Auto Theift issue Attention Kia & Hyundai Owners

 Attention Kia & Hyundai Owners

Criminals are using a vulnerability to bypass some car ignitions using a USB cable. Both Kia & Hyundai have upgraded their security software to combat this issue. The updates are free. Please contact Kia or Hyundai to schedule an appointment

 

NIST has extended the deadlines to submit comments

 There’s Now Extra Time to Comment…Please Share Your Feedback on our Three NIST Identity Guidance Items!

NIST has extended the deadlines to submit comments to drafts of three key pieces of guidance related to digital identity:

1. Digital Identity Guidelines (NIST SP 800-63-4) | Extended until April 14, 2023 NIST SP 800-63 intends to respond to the changing digital landscape that has emerged since the last major revision of this suite was published in 2017—including the real-world implications of online risks. The guidelines present the process and technical requirements for meeting digital identity management assurance levels for identity proofing, authentication, and federation, including requirements for security and privacy as well as considerations for fostering equity and the usability of digital identity solutions and technology.
2. Guidelines for Derived Personal Identity Verification (PIV) Credentials (NIST SP 800-157r1) | Extended until April 21, 2023 NIST SP 800-157 has been revised to feature an expanded set of derived PIV credentials to include public key infrastructure (PKI) and non-PKI-based phishing-resistant multi-factor authenticators.
3. Guidelines for Personal Identity Verification (PIV) Federation (NIST SP 800-217) | Extended until April 21, 2023 NIST SP 800-217 details technical requirements on the use of federated PIV identity and the interagency use of assertions to implement PIV federations backed by PIV identity accounts and PIV credentials.

Read More

You’re invited to attend Microsoft Secure

You are invited to attend a new security digital event – Microsoft Secure on March 28, 2023 8:30AM - 2:30PM Pacific Time (UTC-08:00). Registration is now open. Register now Why join Microsoft Secure? If you attended last year's Microsoft Security Summit, Microsoft Secure is even bigger and better.By joining our very first Microsoft Secure, you’ll:  Hear exciting product announcements and demos to help you protect more with less. Gain insights from experts, including Brad Smith, Charlie Bell, Joy Chik, and many more. Get actionable steps from breakout sessions on extended detection and response (XDR), multicloud security, cloud-managed endpoints, Zero Trust, built-in security configurations and more. Connect with your peers and have your product and strategy questions answered by Microsoft experts in a live chat Q&A. Register now to catch our upcoming announcements. Be sure to follow Microsoft Security on LinkedIn, Twitter, and our Blog for the latest news and event information.

Plan your day at Microsoft Secure

 Plan your day at Microsoft Secure

Start your day with a keynote from Charlie Bell, Executive Vice President, Microsoft Security, and Vasu Jakkal, Corporate Vice President, Security, Compliance & Identity on what an AI-powered future means for cybersecurity. Stay tuned shortly after for more product announcements across security, compliance and identity.

Sessions will continue on topics including:

• How do executive leaders make big security bets for their businesses?: A discussion with CISOs from industry leading organizations.
• How XDR defends against ransomware across the entire kill chain: A deep dive into our eXtended Detection and Response (XDR) solution
• Balancing privacy and security in the cloud: A breakout session on privacy’s crucial role in maintaining trust

Plus, our team will provide real-time answers to your most pressing questions in chat throughout the day. Click here to save sessions to your schedule and plan your day.

Check out what’s coming up at Microsoft Secure

Brad Smith, Vice Chair and President	View highlighted sessions
Brad Smith joins Vasu Jakkal to discuss geopolitics, the threat landscape, corporate responsibility and investment in the international security community.	Curious about our content across breakouts, roundtables and on-demand? Read our latest blog on Microsoft Security to see highlighted sessions and presenters.
Save Brad’s session	Learn more

Ways to engage now

Session schedule is now live	New! Microsoft Intune Suite	Narrow your focus with themes
Save sessions you’re interested in to your backpack and build your own schedule for Microsoft Secure.	On March 1, we launched a unified solution, Microsoft Intune Suite. Learn more during the Microsoft Intune session at Microsoft Secure. But view the latest now.	Microsoft Secure presents dozens of thought-provoking and practical sessions over four themes.
Discover sessions	Visit the launch	Check the latest

New Microsoft Feature: What are Azure Active Directory recommendations.

Keeping track of all the settings and resources in your tenant can be overwhelming. The Azure Active Directory (Azure AD) recommendations feature helps monitor the status of your tenant so you don't have to. The Azure AD recommendations feature helps ensure your tenant is in a secure and healthy state while also helping you maximize the value of the features available in Azure AD.

