Forwarded from proPLC
Стандарты IEC 62443
IEC 62443 является международным стандартом безопасности для систем управления промышленной автоматизацией, и его значение растет по мере того, как сети и контроллеры становятся взаимосвязанными.
Подробнее:
✏️What the IEC 62443 standard does for industrial cybersecurity
✏️Structure of IEC 62443
✏️Обеспечение безопасности АСУ ТП – краткий обзор семейства стандартов IEC 62443
IEC 62443 является международным стандартом безопасности для систем управления промышленной автоматизацией, и его значение растет по мере того, как сети и контроллеры становятся взаимосвязанными.
Подробнее:
✏️What the IEC 62443 standard does for industrial cybersecurity
✏️Structure of IEC 62443
✏️Обеспечение безопасности АСУ ТП – краткий обзор семейства стандартов IEC 62443
👍1
The Federal CIO Council’s Federal Mobility Group (FMG) has released the final version of its in-depth international travel guidance report. The new document details a series of best practices agencies can adopt to safeguard Government-Furnished Equipment (GFE) mobile devices—mobile phones, tablets, and laptop computers—against attacks while in use during travel to foreign countries. https://www.cio.gov/2022-02-18-final-international-travel-guidance/
www.cio.gov
The CIO Council is a forum of Federal Chief Information Officers (CIOs). Our goal is to improve IT practices across U.S. Government agencies.
Forwarded from CloudSec Wine (Артем Марков)
🔶🔷🔴 Cloud 9: Top Cloud Penetration Testing Tools
Here are nine cloud pen testing tools use by pentesters in 2022, and additional resources for enhancing your cloud pentesting skills.
https://bishopfox.com/blog/cloud-pen-testing-tools
#aws #azure #gcp
Here are nine cloud pen testing tools use by pentesters in 2022, and additional resources for enhancing your cloud pentesting skills.
https://bishopfox.com/blog/cloud-pen-testing-tools
#aws #azure #gcp
Bishop Fox
Cloud 9: Top Cloud Penetration Testing Tools
Here are nine of our favorite cloud pen testing tools use by our pen testers in 2022 and additional resources for enhancing your cloud pen testing skills.
Forwarded from SecurityLab.ru
В WhatsApp и других VoIP-приложениях обнаружены RCE-уязвимости
— Мессенджер WhatsApp и другие популярные VoIP-приложения используют библиотеку с открытым исходным кодом PJSIP, содержащую критические уязвимости удаленного выполнения кода.
— Успешная эксплуатация уязвимостей позволяет злоумышленнику удаленно выполнить код в приложении, использующем библиотеку PJSIP.
— По данным сайта Asterisk, программное обеспечение насчитывает около 2 млн загрузок в год и работает на 1 млн серверов в 170 странах.
https://www.securitylab.ru/news/530390.php
— Мессенджер WhatsApp и другие популярные VoIP-приложения используют библиотеку с открытым исходным кодом PJSIP, содержащую критические уязвимости удаленного выполнения кода.
— Успешная эксплуатация уязвимостей позволяет злоумышленнику удаленно выполнить код в приложении, использующем библиотеку PJSIP.
— По данным сайта Asterisk, программное обеспечение насчитывает около 2 млн загрузок в год и работает на 1 млн серверов в 170 странах.
https://www.securitylab.ru/news/530390.php
SecurityLab.ru
В WhatsApp и других VoIP-приложениях обнаружены RCE-уязвимости
Программы используют библиотеку с открытым исходным кодом PJSIP, содержащую критические проблемы.
Forwarded from Пост Лукацкого
В IETF идет обсуждение проекта свежего RFC (внесен в конце января этого года) по индикаторам компрометации
IETF Datatracker
Indicators of Compromise (IoCs) and Their Role in Attack Defence
Cyber defenders frequently rely on Indicators of Compromise (IoCs) to identify, trace, and block malicious activity in networks or on endpoints. This draft reviews the fundamentals, opportunities, operational limitations, and best practices of IoC use. It…
Hello,
We are writing to update ISACA members in Russia about the consequences of sanctions imposed as a result of the recent events in Ukraine.
As you may know, a number of sanctions against Russia have been imposed by the EU, US and others. The sanctions picture is very complicated and evolving, with the full impact and consequences still not entirely clear to anyone at this time.
To ensure we are in compliance with all legal requirements, ISACA is suspending all transactions via our website, and by any other means, with Russia.
For the time being, any member or certification holder whose membership or certification is due for renewal during this period will have their membership or certification extended to maintain the status quo while we continue to evaluate the requirements and effect of the applicable sanctions. This may of course have to change depending on how the sanctions situation changes and other developments that occur, and we will do our best to keep you apprised of any changes.
We appreciate your patience, understanding, and support during this difficult time, and we will share further updates as information becomes available.
Best regards,
David
David Samuelson
Chief Executive Officer
We are writing to update ISACA members in Russia about the consequences of sanctions imposed as a result of the recent events in Ukraine.
As you may know, a number of sanctions against Russia have been imposed by the EU, US and others. The sanctions picture is very complicated and evolving, with the full impact and consequences still not entirely clear to anyone at this time.
To ensure we are in compliance with all legal requirements, ISACA is suspending all transactions via our website, and by any other means, with Russia.
For the time being, any member or certification holder whose membership or certification is due for renewal during this period will have their membership or certification extended to maintain the status quo while we continue to evaluate the requirements and effect of the applicable sanctions. This may of course have to change depending on how the sanctions situation changes and other developments that occur, and we will do our best to keep you apprised of any changes.
We appreciate your patience, understanding, and support during this difficult time, and we will share further updates as information becomes available.
Best regards,
David
David Samuelson
Chief Executive Officer
👍2
Forwarded from AM Live
У NVIDIA украли также сертификат, которым можно подписать Windows-зловреда
https://www.anti-malware.ru/news/2022-03-05-114534/38288
https://www.anti-malware.ru/news/2022-03-05-114534/38288
Anti-Malware
У NVIDIA украли также сертификат, которым можно подписать Windows-зловреда
Просматривая многочисленные файлы, украденные у NVIDIA и слитые в Сеть, исследователи обнаружили два сертификата разработчика. Как оказалось, вирусописатели тоже нашли их и начали использовать,
👍1
Forwarded from CloudSec Wine (Артем Марков)
🔶 Let’s Architect! Architecting for Security
Post collecting security content to help you protect data, manage access, protect networks and applications, detect and monitor threats, and ensure privacy and compliance.
https://aws.amazon.com/ru/blogs/architecture/lets-architect-architecting-for-security
#aws
Post collecting security content to help you protect data, manage access, protect networks and applications, detect and monitor threats, and ensure privacy and compliance.
https://aws.amazon.com/ru/blogs/architecture/lets-architect-architecting-for-security
#aws