Share a Free Entry-Level CybersecurityCertification Exam Voucher
Share the Link: www.isc2.org/Voucher-Offer
Share the Code: CYBERSTART
Limited so act fast
(ISC)² has begun the exciting process of exploring the creation of a new certification. To fill the cybersecurity workforce gap, we need to address the workforce shortage facing the industry, especially among entry- and junior-level positions. A foundational cybersecurity certification will help (ISC)² build a pathway to a rewarding career in cybersecurity for many around the world.
There are five domains to this certification, listed below. For further details, visit the Exam Outline.
The pilot exam administration period will begin Jan. 31, 2022. Registration for the pilot exam is now open with appointments currently available until May 31, 2022. Please note that the pilot exam administration period may be shortened or extended depending on the number or participants taking the exam. We recommend that any interested candidates schedule their exam as early as possible. Any unused vouchers or undelivered exams that are a part of this pilot will be converted to the regular certification program when it becomes available.
All standard (ISC)² exam policies and practices, including rescheduling and special accommodations, also apply to the pilot exam program. Learn more here. For questions, please contact ExamAdministration@isc2.org
To learn more go here
This article provides a deployment plan for building Zero Trust security with Microsoft 365. Zero Trust is a new security model that assumes breach and verifies each request as though it originated from an uncontrolled network. Regardless of where the request originates or what resource it accesses, the Zero Trust model teaches us to "never trust, always verify."
A Zero Trust approach extends throughout the entire digital estate and serves as an integrated security philosophy and end-to-end strategy.
This illustration provides a representation of the primary elements that contribute to Zero Trust.
In the illustration:
For more information about Zero Trust, see Microsoft's Zero Trust Guidance Center.
Microsoft 365 is built intentionally with many security and information protection capabilities to help you build Zero Trust into your environment. Many of the capabilities can be extended to protect access to other SaaS apps your organization uses and the data within these apps.
This illustration represents the work of deploying Zero Trust capabilities. This work is broken into units of work that can be configured together, starting from the bottom and working to the top to ensure that prerequisite work is complete.
In this illustration:
Introduction Cyclops Blink is a malicious Linux ELF executable, compiled for the 32-bit PowerPC (big-endian) architecture. NCSC, FBI, CISA, NSA and industry analysis has associated it with a large-scale botnet targeting Small Office/Home Office (SOHO) network devices. This botnet has been active since at least June 2019, affecting WatchGuard Firebox and possibly other SOHO network devices. This report covers the analysis of two samples recently acquired by the FBI from WatchGuard Firebox devices known to have been incorporated into the botnet.
Read the full repost here
Here is a great article form VMware
PALO ALTO, Calif. – As the most common cloud operating system, Linux is a core part of digital infrastructure and is quickly becoming an attacker’s ticket into a multi-cloud environment. Current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to attacks that target Linux-based workloads.
Today, VMware, Inc. (NYSE: VMW) released a threat report titled “Exposing Malware in Linux-based Multi-Cloud Environments.”(1) Key findings that detail how cybercriminals are using malware to target Linux-based operating systems include:
“Cybercriminals are dramatically expanding their scope and adding malware that targets Linux-based operating systems to their attack toolkit in order to maximize their impact with as little effort as possible,” said Giovanni Vigna, senior director of threat intelligence at VMware. “Rather than infecting an endpoint and then navigating to a higher value target, cybercriminals have discovered that compromising a single server can deliver the massive payoff and access they’re looking for. Attackers view both public and private clouds as high-value targets due to the access they provide to critical infrastructure services and confidential data. Unfortunately, current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to attacks on Linux-based operating systems.”
As malware targeting Linux-based operating systems increases in both volume and complexity amid a rapidly changing threat landscape, organizations must place a greater priority on threat detection. In this report, the VMware Threat Analysis Unit (TAU) analyzed the threats to Linux-based operating systems in multi-cloud environments: ransomware, cryptominers, and remote access tools.
Read the full article here
The Federal Bureau of Investigation (FBI) and the United States Secret Service (USSS) have released a joint Cybersecurity Advisory (CSA) identifying indicators of compromise associated with BlackByte ransomware. BlackByte is a Ransomware-as-a-Service group that encrypts files on compromised Windows host systems, including physical and virtual servers.
CISA encourages organizations to review the joint FBI-USSS CSA and apply the recommended mitigations.
The Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA), issued a joint Cybersecurity Advisory titled, “Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology.” Compromised entities have included cleared defense contractors (CDCs) supporting the U.S. Army, U.S. Air Force, U.S. Navy, U.S. Space Force, and Intelligence Community programs.
Over the last two years, both large and small CDCs and subcontractors supporting various defense industries have been observed being targeted for unclassified proprietary and export-controlled information such as weapons development, communications infrastructure, technological and scientific research, and other proprietary details. In the advisory, the three agencies outline the activities and tactics used by the Russian state-sponsored cyber actors that include:
The FBI, NSA, and CISA urge all critical infrastructure organizations and CDCs to investigate suspicious activity in their enterprise and cloud environments. Also, all organizations, with or without evidence of compromise, are encouraged to apply the mitigations listed in the advisory to reduce the risk of compromise by this threat actor. Some of the specific actions that can be taken to protect against this malicious activity include: enforce multifactor authentication, enforce strong, unique passwords, enable M365 Unified Audit Logs, and implement endpoint detection and response tools.
