Forwarded from Пост Лукацкого
А вот и обзор зарплат специалистов по ИБ в России - https://lukatsky.ru/trends/obzor-zarplat-spetsialistov-po-ib-v-rossii.html
Бизнес без опасности - Блог, выступления, статьи, лекции, книги и немного юмора про кибербезопасность от Алексея Лукацкого
Обзор зарплат специалистов по ИБ в России - Бизнес без опасности
Для начала приношу свои извинения, что затянул с итогами. Мероприятий под конец года навалило... Вы никогда не задумывались, платят вам достаточную зарплату или нет? И насколько вы можете рассчитывать, если решите уехать из своего города в Москву? И сколько…
Forwarded from Vulnerability Management and more
> And we will learn about others with the release of new vendor bulletins
OMG VMware https://www.vmware.com/security/advisories/VMSA-2021-0028.html At least 39 products, CVSS 10
OMG VMware https://www.vmware.com/security/advisories/VMSA-2021-0028.html At least 39 products, CVSS 10
Forwarded from Vulnerability Management and more
А good list of potentially vulnerable third-party products https://github.com/NCSC-NL/log4shell/tree/main/software #Log4Shell
GitHub
log4shell/software at main · NCSC-NL/log4shell
Operational information regarding the log4shell vulnerabilities in the Log4j logging library. - NCSC-NL/log4shell
Через 2-3 дня и Российские СМИ надеемся проблему осветят.
А вообще это довольно редкая ситуация когда наличие уязвимости увязывается со снижением стоимости акции компаний с уязвимыми продуктами:
"Microsoft Corp. MSFT -0.92% , in an alert to customers, said “attackers are probing all endpoints for vulnerability.” Amazon.com Inc., AMZN -1.54% Twitter Inc. TWTR -2.11% and Cisco Systems Inc. CSCO -1.08% were among the companies that have said they were carrying out investigations into the depth of the problem. Amazon, the world’s biggest cloud computing company, said in a security alert, “We are actively monitoring this issue, and are working on addressing it.” "
https://www.wsj.com/articles/tech-giants-microsoft-amazon-and-others-warn-of-widespread-software-flaw-11639260827?mod=e2tw
А вообще это довольно редкая ситуация когда наличие уязвимости увязывается со снижением стоимости акции компаний с уязвимыми продуктами:
"Microsoft Corp. MSFT -0.92% , in an alert to customers, said “attackers are probing all endpoints for vulnerability.” Amazon.com Inc., AMZN -1.54% Twitter Inc. TWTR -2.11% and Cisco Systems Inc. CSCO -1.08% were among the companies that have said they were carrying out investigations into the depth of the problem. Amazon, the world’s biggest cloud computing company, said in a security alert, “We are actively monitoring this issue, and are working on addressing it.” "
https://www.wsj.com/articles/tech-giants-microsoft-amazon-and-others-warn-of-widespread-software-flaw-11639260827?mod=e2tw
WSJ
Software Flaw Sparks Global Race to Patch Bug
Cybersecurity researchers say they have seen thousands of attempts to exploit the bug.
https://www.nccoe.nist.gov/get-involved/attend-events/nccoe-virtual-workshop-cybersecurity-genomic-data
NCCoE Virtual Workshop on the Cybersecurity of Genomic Data
NCCoE Virtual Workshop on the Cybersecurity of Genomic Data
На случай если вдруг попросят выступить перед менеджментом из-за новой уязвимости log4j вот обновляемый шаблон презентации (на английском):
https://www.infosecinnovations.com/post/talking-to-leadership-about-log4j
https://www.infosecinnovations.com/post/talking-to-leadership-about-log4j
InfoSec Innovations
Talking to Leadership about Log4j
EDIT: made slight changes to deck from suggestions given by Mubix. Thanks so much! Let's face it, the Log4j issue is a mess. If you've not already done so, you'll need to present to your org's leadership very soon. This deck is a template you can use when…