K photos

13 videos

308 files

5.67K links

Канал направления ИБ Московского отделения ISACA

Направление канала новости ISACA, новости в области управления ИБ в России и мире, обмен лучшими практиками.

Связь с администрацией
@popepiusXIII

Download Telegram

About

Blog

Apps

Platform

2.26K subscribers

Forwarded from Sys-Admin InfoSec

Everyone Gets a Rootkit

Исследовательская группа Eclypsium выявила слабое место в возможностях WPBT Microsoft, которое может позволить злоумышленнику запустить вредоносный код с привилегиями ядра при загрузке устройства.

https://eclypsium.com/2021/09/20/everyone-gets-a-rootkit/

Add link:
https://techcommunity.microsoft.com/t5/itops-talk-blog/introduction-to-secured-core-computing/ba-p/2701672

Eclypsium | Supply Chain Security for the Modern Enterprise

Everyone Gets a Rootkit - Eclypsium | Supply Chain Security for the Modern Enterprise

In a connected, digitally transformed age, the term “no good deed goes unpunished” could perhaps be rephrased as “no good feature goes unexploited”. And so it is with ACPI, Microsoft WPBT, and every version of Windows since Windows 8.

211 views12:37

Forwarded from SecAtor

Google выпустила экстренное обновление Chrome 94.0.4606.61 для Windows, Mac и Linux, причиной стала критическая 0-day уязвимость, активно эксплуатируемая в дикой природе.

Ошибка CVE-2021-37973 возникла после устранения недостатков в Portals, новой системе навигации по веб-страницам Google для Chrome. Успешная эксплуатация этой уязвимости может позволить злоумышленникам выполнить произвольный код на компьютерах с уязвимыми версиями Chrome.

Существование эксплойта для CVE-2021-37973 было признано самим разработчиком. Это уже 11 исправленная 0-day уязвимость в веб-браузере Chrome с начала 2021 года.

Несмотря на то, что Google заявила, что обнаружила в дикой природе атаки с использованием CVE-2021-37973 подробности о инцидентов не разглашаются.

Доступ к деталям ограничен до тех пор, пока большинство пользователей не обновят исправление, а также пока дыра не будет устранена также в сторонней библиотеке, от которой аналогичным образом зависят другие проекты.

Настоятельно рекомендуем не дожидаться подробностей и накатывать обновления Google Chrome, которые кстати уже доступны.

Chrome Releases

Stable Channel Update for Desktop

The Stable channel has been updated to 94.0.4606.61 for Windows, Mac and Linux which will roll out over the coming days/weeks A full list of...

175 views15:19

https://twitter.com/craiu/status/1442485291533619206

Security Analyst Summit (SAS) is an annual event that attracts high-caliber anti-malware researchers, global law enforcement agencies and CERTs and senior executives from financial services, technology, healthcare, academia and government agencies.

1 day 1 hour until #TheSAS2021 starts! Registration at: thesas2021.online

445 viewsedited 05:22

https://m.youtube.com/watch?v=IFqfCkT4X8w

434 views06:06

https://therecord.media/microsoft-adds-novel-feature-to-exchange-servers-to-allow-it-to-deploy-emergency-temporary-fixes/amp/

The Record by Recorded Future

Microsoft adds novel feature to Exchange servers to allow it to deploy emergency temporary fixes

Microsoft will roll out tomorrow a new security feature for its Exchange email servers named the Emergency Mitigation (EM) service that can automatically install temporary mitigations to block attacks until Microsoft is ready to release official patches.

425 views06:15

https://twitter.com/EUHomeAffairs/status/1442391317510754307

EU Home Affairs

📣The #CyberSecMonth is almost here! Each year, for the entire month of October, hundreds of activities promoting cybersecurity take place across Europe, including conferences, workshops, training sessions, webinars, presentations and more. Stay tuned👉cyb…

417 viewsedited 06:17

https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/

New Azure Active Directory password brute-forcing flaw has no fix

Microsoft says AD authentication responses are working as intended.

453 views16:09

417 views17:36

406 views17:36

#SAS21 slides by Diego Comas, Sourcegraph

396 viewsedited 17:37

420 views17:46

405 views17:47

402 views17:53

404 views17:53

https://www.microsoft.com/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/

Secure containerized environments with updated threat matrix for Kubernetes

The updated threat matrix for Kubernetes adds new techniques found by Microsoft researchers, as well as techniques that were suggested by the community.

437 views17:55

469 views17:55

479 views17:58

505 views18:18

https://www.meritalk.com/articles/cisa-releases-draft-guidance-for-transition-to-ipv6/

CISA Releases Draft Guidance for Transition to IPv6

<div class="at-above-post addthis_tool" data-url="https://www.meritalk.com/articles/cisa-releases-draft-guidance-for-transition-to-ipv6/"></div>Federal agencies are on the clock to transition networks and systems to using Internet Protocol version 6 (IPv6)…

480 views16:28

https://csrc.nist.gov/publications/detail/sp/800-204c/draft

NIST Special Publication (SP) 800-204C (Draft), Implementation of DevSecOps for a Microservices-based Application with Service…

Cloud-native applications have evolved into a standardized architecture consisting of multiple loosely coupled components called microservices (implemented as containers), supported by code for providing application services called service mesh. Both of these…

471 views04:36

https://therecord.media/facebook-open-sources-internal-tool-used-to-detect-security-bugs-in-android-apps/amp/

The Record by Recorded Future

Facebook open-sources internal tool used to detect security bugs in Android apps

Facebook has open-sourced Mariana Trench, one of its internal security tools, used by its security teams for finding and fixing bugs in Android and Java applications.

458 views05:12