ISACARuSec – Telegram
ISACARuSec
@IsacaRuSec
2.26K subscribers
1.76K photos
13 videos
303 files
5.62K links
Канал направления ИБ Московского отделения ISACA

Направление канала новости ISACA, новости в области управления ИБ в России и мире, обмен лучшими практиками.

https://engage.isaca.org/moscow/home

Связь с администрацией
@popepiusXIII
Download Telegram
About
Blog
Apps
Platform
Join
ISACARuSec
2.26K subscribers
ISACARuSec
Forwarded from Security Wine (бывший - DevSecOps Wine) (Denis Yakimov)
How Flipkart Reacts to Security Vulnerabilities

Пятница - отличный день, чтобы вернуться к постам после продолжительного перерыва. Начнем мы с несложной темы для восприятия - с организационных процессов.

Команда Flipkart рассказывает, как устроены их AppSec-процессы по обработке уязвимостей: источники уязвимости, как они выглядят в Jira (Flipkart не стала идти по пути платформизации AppSec'а), какие есть роли в процессе по устранению уязвимостей, атрибуты, что такое "иммунизация", из чего состоит их обучение разработчиков.

https://blog.flipkart.tech/how-flipkart-reacts-to-security-vulnerabilities-17dae9b0661e

#dev
Medium
How Flipkart Reacts to Security Vulnerabilities
Strategies and procedures at Flipkart for making software immune to recurring vulnerabilities
321 views
ISACARuSec
https://www.bleepingcomputer.com/news/security/atlassian-fixes-critical-jira-authentication-bypass-vulnerability/
BleepingComputer
Atlassian fixes critical Jira authentication bypass vulnerability
Atlassian has published a security advisory to alert that its Jira and Jira Service Management products are affected by a critical authentication bypass vulnerability in Seraph, the company's web application security framework.
👍1
603 views
ISACARuSec
Forwarded from Пост Лукацкого
Вышла новая, 11-я версия MITRE ATT&CK. Обновили техники, группы, ПО для корпоративной, мобильной и промышленных платформ. Серьезные изменения коснулись раздела по обнаружению техник
👍1
235 views
ISACARuSec
https://csrc.nist.gov/publications/detail/sp/1800-33/draft
CSRC | NIST
NIST Special Publication (SP) 1800-33 (Draft), 5G Cybersecurity (Preliminary Draft)
Organizations face significant challenges in transitioning from 4G to 5G usage, particularly the need to safeguard new 5G-using technologies at the same time that 5G development, deployment, and usage are evolving. Some aspects of securing 5G components and…
539 views
ISACARuSec
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/enhanced-antimalware-protection-in-microsoft-defender-for/ba-p/3290320
TECHCOMMUNITY.MICROSOFT.COM
Enhanced Antimalware Protection in Microsoft Defender for Endpoint Android
Update: Enhanced antimalware protection for Android is now generally available.    We are excited to share major updates to the Malware protection capabilities of Microsoft Defender for Endpoint on Android. These new capabilities form a major component of…
541 views
ISACARuSec
Forwarded from Пост Лукацкого
Коллективный труд коллег, попробовавших предложить свои варианты исполнения мер ГОСТ 57580.1
231 views
ISACARuSec
Forwarded from Egor
База_знаний_ГОСТ_57580+21+239_пр_ФСТЭК_в1.xlsx
172.7 KB
Коллеги, публикуем первую версию нашей работы.
https://news.1rj.ru/str/+SL0MndaPu8S2C6fT - здесь принимаются замечания и предложения для следующей.
239 views
ISACARuSec
https://csrc.nist.gov/publications/detail/sp/800-82/rev-3/draft
CSRC | NIST
NIST Special Publication (SP) 800-82 Rev. 3 (Withdrawn), Guide to Operational Technology (OT) Security
This document provides guidance on how to secure operational technology (OT), while addressing their unique performance, reliability, and safety requirements. OT encompasses a broad range of programmable systems and devices that interact with the physical…
👍1
517 views
ISACARuSec
https://www.zdnet.com/article/ransomware-attacks-are-hitting-universities-hard-and-they-are-feeling-the-pressure/
ZDNET
Ransomware attacks are hitting universities hard, and they are feeling the pressure
Cyber criminals are targeting universities with ransomware attacks that are costing millions of pounds, while IT departments are feeling overstretched.
👍2
514 views
ISACARuSec
NCCoE Virtual Workshop on Exploring Solutions for the Cybersecurity of Genomic Data
Wednesday, May 18–Thursday, May 19, 2022 1:00–3:30pm


https://www.nccoe.nist.gov/get-involved/attend-events/nccoe-virtual-workshop-exploring-solutions-cybersecurity-genomic-data
468 viewsedited  
ISACARuSec
Forwarded from k8s (in)security (Дмитрий Евдокимов)
Недавно один мой товарищ спросил: а как посмотреть все встроенные Kubernetes Roles (те, что используются в RBAC)?

