New NIST Public Working Group on AI

Today, U.S. Secretary of Commerce Gina Raimondo announced that the National Institute of Standards and Technology (NIST) is launching a new public working group on artificial intelligence (AI) that will build on the success of the NIST AI Risk Management Framework to address this rapidly advancing technology. The Public Working Group on Generative AI will help address the opportunities and challenges associated with AI that can generate content, such as code, text, images, videos and music. The public working group will also help NIST develop key guidance to help organizations address the special risks associated with generative AI technologies. The announcement comes on the heels of a meeting President Biden convened earlier this week with leading AI experts and researchers in San Francisco, as part of the Biden-Harris administration’s commitment to seizing the opportunities and managing the risks posed by AI.Read More

Microsoft Security Virtual Training Day: Security, Compliance, and Identity Fundamentals

Grow your skills at Security Virtual Training Day: Security, Compliance, and Identity Fundamentals from Microsoft Learn. At this free, introductory event, you’ll gain the security skills and training you need to create impact and take advantage of opportunities to move your career forward. You’ll explore the basics of security, compliance, and identity—including best practices to help protect people and data against cyberthreats for greater peace of mind. You’ll also learn more about identity and access management while exploring compliance management fundamentals. You will have the opportunity to: Learn the fundamentals of security, compliance, and identity. Understand the concepts and capabilities of Microsoft identity and access management solutions, as well as compliance management capabilities. Gain the skills and knowledge to jumpstart your preparation for the certification exam. Join us at an upcoming two-part event:
Monday, July 24, 2023 | 2:00 PM – 4:45 PM | (GMT-05:00) Eastern Time (US & Canada)
Tuesday, July 25, 2023 | 2:00 PM – 4:00 PM | (GMT-05:00) Eastern Time (US & Canada)

Delivery Language: English
Closed Captioning Language(s): English
 
REGISTER TODAY >
 
  
Visit the Microsoft Virtual Training Days website to learn more about other event opportunities.

Transform your business security architecture with top industry leaders

Webinar date:
Tuesday, June 27, 2023
9:00 AM Pacific Time / 12:00 PM Eastern Time Concerned about safeguarding your organization’s data? The changing demands of employees and customers have created the need for cloud transformation, which requires a modern security architecture. Businesses that meet and exceed the baseline security requirements for employees and customers can optimize the digital experience for all users while protecting data. Learn how you can securely access critical business data and software services without compromising speed or reliability. Join this upcoming webinar with Zscaler and Microsoft experts to discover how your organization can embrace zero trust security. During this interactive Q&A session, you will have the opportunity to: Gain insights on how zero trust can strengthen your organization’s security Optimize access to organizational workloads, data, and assets Attract and retain the next generation of employees
 
Improving your competitive edge with Zero Trust Framework
 
Register now >

See where you stand with the security operations self-assessment

Modern Security Operations Self-assessment   Modernize your ability to detect, respond, and recover from threats    
  Take the self-assessment   
  In today’s evolving threat landscape, security teams must continually modernize their security operations to stay prepared and keep up with adversaries. We’ve developed two resources to help you succeed. Answer the questions in the modern security operations self-assessment questionnaire to evaluate the maturity stage of your security operations. Based on your answers you’ll get recommendations to help you modernize your approach to: Triage InvestigationThreat hunting Incident management Automation Download the modern security operations guide to see best practices and lessons learned from the Microsoft Cyber Defense Operations Center. We’ve created this guide to help you develop strategies to:  Modernize your technology stack to ensure you have protection and visibility across all attack vectors Improve the processes of your security operations team and help them separate true threats from false positives Reduce your vulnerabilities and increase speed and efficiency for security teams defending against attacks.  

NIST Lightweight Cryptography Standardization Process: NIST Releases IR 8454

Status Report on the Final Round of the NIST Lightweight Cryptography Standardization Process: NIST Releases IR 8454 

NIST announces the publication of NIST Internal Report (NIST IR) 8454, Status Report on the Final Round of the NIST Lightweight Cryptography Standardization Process. This report describes the evaluation criteria and process for selecting authenticated encryption and hashing schemes suitable for applications in constrained environments. The standardization effort was a public, competition-like process based on NIST’s internal review of the finalists and public feedback.

