Month: June 2023

Explore core AI concepts at Azure Virtual Training Day: AI Fundamentals from Microsoft Learn. Join us for this free training event to learn how organizations use AI technology to solve real-world challenges and see how to build intelligent applications using Azure AI services. This training is suitable for anyone interested in AI solutions—including those in technical or business roles. You will have the opportunity to: Understand foundational AI concepts and real-world use cases. Get started using AI services on Azure and machine learning in Azure Machine Learning Studio. Identify common AI workloads and ways to use AI responsibly. Join us at an upcoming event: Wednesday, July 26, 2023 | 2:00 PM – 5:30 PM | (GMT-05:00) Eastern Time (US & Canada) Delivery Language: English Closed Captioning Language(s): English

REGISTER TODAY >

A vulnerability has been discovered VMware Aria Operations for Networks which could allow for remote code execution. VMware Aria Operations for Networks is a network monitoring tool that collects and analyzes metrics, APIs, configurations, metadata, integrations, telemetry netflow, sFlow, and IPFIX flow traffic, which traverses the infrastructure. Successful exploitation of this vulnerability could allow for remote code execution in the context of the administrator account. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.   Threat Intelligence Greynoise reports that proof-of-concept exploit code is publicly available for CVE-2023-20887 and that they have observed widespread exploitation of the vulnerability in the wild.   Systems Affected   VMware Aria Operations for Networks Versions 6.2 VMware Aria Operations for Networks Versions 6.3 VMware Aria Operations for Networks Versions 6.4 VMware Aria Operations for Networks Versions 6.5.1 VMware Aria Operations for Networks Versions 6.6 VMware Aria Operations for Networks Versions 6.7 VMware Aria Operations for Networks Versions 6.8 VMware Aria Operations for Networks Versions 6.9 VMware Aria Operations for Networks Versions 6.10   Risk Government: – Large and medium government entities: High – Small government entities: Medium   Businesses: – Large and medium business entities: High Small business entities: Medium   Home Users: Low   Technical Summary A vulnerability has been discovered VMware Aria Operations for Networks which could allow for remote code execution.   Recommendations   Apply appropriate updates provided by VMware to vulnerable systems immediately after appropriate testing. Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. Use two or more pieces of evidence to authenticate to a system; such as username and password in addition to a token from a physical smart card or token generator. Prevent access to file shares, remote access to systems, unnecessary services. Mechanisms to limit access may include use of network concentrators, RDP gateways, etc. Use intrusion detection signatures to block traffic at network boundaries. Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring.   References VMware: https://www.vmware.com/security/advisories/VMSA-2023-0012.html https://kb.vmware.com/s/article/92684   Greynoise: ​​​​​​https://www.greynoise.io/blog/observed-in-the-wild-new-tag-for-cve-2023-20887-vmware-aria-operations-for-networks   CVE: ​​​​https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20887

Create more business impact using proactive and predictive analytics at Azure Virtual Training Day: Digitally Transform with Modern Analytics from Microsoft Learn. Join us for this free training event to learn how to build an analytics solution using Azure Synapse Analytics. Maximize your organization’s intelligent decision-making capabilities and learn to build an end-to-end solution by preparing data for storage, processing, and analysis. You will have the opportunity to: Create a data warehouse in the cloud. Accelerate your big data engineering with Spark in Azure Synapse Analytics. Build automated data integration with Azure Synapse Pipelines. Learn to perform operation analytics with Azure Synapse Link. Join us at an upcoming two-part event: Monday, July 24, 2023 | 9:00 AM – 12:15 PM | (GMT-08:00) Pacific Time (US & Canada) Tuesday, July 25, 2023 | 9:00 AM – 10:45 AM | (GMT-08:00) Pacific Time (US & Canada) Delivery Language: English Closed Captioning Language(s): English

REGISTER TODAY >

Build skills that help you create new technology possibilities and explore foundational cloud concepts at Azure Virtual Training Day: Fundamentals from Microsoft Learn. Join us for this free training event to expand your knowledge of cloud models and cloud service types. You’ll also review Azure services focused on computing, networking, and storage. You will have the opportunity to: Understand the value of the shared responsibility model between consumers and cloud providers. Identify the tools and services that can help you manage, secure, and stay compliant across your Azure cloud ecosystem and in on-premises, hybrid, and multicloud environments. See how to use Azure services to rapidly expand your cloud footprint while maintaining data security and privacy. Join us at an upcoming two-part event: Wednesday, July 12, 2023 | 2:00 PM – 4:45 PM | (GMT-05:00) Eastern Time (US & Canada) Thursday, July 13, 2023 | 2:00 PM – 5:00 PM | (GMT-05:00) Eastern Time (US & Canada) Delivery Language: English Closed Captioning Language(s): English

REGISTER TODAY >

Featured Microsoft Build Book of News, 2023 > The Book of News is your guide to key news and announcements at the conference. Use the interactive Table of Contents to browse the topics. Click the Translate button below the Table of Contents to enable translations.