The Azure AD recommendations feature provides you with personalized insights with actionable guidance to:

• Help you identify opportunities to implement best practices for Azure AD-related features.
• Improve the state of your Azure AD tenant.
• Optimize the configurations for your scenarios.

This article gives you an overview of how you can use Azure AD recommendations. As an administrator, you should review your tenant's Azure AD recommendations, and their associated resources periodically.

This article gives you an overview of how you can use Azure AD recommendations. As an administrator, you should review your tenant's Azure AD recommendations, and their associated resources periodically

Read more here 

Free ebook From Microsoft Help build a hybrid work culture of safeguarding company data

 In today’s increasingly hybrid workplace, having a strong data protection and security program requires a more comprehensive approach than implementing individual technologies. The e-book Keeping Your Data Secure in a Hybrid Work Environment discusses how considering all factors—including the people, processes, means of communication, and technologies—helps you create the strongest strategy to keep pace with evolving business and security trends. The e-book also covers:

·        How organization-wide collaboration is essential for streamlining processes and helping secure data.

·        Why insider threats, both intentional and unintentional, remain the leading cause of data breaches for organizations of all sizes.

Why you should delegate some responsibility for more powerful data protection to your cloud vendor.

Read the e-book >

macOS Configuration Guidance from the mSCP: Draft NIST SP 800-219r1 Available for Comment

 macOS Configuration Guidance from the mSCP: Draft NIST SP 800-219r1 Available for Comment

NIST requests comments on the initial public draft of Special Publication (SP) 800-219r1, Automated Secure Configuration Guidance from the macOS Security Compliance Project (mSCP). It provides resources that system administrators, security professionals, security policy authors, information security officers, and auditors can leverage to secure and assess macOS desktop and laptop system security in an automated way.

This publication introduces the mSCP, describes use cases for leveraging the mSCP content, and introduces a new feature of the mSCP that allows organizations to customize security rules more easily. The draft also gives an overview of the resources available on the project’s GitHub site, which provides practical, actionable recommendations in the form of secure baselines and associated rules and is continuously updated to support each new release of macOS.

The public comment period is open through April 27, 2023. See the publication details for a copy of the draft and instructions for submitting comments.

NOTE: A call for patent claims is included on page ii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Read More

What is cross-tenant synchronization?

 Microsoft is announcing the public preview for cross-tenant synchronization! Now you can easily synchronize users across tenants in an organization and streamline access to applications like never before.

Go here for more details

Decision to Revise FIPS 180-4, Secure Hash Standard

In June 2022, NIST’s Crypto Publication Review Board initiated a review process for Federal Information Processing Standard (FIPS) 180-4, Secure Hash Standard (SHS), and received public comments. In December 2022, the board proposed revising FIPS 180-4 and received no additional comments on that proposed decision. NIST has decided to revise FIPS 180-4 and will revise the text to: 

1. Remove the SHA-1 specification; 

2. Add any guidance from NIST Special Publication (SP) 800-107, Recommendation for Applications Using Approved Hash Algorithms, that belongs in this document; 

3. Improve the standard’s editorial quality; and

4. Update its references. See the SHA-1 transition announcement. The effort to develop the revised standard has not yet begun but will follow the typical process of releasing an initial draft for public comment. Monitor progress on CSRC News and CSRC Publications and by subscribing to email updates. 

 To read more go Here

E-book: Making Hybrid Work Work with Microsoft 365

Limited resources can make it difficult to prioritize solutions that help dispersed teams work and collaborate effectively. But streamlining your organization’s digital landscape with fewer, more efficient applications helps make a successful hybrid workplace possible—improving productivity, collaboration, security, and IT management. In this e-book, discover what leaders are saying about the challenges of hybrid work and get tangible ways to overcome them. Learn why: ·        Cloud applications are helping teams boost efficiency—and why too many apps may have a negative impact on productivity. ·        Relationship building from a digital-first perspective helps foster a culture of collaboration. ·        Adopting a Zero Trust strategy establishes a strong foundation for security while reducing overall costs. ·        The right digital tools help simplify IT management and optimize your team’s time and resources. To get the book go here

 

Adding IPv6 support to Azure Active Directory - March 7

Adding IPv6 support to Azure Active Directory

 

We're excited to bring IPv6 support to Azure Active Directory (Azure AD) to support customers with increased mobility and help reduce spending on fast-depleting expensive IPv4 addresses. The meeting is targeted to all IT Professionals.

 Agenda:

• Why are we introducing IPv6?
• Rollout plan
• What is the impact?
• Steps to take before the enablement.

 Speakers:

Kunal Ghosh, Senior Product Manager, Identity CxP

Lisa Huang-North, Senior Product Manager, Identity CxP

Gautam Anand, Senior Product Manager, Identity CxP

 

Go here to register