ISACARuSec – Telegram
ISACARuSec
@IsacaRuSec
2.27K subscribers
1.75K photos
13 videos
300 files
5.61K links
Канал направления ИБ Московского отделения ISACA

Направление канала новости ISACA, новости в области управления ИБ в России и мире, обмен лучшими практиками.

https://engage.isaca.org/moscow/home

Связь с администрацией
@popepiusXIII
Download Telegram
About
Blog
Apps
Platform
Join
ISACARuSec
2.27K subscribers
ISACARuSec
https://www.bleepingcomputer.com/news/security/in-house-vs-external-pen-testing-which-is-right-for-your-organization/
BleepingComputer
In-House vs. External Pen Testing: Which is Right For Your Organization?
Regular penetration testing is an important step in developing secure web applications. Outpost24 PTaaS solution is an on-demand, pay-as-you-go service that provides access to specialist external pen testers and tools that work as extensions of your in-house…
516 views
ISACARuSec
NIST is announcing the initial public drafts of NIST SP 800-157r1 (Revision 1), Guidelines for Derived Personal Identity Verification (PIV) Credentials, and NIST SP 800-217, Guidelines for Personal Identity Verification (PIV) Federation. These two SPs complement Federal Information Processing Standard (FIPS) 201-3, which defines the requirements and characteristics of government-wide interoperable identity credentials used by federal employees and contractors.

https://csrc.nist.gov/publications/detail/sp/800-157/rev-1/draft

https://csrc.nist.gov/publications/detail/sp/800-217/draft
CSRC | NIST
NIST Special Publication (SP) 800-157 Rev. 1 (Draft), Guidelines for Derived Personal Identity Verification (PIV) Credentials
This recommendation provides technical guidelines for the implementation of standards-based, secure, reliable credentials that are issued by federal departments and agencies to individuals who possess and prove control of their valid PIV Card. These credentials…
517 views
ISACARuSec
Forwarded from Пост Лукацкого
Всемирный экономический форум выпустил свой новый ежегодный отчет по глобальным рискам. Киберпреступность и атаки на КИИ присутствуют, но их значение чуть снизилось по сравнению с предыдущими годами. Хотя надо признать, ВЭФ регулярно меняет методику оценки, так что тут скорее важно, попал риск в десятку или нет. А кибербезопасность будет важной, по оценкам, на десятилетнем горизонте точно.

В конце отчета есть результаты опроса 121 страны, которые оценивали Топ5 рисков именно для себя, - России в списке нет :-(
301 views
ISACARuSec
Forwarded from Пост Лукацкого
WEF_Global_Risks_Report_2023.pdf
21.5 MB
329 views
ISACARuSec
https://blog.aquasec.com/slsa-or-cis-software-supply-chain-security-guidelines
Aquasec
Should You Use SLSA or CIS Software Supply Chain Security Guidelines?
With SSC attacks rising and Executive Order 14028 in effect, Aqua compares SLSA vs CIS to help guide you in fortifying your supply chain security framework
672 views
ISACARuSec
https://www.nextron-systems.com/2023/01/13/antivirus-event-analysis-cheat-sheet-v1-11-0/

Как интерпретировать сработки от антивируса.
Nextron-Systems
Antivirus Event Analysis Cheat Sheet v1.11.0 - Nextron Systems
541 viewsedited  
ISACARuSec
Красивый дашборд который крайне не просто составлять.
👍1
507 views
ISACARuSec
Forwarded from Пост Лукацкого
Не надо развивать свой бренд "торговца катастрофами", который приходит (или которого вызывают на ковер) к руководству только когда произошел критический инцидент. Регулярно информируйте его о рисках/угрозах/недопустимых событиях, сценариях их реализации и потенциальных последствиях от их реализации.
315 views
ISACARuSec
https://blog.aquasec.com/cloud-security-trends-for-2023-part-two
Aquasec
Cloud Security Trends for 2023 Part Two
With the start of 2023, Aqua's senior management team discusses some of the market changes they anticipate in Part Two of our cloud security trends outlook blog
👍1
549 views
ISACARuSec
Forwarded from ZLONOV security
Чаты и каналы Telegram по информационной безопасности 2023: https://zlonov.ru/telegram-security-list-2023/
266 views
ISACARuSec
Forwarded from Пост Лукацкого
К Всемирному экономическому форуму был подготовлен не только отчет о глобальных рисков (см.👆), но и отчет по кибербезопасности, в котором руководители бизнеса и руководители ИБ делились своим видением влияния ИБ на бизнес и геополитику. Отчет достаточно высокоуровневый, но есть интересные моменты, которые меня зацепили и о которых я напишу дальше.
254 views
ISACARuSec
Forwarded from Пост Лукацкого
WEF_Global_Security_Outlook_Report_2023.pdf
4.3 MB
244 views
ISACARuSec
Forwarded from Записки админа
Уязвимость в sudoedit, которая позволяет обычному пользователю в системе получить доступ к редактированию не принадлежащих ему файлов, что может быть использовано для повышения привилегий.

https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf

#security #sudo
359 views
ISACARuSec
The NIST Cybersecurity Framework (CSF) helps organizations better understand, manage, reduce, and communicate cybersecurity risks. NIST is updating the CSF to keep pace with the evolving cybersecurity landscape.

The CSF 2.0 Concept Paper released today outlines more significant potential changes in the CSF. It is informed by extensive feedback in response to the NIST Cybersecurity Request for Information and the first workshop on CSF 2.0. NIST is publishing this concept paper to gain additional input before issuing a draft CSF 2.0 this Summer.

https://www.nist.gov/system/files/documents/2023/01/18/CSF_2.0_Concept_Paper_01-18-23.pdf
627 viewsedited  
ISACARuSec
https://www.nccoe.nist.gov/projects/trusted-iot-device-network-layer-onboarding-and-lifecycle-management
NCCoE
Trusted IoT Device Network-Layer Onboarding and Lifecycle Management | NCCoE
Project AbstractProvisioning network credentials to IoT devices in an untrusted manner leaves networks vulnerable to having unauthorized IoT devices connect to them. It also leaves IoT devices vulnerable to being taken over by unauthorized networks. Instead…
567 views
ISACARuSec
https://about.gitlab.com/releases/2023/01/17/critical-security-release-gitlab-15-7-5-released/
GitLab
GitLab Critical Security Release: 15.7.5, 15.6.6, and 15.5.9
Learn more about GitLab Critical Security Release: 15.7.5, 15.6.6, and 15.5.9 for GitLab Community Edition (CE) and Enterprise Edition (EE).
621 views
ISACARuSec
https://www.sentinelone.com/blog/7-ways-threat-actors-deliver-macos-malware-in-the-enterprise/
SentinelOne
7 Ways Threat Actors Deliver macOS Malware in the Enterprise
Stay ahead of the game with our review on macOS malware threats. Learn about the top techniques used by threat actors to deliver malware and how to build more resilient defenses.
543 views
ISACARuSec
https://www.enisa.europa.eu/news/cybersecurity-awareness-raising-peek-into-the-enisa-do-it-yourself-toolbox
ENISA
Cybersecurity Awareness Raising: Peek Into the ENISA-Do-It-Yourself Toolbox
The European Union Agency for Cybersecurity (ENISA) launches today the “Awareness Raising in a Box (AR-in-a-BOX)” package designed to help organisations build their own awareness raising programmes.
630 views
ISACARuSec
594 views
ISACARuSec
688 views