What’s New Next generation AI for developers with the Microsoft Cloud > Scott Guthrie and Tomas Domke discuss the GitHub Copilot and Visual Studio (including Visual Studio Code) developer experience.   Developer career tools: Saying NO to improve mental health, Q&A > Debbie O’Brien, Scott Hanselman and Justin Yoo talk about finding the right life-work balance, challenging yourself and finding motivation as a developer.   Techniques to get the most out of GitHub Copilot > A look at how Copilot works, some best practices and what AI can realistically do for developers in the real world.

Events See local events > Key moments from Microsoft Build 2023 > Check out sessions you may have missed. Now available on demand.   Get started: Generative AI with Azure OpenAI Service > Watch practical code demos and preview plugins for Microsoft Azure services.   Microsoft Build 2023 Community-led Parties > Join an After Party hosted by your local Community, covering your favorite topics in your time zone and language today through July 7.   Data + AI Summit 2023 by Databricks / June 26-29 > Join this event in person or online for technical deep dives, hands-on training, lightning talks and more.   Microsoft Ignite / November 15-16 > Attend Microsoft Ignite to catch up on the latest industry innovations. Sign up to be one of the first to know when registration launches.

Learning Cloud Skills Challenge: Azure AI Fundamentals > Get a solid foundation in machine learning and AI concepts including computer vision, natural language processing, and conversational AI.   Microsoft Learning Room Directory > Join Learning Rooms, a space designed for in-depth conversations with experts and peers, for skilling and training hosted on Microsoft Teams.   Build and scale cloud-native, intelligent apps on Azure > Learn how to run cloud-native serverless and container applications in Azure using Azure Kubernetes Service and Azure Container Apps.

This month’s episode of Uncovering Hidden Risks discusses strategies and best practices to mitigate security and compliance risks by using in-place eDiscovery to support investigations and litigation.  As data volumes continue to balloon, it’s becoming clear that the quickest path to victory does not involve the fewest steps. Let’s explore ways to defensibly move data minimization decisions upstream, to collaboratively expedite the eDiscovery process and reduce risk within the safety of your own tenant.

Joining our host Erica Toelle is our guest, EJ Bastien. EJ is Microsoft’s Director of Discovery Programs, leading the eDiscovery and Litigation Support function for its Litigation Department where he manages a multidisciplinary team of Program Managers, Engineers, Paralegals, and Records Managers.  During his 18-year tenure, he has been an integral part of the small team responsible for re-envisioning Microsoft’s internal approach to eDiscovery from the ground up, architecting the processes for the identification, preservation, and collection of ESI (Electronically Stored Information), and shepherding it through the stages of processing, analytics, and review. 

Caitlin Fitzgerald joins us as our guest host. Caitlin is a Sr. Product Marketing Manager focused on eDiscovery and Audit solutions for Microsoft Purview. She’s been at Microsoft for 10 years. She enjoys helping every organization, small or large, regulated, or unregulated encounter scenarios in which they need to find that needle in the haystack, or evidence to determine what happened in a security breach, or support an internal investigation, including what steps they need to take to reduce that risk in the future.

Together, we’ll explore how eDiscovery can help you reduce data and risks.

In this episode, we’ll cover the following:   

• What trends are affecting the eDiscovery space? 
• What advice would we give to other organizations that are looking to get a handle on the growing amount of data?
• How is Microsoft approaching some of the new technology innovations? 
• How can you implement an effective eDiscovery strategy?
• What benefits has Microsoft seen by using Purview eDiscovery Premium internally?
• What is exciting about the future of eDiscovery?   

Listen to this episode on your favorite podcast platform: 

• Main show page 
• Apple Podcasts 
• Spotify 
• Google Podcasts 
• Amazon 
• RSS Feed 

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity. 

NIST’s IoT cybersecurity guidance has long recognized the importance of secure software development (SSDF) practices, highlighted by the NIST IR 8259 series—such as the recommendation for documentation in Action 3.d of NIST IR 8259B, that manufacturers have considered and documented their “secure software development and supply chain practices used.” The NIST SSDF (NIST SP 800-218) describes software development practices that can aid manufacturers in developing IoT products by providing guidance for the secure development of software and firmware. These development practices can also provide assurance to customers regarding how those products were developed and how the manufacturer will support them. When used together, NIST’s SSDF and IoT cybersecurity guidance help manufacturers design and deliver more secure IoT products to customers.Read the Blog