In addition to this latest advisory on Russian state-sponsored malicious cyber activity, we encourage all organizations to review our new Shields Up webpage to find recommended actions on protecting their most critical assets from these threat actors.
Cybersecurity and Infrastructure Security Agency
NIST requests comments on Draft Special Publication (SP) 800-219, Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP). It provides resources that system administrators, security professionals, security policy authors, information security officers, and auditors can leverage to secure and assess macOS desktop and laptop system security in an automated way. This publication introduces the mSCP, describes use cases for leveraging the mSCP content, and gives an overview of the resources available on the project’s GitHub site. The GitHub site provides practical, actionable recommendations in the form of secure baselines and associated rules, and it is continuously curated and updated to support each new release of macOS.
The public comment period is open through March 23, 2022. See the publication details for a copy of the draft and instructions for submitting comments.
A Microsoft Post
To help protect the United States from increasingly sophisticated cyber threats, the White House issued Executive Order (EO) 14028 on Improving the Nation’s Cybersecurity, which requires US Federal Government organizations to take action to strengthen national cybersecurity.1 Section 3 of EO 14028 specifically calls for federal agencies and their suppliers “to modernize [their] approach to cybersecurity” by accelerating the move to secure cloud services and implementing a Zero Trust architecture.
As a company that has embraced Zero Trust ourselves and supports thousands of organizations around the globe on their Zero Trust journey, Microsoft fully supports the shift to Zero Trust architectures that the Cybersecurity EO urgently calls for. We continue to partner closely with the National Institute of Standards and Technology (NIST) to develop implementation guidance by submitting position papers and contributing to communities of interest under the umbrella of the National Cybersecurity Center of Excellence (NCCoE).
The memo clearly describes the government’s strategic goals for Zero Trust security. It advises agencies to prioritize their highest value starting point based on the Zero Trust maturity model developed by the national Cybersecurity & Infrastructure Security Agency (CISA).
Microsoft’s position aligns with government guidelines. Our maturity model for Zero Trust emphasizes the architecture pillars of identities, endpoints, devices, networks, data, apps, and infrastructure, strengthened by end-to-end governance, visibility, analytics, and automation and orchestration.
To help organizations implement the strategies, tactics, and solutions required for a robust Zero Trust architecture, we have developed the following series of cybersecurity assets:
A blog by my colleague Sue Bohn, Guidance on using Azure AD to meet Zero Trust Architecture and MFA requirements, provides a great summary of how Azure AD can help organizations meet the requirements outlined in EO 14028. We recently announced two additional capabilities developed in response to customer feedback: cloud-native certificate-based authentication (CBA) and cross-tenant access settings for external collaboration.
Phishing remains one of the most common threats to organizations. It’s also one of the most critical to defend against. According to our own research, credential phishing was a key tactic used in many of the most damaging attacks in 2021. To help our customers adhere to NIST requirements and effectively counter phishing attacks, we announced the preview of Azure AD cloud-native CBA across our commercial and US Government clouds.
CBA enables customers to use X.509 certificates on their PCs or smart cards to authenticate applications using Azure AD natively. This eliminates the need for additional infrastructure such as Active Directory Federation Services (ADFS) and reduces the risk inherent in using on-premises identity platforms.
Cloud-native CBA demonstrates Microsoft’s commitment to the federal Zero Trust strategy. It helps our government customers implement the most prominent phishing-resistant MFA, certificate-based authentication, in the cloud so they can meet NIST requirements. Read the documentation on Azure AD certificate-based authentication to get started.
Our customers have told us they want more control over how external users access apps and resources. Earlier this month, we announced the preview of cross-tenant access settings for external collaboration.
This new capability enables organizations to control how internal users collaborate with external organizations that also use Azure AD. It provides granular inbound and outbound access control settings based on organization, user, group, or application. These settings also make it possible to trust security claims from external Azure AD organizations, including MFA and device claims (compliant claims and hybrid Azure AD joined claims). Consult the documentation on cross-tenant access with Azure AD External Identities to learn more.
We’re continuing to work on new capabilities to help government organizations meet Zero Trust security requirements:
Microsoft is committed to helping the public and private sectors with a comprehensive approach to security that’s end-to-end, best-in-breed, and AI-driven.
To advance your Zero Trust implementation, we offer the following:
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
CISA has compiled and published a list of free cybersecurity services and tools to help organizations reduce cybersecurity risk and strengthen resiliency. This non-exhaustive living repository includes services provided by CISA, widely used open source tools, and free tools and services offered by private and public sector organizations across the cybersecurity community. Before turning to the free offerings, CISA strongly recommends organizations take certain foundational measures to implement a strong cybersecurity program:
CISA encourages network defenders to take the measures above and consult the list of free cybersecurity services and tools to reduce the likelihood of a damaging cyber incident, detect malicious activity, respond to confirmed incidents, and strengthen resilience.
Original release date: February 18, 2022
CISA has released CISA
Insights: Preparing for and Mitigating Foreign Influence Operations Targeting
Critical Infrastructure, which provides proactive steps organizations can
take to assess and mitigate risks from information manipulation. Malicious
actors may use tactics—such as misinformation, disinformation, and
malinformation—to shape public opinion, undermine trust, and amplify division,
which can lead to impacts to critical functions and services across multiple
Current social factors—including heightened polarization and the ongoing global pandemic—increase the risk and potency of influence operations to U.S. critical infrastructure. CISA encourages leaders at all organizations to review the CISA Insights and follow the guidance to assess risk and increase resilience.