https://www.ptsecurity.com/ru-ru/research/analytics/malware-behavior-and-distribution-channels/
"В данном исследовании мы выясним, какие типы ВПО чаще всего используются в кибератаках, а также по каким каналам злоумышленники доставляют вредоносы; проанализируем, как действуют вредоносные программы, и сопоставим эти действия с техниками MITRE ATT&CK; а также предложим меры, которые помогут защититься от атак с использованием ВПО."
"В данном исследовании мы выясним, какие типы ВПО чаще всего используются в кибератаках, а также по каким каналам злоумышленники доставляют вредоносы; проанализируем, как действуют вредоносные программы, и сопоставим эти действия с техниками MITRE ATT&CK; а также предложим меры, которые помогут защититься от атак с использованием ВПО."
ptsecurity.com
Аналитические статьи
👍1
https://www.ranthebuilder.cloud/post/unleashing-resilience-a-practical-guide-to-chaos-engineering-in-serverless-architectures
Как говорится буква Б обозначает безопасность в сокращении 😉.
Как говорится буква Б обозначает безопасность в сокращении 😉.
Ran The Builder
Unleashing Resilience: A Practical Guide to Chaos Engineering in Serverless Architectures
We'll explore chaos engineering in AWS serverless architecture, using AWS FIS for fault injection and providing example code.
https://www.securityinformed.com/news/identities-highest-priority-risk-area-organisation-co-11462-ga.1716979001.html
"Identities Are The Highest Priority Risk Area For An Organization’s Zero Trust Strategy, Finds Entrust Study"
"Identities Are The Highest Priority Risk Area For An Organization’s Zero Trust Strategy, Finds Entrust Study"
https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-linux-privilege-elevation-flaw/
"The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added two vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, including a Linux kernel privilege elevation flaw.
The high-severity flaw tracked as CVE-2024-1086 was first disclosed on January 31, 2024, as a use-after-free problem in the netfilter: nf_tables component, but was first introduced by a commit in February 2014."
"The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added two vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, including a Linux kernel privilege elevation flaw.
The high-severity flaw tracked as CVE-2024-1086 was first disclosed on January 31, 2024, as a use-after-free problem in the netfilter: nf_tables component, but was first introduced by a commit in February 2014."
Forwarded from k8s (in)security (Дмитрий Евдокимов)
1_Мерец,_Почему_защитой_k8s_должно_заниматься_целое_подразделение.pdf
1011.4 KB
"Почему защитой k8s должно заниматься целое подразделение?" – Артем Мерец, Tinkoff
Forwarded from Порвали два трояна
Продолжая систематическую работу по харденингу Windows (
Разработчикам рекомендовано заменить вызовы NTLM на вызовы Negotiate, которые по возможности проведут аутентификацию при помощи Kerberos, но при необходимости обратятся к NTLM в режиме совместимости. В большинстве приложений это требует отредактировать одну строчку — вызов AcquireCredentialsHandle.
Microsoft советует системным администраторам и ИБ-командам заблаговременно провести аудит инфраструктуры, чтобы понять масштаб и способы применения NTLM в инфраструктуре и своевременно перевести её на более современные методы аутентификации. Учитывая распространённость различных атак вроде pass the hash и NTLM relay, это решение очень давно назрело.
#новости #Microsoft #советы @П2Т
Please open Telegram to view this post
VIEW IN TELEGRAM
Docs
Microsoft Negotiate - Win32 apps
Microsoft Negotiate is a security support provider that acts as an application layer between Security Support Provider Interface and the other SSPs.
https://thehackernews.com/2024/06/sase-threat-report-8-key-findings-for.html
"Cato's Cyber Threat Research Lab (Cato CTRL, see more details below) has recently released its first SASE threat report, offering a comprehensive view of and insights into enterprise and network threats. This is based on Cato's capabilities to analyze networks extensively and granularly (see report sources below). ...
1. Enterprises are widely embracing AI#.
2.LLMs are being used to enhance existing tools like SQLMap. This makes them able to find and exploit vulnerabilities more efficiently.
Generating fake credentials and creating deep fakes are being offered as a service.
A malicious ChatGPT "startup" is recruiting professionals for development.
...
"
"Cato's Cyber Threat Research Lab (Cato CTRL, see more details below) has recently released its first SASE threat report, offering a comprehensive view of and insights into enterprise and network threats. This is based on Cato's capabilities to analyze networks extensively and granularly (see report sources below). ...
1. Enterprises are widely embracing AI#.
2.LLMs are being used to enhance existing tools like SQLMap. This makes them able to find and exploit vulnerabilities more efficiently.
Generating fake credentials and creating deep fakes are being offered as a service.
A malicious ChatGPT "startup" is recruiting professionals for development.
...
"
https://m.youtube.com/playlist?list=PLGeR6jS_7N7d0O9TKMDQwta-fZ_mN4ors
Talks from the Privacy Camp 2024 security conference, which took place this January
Talks from the Privacy Camp 2024 security conference, which took place this January
https://blog.pcisecuritystandards.org/just-published-pci-dss-v4-0-1
"To address stakeholder feedback and questions received since PCI DSS v4.0 was published in March 2022, the PCI Security Standards Council (PCI SSC) has published a limited revision to the standard, PCI DSS v4.0.1. It includes corrections to formatting and typographical errors and clarifies the focus and intent of some of the requirements and guidance. There are no additional or deleted requirements in this revision. "
"To address stakeholder feedback and questions received since PCI DSS v4.0 was published in March 2022, the PCI Security Standards Council (PCI SSC) has published a limited revision to the standard, PCI DSS v4.0.1. It includes corrections to formatting and typographical errors and clarifies the focus and intent of some of the requirements and guidance. There are no additional or deleted requirements in this revision. "
blog.pcisecuritystandards.org
Just Published: PCI DSS v4.0.1
To address stakeholder feedback and questions received since PCI DSS v4.0 was published in March 2022, the PCI Security Standards Council (PCI SSC) has published a limited revision to the standard, PCI DSS v4.0.1. It includes corrections to formatting and…
👍1