Many different types of mobile apps—including those related to productivity, education, lifestyle, social media, entertainment, and gaming—exist to provide users with ease of use, convenience, and functionality. These apps collect a vast amount of data for marketing purposes and data sharing with third parties. For example, location data, IP addresses, saved home or work addresses, and saved activity on websites and services can be collected on your device. Many apps allow advertising firms to track a user’s location, sell that information to others, and target advertisements based on a user’s location history. Users may have the option to adjust their security and privacy settings to reduce what and how information is collected and shared. However, these permissions may make it more difficult to determine what an app is doing with the accessibility of users’ data and location. The data may not be private or anonymized as expected and, therefore, may be vulnerable to malicious actors.     Image Source: anupamdas.org   The popular fitness app Strava tracks a user’s heart rate, activity details, GPS location, and more. Strava’s heatmap feature anonymously aggregates user activity to assist users with finding trails or exercise hotspots, meeting like-minded people, and conducting their workout sessions in more crowded and safer locations. However, in the above example, researchers discovered potential privacy concerns with Strava’s heatmap feature that could identify a user’s home address by tracking and de-anonymizing users utilizing the heatmap data and specific user metadata. They collected data through the Strava heatmap and used OpenStreetMap overlays and image analysis to detect start/stop routes next to streets, signifying that a specific home is associated with a user’s tracked activity. They also used Strava’s search feature to identify users who registered a specific city as their location, correlating high activity points on the heatmap and the user’s home address. The researchers noted that Strava users typically registered with real names and profile pictures, correlating identities with home addresses and voter registration data, if available online. Also, Strava accounts marked as “private” still display when searching for a list of all users in a specified municipality. Strava’s mitigations include starting the tracking after the user has left their home or creating an exclusion for the heatmap feature for a distance around home locations, which would provide an option for users to set privacy zones around their home locations, and/or opt out of the heatmap feature.     Image Source: arxiv.org   The Short Message Service Center (SMSC) of a mobile network handles SMS delivery reports and provides notifications when a message has been delivered, accepted, failed, is undeliverable, has expired, or has been rejected. Despite delays in this process, mobile networks’ fixed nature and specific physical characteristics can be predictable when standard signal pathways are followed. In the above example, researchers developed a machine learning algorithm to analyze timing data in the SMS responses to identify and extract the recipient’s location. First, measurement data was collected to correlate SMS delivery reports and the targets’ known locations. For every hour for three days, multiple SMS messages were sent to the target in the experiment as marketing messages to ignore or disregard, or as silent SMS messages displaying no content and producing no notification on the target’s screen. The timing of the SMS delivery reports was then measured and aggregated with matching location signatures to create a machine learning (ML) evaluation dataset. The ML model and training data included receiving location, connectivity conditions, network type, receiver distances, and more.    Despite some limitations and extensive efforts, detecting information—such as a physical address, job location, phone number, email address, or other personal information—is still feasible, and users can easily become a target for cyberattacks, harassment, identity theft, and violence. Additionally, threat actors may engage in doxing, which is a tactic that involves the malicious targeting, compiling, and public release of personally identifiable information (PII) without permission. This information is posted on hosting websites and further disseminated on social media platforms. Doxing can also refer to revealing the real person behind an anonymous username and exposing their identity online.    It is important to know how to stay secure and limit privacy concerns while using apps. Even if a user is careful with what information is voluntarily shared and what settings are adjusted, the app may be able to track activity without the user’s knowledge, and their data could still be at risk through other covert means. Beyond personal risk for individuals, businesses and organizations are advised to weigh the risks that apps introduce and consider restricting their usage in sensitive environments. It is vital to stay informed on the abilities, accesses, and permissions of apps, what data they collect, and what they do with that data.

The NJCCIC received an uptick in reports of cyberattacks targeting law firms and small businesses. Threat actors may claim to be a construction company, supplier, or other specialty contractor seeking legal services. In one example, the threat actor included several red flags and conflicting information, such as an incorrect mailing address, email information, and website. At first glance, however, these red flags are inconspicuous and may go unnoticed. Further analysis revealed additional red flags, such as a .org top-level domain (TLD) typically used for nonprofit organizations, and the newly established website included multiple redirects and missing characters – a tactic often used by threat actors to impersonate a legitimate website. This website was able to bypass basic antivirus software, likely due to its recent creation.

Small businesses such as law firms are increasingly targeted by threat actors with the intent to gain access to the vast amounts of sensitive information they manage. A successful cyberattack may allow threat actors to gain access to internal networks and databases in attempts to commit further nefarious activity, such as ransomware , attacks, fraud, and theft. As a reminder, common red flags include misspelled email domains and websites, missing characters, and newly created website URLs. Users can quickly check website validity using trusted open-source tools such as VirusTotal, URLScan.io, MXToolBox, IPQualityScore, and the Any.Run sandbox; though, scans are publicly available and, therefore, users should avoid uploading internal files unless the user has a private account.

The National Artificial Intelligence Advisory Committee (NAIAC) has delivered its first report to the president, established a Law Enforcement Subcommittee to address the use of AI technologies in the criminal justice system, and completed plans to realign its working groups to allow it to explore the impacts of AI on workforce, equity, society and more.

The report recommends steps the U.S. government can take to maximize the benefits of AI technology, while reducing its harms. This includes new steps to bolster U.S. leadership in trustworthy AI, new R&D initiatives, increased international cooperation, and efforts to support the U.S. workforce in the era of AI. The report also identifies areas of focus for NAIAC for the next two years, including in rapidly developing areas of AI, such as generative AI.Read More