Если у вас есть разработка на Пайтоне первый доклад обещает быть интересным.

PiterPy 2023 meetup #1 — бесплатный онлайн-митап PiterPy x Zeen

Митап пройдет на сайте — 13 июля в 18:00.

В программе:

Алексей Морозов — Экзотические уязвимости в питонячем стеке

Алексей рассмотрит интересные уязвимости и баги, которые встречаются в архитектуре приложений на языке Python. В докладе будут представлены уязвимости бизнес-логики, кастомизация типов, гонок, шаблонизаторов, библиотек и многое другое.

Олег Пригода — Как сделать удобный инструмент для тестирования операционной системы

Олег расскажет, как в его команде написали обвязку для pytest и теперь прогоняют разные типы тестов для разных продуктов — от разных команд на разном железе в требованиях SDL.

Михаил Лукин — Введение в GPGPU для программистов на Python

Михаил расскажет о применении вычислений на видеокартах в проектах на Python для инженерных и научных задач на примере определения физико-химических характеристик образца в приложенном магнитном поле. Узнаем о том, с какими проблемами они столкнулись при использовании стандартных библиотек и как их решили.

Вы сможете задать вопросы спикерам и подискутировать с другими участниками. Авторы лучших вопросов получат призы.

Участие бесплатное. Регистрация по ссылке.

Добавляйте событие в календарь, чтобы ничего не пропустить.

А сразу после митапа мы проведем День открытых дверей с членами ПК PiterPy. Если вы задумываетесь о выступлении на конференции, приглашаем познакомиться лично и узнать, как проходит подготовка спикеров.

Приходите с черновиком доклада, примерными тезисами или просто идеей выступления. Тему можно выбрать на сайте PiterPy или предложить свою. Выбирайте свободный слот 13 июля в календаре и регистрируйтесь. Члены Программного комитета пообщаются с каждым индивидуально. Время на одного участника — 20 минут.

Когда? 13 июля с 20:00 до 21:00 по Москве

Где? На платформе митапа

Подробности уточняйте у координатора Марии Аликиной в Telegram или на почте — maria.alikina@jugru.org

Второе издание мнения Гугл по перспективам кибербезопасности для членов Правления.

https://inthecloud.withgoogle.com/perspectives-on-security-for-the-board-2/download.html

https://www.forbes.com/sites/emmylucas/2023/07/13/google-cloud-ciso-phil-venables-on-cybersecurity-cloud-adoption-and-the-boardroom/

"Read the second edition of Perspectives on Security for the Board, published by Google Cloud’s Office of the CISO to learn more about our latest insights:

How the board’s role and responsibilities in cloud security and adoption are changing
What steps boards can take to navigate the evolving threat landscape. See examples of recent real-world vulnerability incidents and how Mandiant (now a part of Google Cloud) addressed them.
Learn more about our actionable, AI security framework that boards can use to help ensure their organizations use AI in a responsible way."

"We hope this report helps Boards of Directors by providing them
with information and insights they need to make informed decisions about cloud, artificial intelligence, and
overall security posture. To help address this challenge, Boards should continue to leverage the three principles
for effective risk oversight: 1) get educated; 2) be engaged; and 3) stay informed. This approach — coupled with
a strong relationship with the CISO and technology, business, and compliance stakeholders — will help foster
greater transparency and collaboration between Boards and company leaders."

Средняя российская компания теряет из-за хакеров 20 млн руб. в год, и ущерб постоянно растет

https://safe.cnews.ru/news/top/2023-07-14_rossijskie_kompanii_teryayut

Стали доступны видео с AppSecCon 2023

Commerce launches EU-US data privacy framework certification website | FedScoop
https://fedscoop.com/eu-us-data-privacy-framework/

"
The US Department of Commerce has launched a website that allows US organizations to certify their participation with the newly-adopted EU-US Data Privacy Framework. US organizations that transfer data between the EU and the US must certify participation by October 10, 2023. The website also allows US companies to certify compliance with the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework.
"

https://circle.cloudsecurityalliance.org/discussion/nist-nccoe-open-for-public-comment-preliminary-draft-practice-guide-vol-b-c-from-the-zta-team

"The Zero Trust Architecture (ZTA) team at NIST’s National Cybersecurity Center of Excellence (NCCoE) has published the third version of volumes B-C of a preliminary draft practice guide noscriptd “Implementing a Zero Trust Architecture” and is seeking the public’s comments on their contents."

Отличная инициатива от одной из наиболее зрелых ИБ компании России
https://cloud.yandex.ru/blog/posts/2023/07/security-podcast

https://csrc.nist.gov/pubs/sp/800/219/r1/final
"NIST has released the final version of Special Publication (SP) 800-219 Revision 1, Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP). It provides resources that system administrators, security professionals, security policy authors, information security officers, and auditors can leverage to secure and assess macOS desktop and laptop system security in an automated way.

This publication introduces the mSCP, describes use cases for leveraging the mSCP content, and introduces a new feature of the mSCP that allows organizations to customize security rules more easily. The publication also gives an overview of the resources available on the project’s GitHub site, which provides practical, actionable recommendations in the form of secure baselines and associated rules and is continuously updated to support each new release of macOS."

https://arxiv.org/abs/2306.14281

Исследование по рискам для беспилотников и их сетей.

"Thanks to the rapidly developing technology, unmanned aerial vehicles (UAVs) are able to complete a number of tasks in cooperation with each other without need for human intervention. In recent years, UAVs, which are widely utilized in military missions, have begun to be deployed in civilian applications and mostly for commercial purposes. With their growing numbers and range of applications, UAVs are becoming more and more popular; on the other hand, they are also the target of various threats which can exploit various vulnerabilities of UAV systems in order to cause destructive effects. It is therefore critical that security is ensured for UAVs and the networks that provide communication between UAVs. In this survey, we aimed to present a comprehensive detailed approach to security by classifying possible attacks against UAVs and flying ad hoc networks (FANETs). We classified the security threats into four major categories that make up the basic structure of UAVs; hardware attacks, software attacks, sensor attacks, and communication attacks. In addition, countermeasures against these attacks are presented in separate groups as prevention and detection. In particular, we focus on the security of FANETs, which face significant security challenges due to their characteristics and are also vulnerable to insider attacks. Therefore, this survey presents a review of the security fundamentals for FANETs, and also four different routing attacks against FANETs are simulated with realistic parameters and then analyzed. Finally, limitations and open issues are also discussed to direct future work "

https://edpb.europa.eu/news/news/2023/edpb-informs-stakeholders-about-implications-dpf-and-adopts-statement-first-review_en
"EDPB informs stakeholders about the implications of the DPF and adopts a statement on the first review of the Japan adequacy decision"

https://www.techrepublic.com/article/europol-internet-organised-crime-threat-assessment/

"Remote Desktop Protocol brute-forcing and VPN vulnerability exploitation are the most common intrusion tactics used by cybercriminals, according to Europol. Phishing kits have also become increasingly available for cybercriminals, regardless of their level of organization and technical expertise."