NEW BOT Телеграм, страница - 86731149

ISACARuSec

2.27K subscribers

1.77K photos

13 videos

303 files

5.64K links

Канал направления ИБ Московского отделения ISACA

Направление канала новости ISACA, новости в области управления ИБ в России и мире, обмен лучшими практиками.

https://engage.isaca.org/moscow/home

Связь с администрацией
@popepiusXIII

Download Telegram

About

Blog

Apps

Platform

2.27K subscribers

"NPM is not the only repository being hit with malicious package versions, the PyPi (Python) and RubyGems (Ruby) repositories have also been hit. Make sure that your CI process includes only including vetted versions of packages, then check to make sure none of your vetted versions are listed as compromised."

https://threatpost.com/malicious-npm-code-packages-discord/176886/

Malicious npm Code Packages Built for Hijacking Discord Servers

The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases.

338 views07:16

https://siliconangle.com/2021/12/08/number-vulnerabilities-reported-2021-hits-new-record-high/

Number of vulnerabilities reported in 2021 hits record high - SiliconANGLE

306 views07:27

307 views07:27

У ниста есть ряд материалов переведенных на другие языки (арабский, португальский..... русского нет)

https://www.nist.gov/cybersecurity/translations-nist-cybersecurity-and-privacy-resources

Translations of NIST Cybersecurity and Privacy Resources

Cybersecurity Framework

299 views07:29

https://medium.com/anton-on-security/soc-technology-failures-do-they-matter-8abcffdc2cb5

SOC Technology Failures — Do They Matter?

Most failed Security Operations Centers (SOCs) that I’ve seen have not failed due to a technology failure. Lack of executive commitment…

277 views07:36

https://www.cisco.com/c/m/en_us/products/security/cybersecurity-reports/security-outcomes-executive-summary.html

2021 Security Outcomes Study Executive Summary

View the executive summary of our free cybersecurity report to learn how businesses can achieve better security outcomes.

274 views07:44

268 views07:47

https://twitter.com/ISACANews/status/1469387713996632067

Looking for a way to make compliance automation easier? Register now for this free ISACA webinar, worth 1 CPE, 16 December (Noon EST), sponsored by Adobe: bit.ly/3dIbUe6

287 viewsedited 07:48

https://twitter.com/ISACANews/status/1469449374862303240

The New Year is only a few weeks away – do you have your governance goals set for 2022? Read the latest in our ISACA Now Blog series for next year’s top priorities for governance pros. bit.ly/3oFGag1

300 viewsedited 07:55

https://www.computerweekly.com/news/252510505/IT-Priorities-2022-Pandemics-long-tail-for-cyber-buyers

ComputerWeekly.com

IT Priorities 2022: Pandemic’s long tail for cyber buyers

Pandemic response has been top of mind for cyber leaders these past 18 months, and as Covid-19 turns two, the TechTarget/Computer Weekly IT Priorities 2022 study shows buyers are still focused on h...

325 views08:04

https://www.kaspersky.com/blog/burnout-guide-for-ciso/43118/

Five steps to prevent burnout in SOC teams

Kaspersky’s security operations center head explains his approach to burnout prevention in SOC teams.

353 views08:09

https://www.gartner.com/en/articles/the-15-minute-7-slide-security-presentation-for-your-board-of-directors

The 15-Minute, 7-Slide Security Presentation for Your Board of Directors

When a request comes in to give a #cybersecurity presentation to the board, security leaders should jump at the chance to educate the executives ✍ Check out @Gartner_IT’s guide on delivering a 15-minute cybersecurity presentation to the board. #GartnerSEC

353 views06:35

https://itwire.com/guest-articles/sme-s-seeking-governance-program-get-tailored-road-map-in-new-cobit-resource.html

iTWire - SMEs seeking governance program get tailored road map in new COBIT resource

Company News: The benefits of good governance systems are widely acknowledged, but often governance programs in smaller organisations are nonexistent or immature. Small and medium-sized enterprises (S...

352 views06:41

https://twitter.com/cyb3rops/status/1469671300285222917

Florian Roth ⚡️

What people seem to miss: The #Log4Shell vulnerability isn't just a RCE 0day. It's a vulnerability that causes hundreds and thousands of 0days in all kinds of software products. It's a 0day cluster bomb.

367 viewsedited 06:41

https://reply-to-all.blogspot.com/2021/12/soc.html

SOC на удаленке

Удаленка - отличный способ оценки зрелости ваших процессов! В период пандемии многие предприятия были вынуждены уйти на удаленную работу. По...

378 views06:46

Твит от Florian Roth ⚡️ (@cyb3rops)
https://twitter.com/cyb3rops/status/1469596693066829836

Florian Roth ⚡️

1/ #Log4Shell Status determination # Block Rules / Log-Based Detection There's no effective or rather gapless way to detect attacks that use log4shell due to the many ways to obfuscate the strings. Don't put too much trust in any filter/detection pattern.…

393 viewsedited 06:50

Forwarded from Пост Лукацкого

А вот и обзор зарплат специалистов по ИБ в России - https://lukatsky.ru/trends/obzor-zarplat-spetsialistov-po-ib-v-rossii.html

Бизнес без опасности - Блог, выступления, статьи, лекции, книги и немного юмора про кибербезопасность от Алексея Лукацкого

Обзор зарплат специалистов по ИБ в России - Бизнес без опасности

Для начала приношу свои извинения, что затянул с итогами. Мероприятий под конец года навалило... Вы никогда не задумывались, платят вам достаточную зарплату или нет? И насколько вы можете рассчитывать, если решите уехать из своего города в Москву? И сколько…

129 views09:22

Forwarded from Vulnerability Management and more

> And we will learn about others with the release of new vendor bulletins

OMG VMware https://www.vmware.com/security/advisories/VMSA-2021-0028.html At least 39 products, CVSS 10

203 views13:11

Forwarded from Vulnerability Management and more

А good list of potentially vulnerable third-party products https://github.com/NCSC-NL/log4shell/tree/main/software #Log4Shell

log4shell/software at main · NCSC-NL/log4shell

Operational information regarding the log4shell vulnerabilities in the Log4j logging library. - NCSC-NL/log4shell

198 views13:55

https://twitter.com/SANSDefense/status/1470113237362483210

SANS Cyber Defense

🚨⭐TOMORROW ⭐🚨 Join @bettersafetynet @johullrich @bojanz for this EMERGENCY LIVE STREAM on the newly published #RCE vulnerability #log4j Learn what blue teams can do to detect the attack & protect their environments against it. Join: youtu.be/oC2PZB5D3Ys

372 viewsedited 16:35