И я задумался как же действительно встроенные/стандартные Roles попадают в кластер и решил разобраться с этим вопросом. В итоге, все они вшиты в код (вот так это выглядит для версии 1.24) и никаких отдельно, лежащих или встроенных YAML!

Можно посравнивать файл "plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go" из разных версий и обнаружить что, от версии к версии он периодически претерпевает изменения, так что встроенные Roles не статичны, а порой изменяются.
297 views
ISACARuSec
https://www.rfc-editor.org/rfc/rfc9116
www.rfc-editor.org
RFC 9116: A File Format to Aid in Security Vulnerability Disclosure
When security vulnerabilities are discovered by
researchers, proper reporting channels are often lacking. As a result,
vulnerabilities may be left unreported. This document defines a machine-parsable format
("security.txt") to help organizations describe…
474 views
ISACARuSec
https://www.bleepingcomputer.com/news/security/cybersecurity-agencies-reveal-top-exploited-vulnerabilities-of-2021/
BleepingComputer
Cybersecurity agencies reveal top exploited vulnerabilities of 2021
In partnership with the NSA and the FBI, cybersecurity authorities worldwide have released today a list of the top 15 vulnerabilities routinely exploited by threat actors during 2021.
483 views
ISACARuSec
Webinar

Cybersecurity for the Liquefied Natural Gas Industry: A Cybersecurity Framework Profile
Tuesday, May 24, 2022 3:00–3:45pm


https://www.nccoe.nist.gov/get-involved/attend-events/cybersecurity-liquefied-natural-gas-industry-cybersecurity-framework
👍1
487 viewsedited  
ISACARuSec
The CISM exam is getting an update. The CISM Exam Content Outline will be updated 1 June 2022. You can still take the current CISM exam based on the current content outline until the changeover. Both CISM Exam Content Outlines are provided below.

https://www.isaca.org/credentialing/cism
ISACA
CISM® Certification | Certified Information Security Manager®
ISACA's Certified Information Security Manager (CISM) is the standard achievement certification for expert knowledge and experience in IS/IT security and control.
👍1
493 views
ISACARuSec
https://www.enisa.europa.eu/events/enisa-etsi-joint-workshop-on-remote-identity-proofing
ENISA
ENISA-ETSI Joint Workshop on Remote Identity Proofing
Workshop on the latest experiences and likely future directions in remote identity proofing.
👍1
512 views
ISACARuSec
https://cloud.withgoogle.com/cloudsecurity/podcast/ep62-protect-modern-applications-in-the-cloud-union-of-apis-and-application-security/
Withgoogle
EP62 Protect Modern Applications in the Cloud: Union of API and Application Security
The Cloud Security Podcast from Google is a weekly news and interview show with insights from the cloud security community.
532 views
ISACARuSec
https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2022/twenty-ways-information-security-has-changed-for-the-better-in-the-past-20-years
ISACA
Working from Home with Remote Video Technology
Working from home has gone from being a luxury to a necessity because of the COVID-19 pandemic. Usually, we talk about disrupting technology, but this time, we have an external non-controllable factor that is causing the disruption.
👍1
561 views
ISACARuSec
https://medium.com/anton-on-security/20-years-of-siem-webinar-q-a-167859f407d4
Medium
20 Years of SIEM Webinar Q&A
I recently did this fun SANS webinar noscriptd “Anton Chuvakin Discusses “20 Years of SIEM — What’s Next?”” (the seemingly self-centered…
👍1
532 views
ISACARuSec
https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-april-2022
Google Cloud Blog
Cloud CISO Perspectives: April 2022 | Google Cloud Blog
Google Cloud CISO Phil Venables shares his thoughts on the latest security updates from the Google Cybersecurity Action Team.
👍2
630 views
ISACARuSec
Forwarded from Пост Лукацкого
This media is not supported in your browser
VIEW IN TELEGRAM
Второй ролик английской ФСТЭК по стратегии выбора паролей, базирующейся на выборе трех случайных слов
👍4
328 views