ISACARuSec – Telegram
ISACARuSec
@IsacaRuSec
2.27K subscribers
1.77K photos
13 videos
303 files
5.64K links
Канал направления ИБ Московского отделения ISACA

Направление канала новости ISACA, новости в области управления ИБ в России и мире, обмен лучшими практиками.

https://engage.isaca.org/moscow/home

Связь с администрацией
@popepiusXIII
Download Telegram
About
Blog
Apps
Platform
Join
ISACARuSec
2.27K subscribers
ISACARuSec
Forwarded from Порвали два трояна
🔄 Безопасная настройка LibreOffice

Вместе с отказом от продуктов Microsoft в ИТ- и ИБ- службы поступает достаточно масштабная задача по созданию типовых конфигураций и политик для альтернативных продуктов — от Astra Linux до LibreOffice/OpenOffice. К счастью, при их разработке можно пользоваться существующими методическими рекомендациями. Мы проштудировали достаточно дельное руководство по безопасной настройке LibreOffice в корпоративной среде, выпущенное немецкой BSI и выделили в нём ключевые рекомендации, отличающиеся от стандартных настроек (они, к чести разработчиков, довольно безопасны по умолчанию).

Политику можно раскатать сразу на большие группы рабочих станций при помощи административных XML-файлов, и эта механика почти одинаково работает и на *nix, и на macOS, и на Windows, там, где вы его оставляете

Читать рекомендации.

#советы @П2Т
Please open Telegram to view this post
VIEW IN TELEGRAM
416 views
ISACARuSec
https://security.googleblog.com/2024/09/deploying-rust-in-existing-firmware.html
Googleblog
Deploying Rust in Existing Firmware Codebases
Posted by Ivan Lozano and Dominik Maier, Android Team Android's use of safe-by-design principles drives our adoption of memory-safe languag...
493 views
ISACARuSec
https://www.theregister.com/2024/09/03/white_house_bgp_security/
The Register
White House thinks it's time to fix the insecure glue of the internet: Yup, BGP
Better late than never
458 views
ISACARuSec
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/security-mitigation-for-the-common-log-filesystem-clfs/ba-p/4224041
TECHCOMMUNITY.MICROSOFT.COM
Security mitigation for the Common Log Filesystem (CLFS) | Microsoft Community Hub
Announcement of a security mitigation for a critical Windows component.
Figure 1: Local group policy editor
460 views
ISACARuSec
Forwarded from Патчкорд
Никому не доверять это дорого, настолько, что пришлось придумать новый протокол Roughtime, чтобы безопасно получать время для IoT устройств. Ведь уровень доверия NTP, в современном мире, нас не устраивает. Короткий рассказ одного из авторов на RIPE Labs и презентация.
IETF Datatracker
Roughtime
This document describes Roughtime—a protocol that aims to achieve two things: secure rough time synchronization even for clients without any idea of what time it is, and giving clients a format by which to report any inconsistencies they observe between time…
339 views
ISACARuSec
https://blog.pcisecuritystandards.org/new-information-supplement-pci-dss-scoping-and-segmentation-guidance-for-modern-network-architectures
blog.pcisecuritystandards.org
New Information Supplement: PCI DSS Scoping and Segmentation Guidance for Modern Network Architectures
The PCI Security Standards Council (PCI SSC) has published a new Information Supplement: PCI DSS Scoping and Segmentation Guidance for Modern Network Architectures. This document was produced by the 2023 Special Interest Group (SIG), the members of which…
506 views
ISACARuSec
👍2
563 views
ISACARuSec
https://csrc.nist.gov/pubs/ir/8459/final
CSRC | NIST
NIST Internal or Interagency Report (NISTIR) 8459, Report on the Block Cipher Modes of Operation in the NIST SP 800-38 Series
This report focuses on the NIST-recommended block cipher modes of operation specified in NIST Special Publications (SP) 800-38A through 800-38F. The goal is to provide a concise survey of relevant research results about the algorithms and their implementations.…
438 views
ISACARuSec
https://www.theregister.com/2024/09/05/white_house_cyber_jobs/
The Register
White House’s new fix for cyber job gaps: Serve the nation in infosec
Now do your patriotic duty and fill one of those 500k open roles, please?
420 views
ISACARuSec
https://csrc.nist.gov/pubs/ir/8425/a/final
CSRC | NIST
NIST Internal or Interagency Report (NISTIR) 8425A, Recommended Cybersecurity Requirements for Consumer-Grade Router Products
Ensuring the security of routers is crucial for safeguarding not only individuals’ data but also the integrity and availability of entire networks. With the increasing prevalence of smart home Internet of Things (IoT) devices and remote work setups, the significance…
424 views
ISACARuSec
421 views
ISACARuSec
Угрозы для think tanks. На французском.
https://www.cert.ssi.gouv.fr/cti/CERTFR-2024-CTI-008/
404 viewsedited  
ISACARuSec
https://www.nccgroup.com/us/global-cyber-policy-radar/
407 views
ISACARuSec
419 views
ISACARuSec
https://www.databarracks.com/news/over-a-third-of-cyber-attacks-result-in-job-losses
Databarracks
Over a third of cyber-attacks result in job losses
Databarracks’ Data Health Check – an annual survey of 500 UK IT decision makers - 37% reported that cyber-attacks resulted in dismissals.
423 views
ISACARuSec
Ландшафт угроз в Мексике
https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-targeting-mexico/
Google Cloud Blog
Insights on Cyber Threats Targeting Users and Enterprises in Mexico | Google Cloud Blog
Mexico faces a cyber threat landscape made up of a complex interplay of global and local threats.
453 views