ISACARuSec – Telegram
ISACARuSec
@IsacaRuSec
2.27K subscribers
1.77K photos
13 videos
303 files
5.64K links
Канал направления ИБ Московского отделения ISACA

Направление канала новости ISACA, новости в области управления ИБ в России и мире, обмен лучшими практиками.

https://engage.isaca.org/moscow/home

Связь с администрацией
@popepiusXIII
Download Telegram
About
Blog
Apps
Platform
Join
ISACARuSec
2.27K subscribers
ISACARuSec
👍1
757 views
ISACARuSec
https://www.theregister.com/2024/08/03/darpa_c_to_rust/
The Register
DARPA suggests turning old C code automatically into Rust – using AI, of course
Who wants to make a TRACTOR pull request?
561 views
ISACARuSec
Forwarded from k8s (in)security (r0binak)
Совсем недавно компания RedHat выпустила 30-ти страничный отчёт "The state of Kubernetes security report 2024 edition". В нём довольно много цифр и статистики, но самое важное из этого:

- Обеспокоенность в мисконфигурациях продолжает снижаться из года в год. Тем не менее мисконфиги – это по прежнему одна из основных и частых проблем в безопасности Kubernetes кластеров (наши аудиты тому подтверждение)

- Уязвимостей с каждым годом становится только больше. Их нужно правильно триажить и приоритезировать

- Большинство респондентов ответило, что за последний год хотя бы раз сталкивались с инцидентами в рантайме

- Большая часть организаций признают ценность DevSecOps и способствуют сотрудничеству между DevOps и командами безопасности
👍1
455 views
ISACARuSec
https://www.whitehouse.gov/oncd/briefing-room/2024/08/09/fact-sheet-biden-harris-administration-releases-end-of-year-report-on-open-source-software-security-initiative-2/

"The White House has published a yearly summary report for its Open-Source Software Security Initiative (OS3I)."
The White House
Fact Sheet: Biden-⁠Harris Administration Releases Summary Report of 2023 RFI on Open Source-Software Security Initiative
August 9, 2024 Read the full report here Today, the White House Office of the National Cyber Director, in partnership with members of the Open-Source Software Security Initiative (OS3I), is publishing a summary report on the Request for Information (RFI):…
474 viewsedited  
ISACARuSec
https://therecord.media/un-cybercrime-treaty-passes-unanimous
therecord.media
UN cybercrime treaty passes in unanimous vote
The United Nations passed its first cybercrime treaty on Thursday in a unanimous vote supporting an agreement first put forward by Russia.
👍1
438 views
ISACARuSec
https://www.akamai.com/blog/security-research/2024/aug/2024-august-kubernetes-gitsync-command-injection-defcon
Akamai
Git-Syncing into Trouble: Exploring Command Injection Flaws in Kubernetes | Akamai
Akamai researcher Tomer Peled discovered a design flaw in Kubernetes’ sidecar project git-sync that allows for command injection.
438 views
ISACARuSec
Американский NIST финализировали первые 3 стандарта пост квантовой криптографии. Пока только для электронной подписи.

https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards
NIST
NIST Releases First 3 Finalized Post-Quantum Encryption Standards
NIST is encouraging computer system administrators to begin transitioning to the new standards as soon as possible
438 viewsedited  
ISACARuSec
https://github.com/aquasecurity/traceeshark
GitHub
GitHub - aquasecurity/traceeshark: Deep Linux runtime visibility meets Wireshark
Deep Linux runtime visibility meets Wireshark. Contribute to aquasecurity/traceeshark development by creating an account on GitHub.
778 views
ISACARuSec
https://news.sophos.com/en-us/2024/08/12/the-cybersecurity-kids-arent-all-right/
Sophos News
The cybersecurity kids aren’t all right
A new Sophos-commissioned survey finds burnout, fatigue, cynicism riding high in the workforce
475 views
ISACARuSec
https://csrc.nist.gov/pubs/ir/8532/ipd
CSRC | NIST
NIST Internal or Interagency Report (NISTIR) 8532 (Draft), Workshop on Enhancing Security of Devices and Components Across the…
NIST hosted an in-person, all-day workshop on February 27, 2024, to discuss existing and emerging cybersecurity threats and mitigation techniques for semiconductors throughout their life cycle. The workshop obtained valuable feedback from industry, academia…
490 views
ISACARuSec
462 views
ISACARuSec
https://www.ncsc.gov.uk/blog-post/building-a-nation-scale-evidence-base-for-cyber-deception
www.ncsc.gov.uk
Building a nation-scale evidence base for cyber deception
The NCSC is inviting UK organisations to contribute evidence of cyber deception use cases and efficacy to support our long-term research goals.
394 views
ISACARuSec
Ссылка на немецком.

"Germany's cybersecurity agency wants to introduce a cybersecurity labeling scheme for smartphones and mobile devices. The label would be designed to provide easy-to-understand information about a mobile device's security features. The smartphone labeling scheme would follow a similar scheme German authorities have set up for routers and IoT devices."

https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2024/240814_IT-SiK_Mobile-Endgeraete.html
Bundesamt für Sicherheit in der Informationstechnik
BSI veröffentlicht IT-Sicherheitskennzeichen für mobile Endgeräte
Sicherheit wird noch sichtbarer: Mit der TR-03180 A stellt das BSI konkrete Vorgaben für Hersteller zur Verfügung, die ein IT-Sicherheitskennzeichen beantragen wollen.
450 views
ISACARuSec
Хороший отчет для обоснования бюджета и оценки экономической эффективности средств ИБ через риск от угроз.

https://www.cyberresilience.com/threat-actors-exploit-cybersecurity-gaps-from-ma-and-software-consolidation-resilience-finds/
Resilience
Threat actors exploit cybersecurity gaps from M&A and software consolidation, Resilience finds - Resilience
SAN FRANCISCO, CA – August 13, 2024 – Threat actors evolved their tactics in 2024 to take advantage of business and technology consolidation, the leading
520 views