In February 2019, 57 candidate algorithms were submitted to NIST for consideration. Among these, 56 were accepted as first-round candidates in April 2019. After four months, NIST selected 32 of the candidates for the second round. NIST announced 10 finalists in March 2021 – namely ASCON, Elephant, GIFT-COFB, Grain-128AEAD, ISAP, PHOTON-Beetle, Romulus, SPARKLE, TinyJAMBU, and Xoodyak – to move forward to the final round of the selection process. On February 7, 2023, NIST announced the decision to standardize the ASCON family for lightweight cryptography applications.

Read More

Microsoft Security Virtual Training Day: Protect Data and Mitigate Risk

Identify, remediate, and limit data risks at Security Virtual Training Day: Protect Data and Mitigate Risk from Microsoft Learn. At this free event, you’ll learn how to secure data and reduce risks with Microsoft Purview Information Protection and risk management solutions. You’ll also explore how to manage data protection policies across your organization to help protect people and data against cyberthreats. You will have the opportunity to: Manage and monitor data in new, comprehensive ways to help prevent data loss with Microsoft Purview. Identify privacy risks and help protect personal data using Microsoft Priva. Discover sensitive data and respond to inquiries efficiently with Microsoft Purview. Join us at an upcoming two-part event:
Wednesday, 19 July, 2023 | 12:00 PM – 2:45 PM | (GMT-08:00) Pacific Time (US & Canada)
Thursday, 20 July, 2023 | 12:00 PM – 2:30 PM | (GMT-08:00) Pacific Time (US & Canada)

Delivery Language: English
Closed Captioning Language(s): English
 
REGISTER TODAY >

Beware of Skimmers and Infostealers Targeting E-Commerce

A growing number of cyberattacks were discovered targeting retailers and online consumers as summer sales heat up. Though the holiday season remains the most profitable time for retailers, sale events are often launched in the slower summer months to increase revenue. Consumers often take advantage of these summer sale events including semi-annual sales; Independence, Memorial, and Labor Day sales; Father’s Day and graduation gifts; back-to-school sales, and Christmas in July sales.  Akamai researchers identified a new, large-scale, Magecart-style web skimming campaign, designed to steal personally identifiable information (PII) and credit card information from e-commerce websites. Distinct from traditional Magecart campaigns, however, this campaign uses new techniques to hijack legitimate commerce websites in order to serve as improvised command-and-control (C2) servers, using the host victim’s website to further facilitate malicious code distribution.
Cybercriminals use various evasion techniques during the campaign, masking the attack to resemble popular third-party services and allowing it to go undetected for over a month. This attack may potentially exploit known vulnerabilities found in websites’ digital commerce platforms such as Magento, WooCommerce, WordPress, and Shopify, or in vulnerable third-party services used by the website. These attacks cannot be detected by popular web security methods, such as web application firewalls (WAFs), and are executed on the client side, prolonging the attack. This may result in tens of thousands of victims and damage the reputations of victimized organizations. Additionally, consumers’ PII and credit card information are at risk of being stolen or further sold on dark web forums.
Threat actors are also targeting online sellers in a new phishing campaign to distribute Vidar information-stealing (infostealer) malware. They impersonate a customer of an online retailer claiming that they were charged a large dollar amount after an alleged order did not go through. These complaints are sent to online store administrators via email or website contact forms and contain a link to a fake Google Drive page that prompts the user to download a malware-laden PDF file. Threat actors target online sellers to steal admin credentials in order to gain access to eCommerce websites and facilitate further cyberattacks.
Infostealers are remote access trojans (RATs) designed to gather information from a system. Infostealers gather login information, like usernames and passwords, and are frequently used to further facilitate ransomware attacks. The NJCCIC and other cybersecurity firms have indicated a steady increase in attempts to distribute infostealers, such as Redline Stealer, Vidar, and Raccoon Stealer. Vidar is capable of stealing browser cookies, browser history, saved passwords, cryptocurrency wallets, text files, Authy 2FA databases, and capturing screenshots of the active Windows screen. Redline Stealer is a powerful data collection tool, capable of extracting login credentials from a wide range of sources, including web browsers, FTP clients, email applications, Steam, instant messaging clients, and VPNs. Raccoon Stealer steals personal information, including email addresses, identification numbers, bank account information, and cryptocurrency information. Cybercriminals can use this stolen information to commit identity theft, financial fraud, and other crimes.

LAST CALL: Comments Requested on Proposed Updates to NICE Framework Work Role Categories and Work Roles

One week left to submit comments! On April 18, 2023 proposed updates to Workforce Framework for Cybersecurity (NICE Framework) Work Role Categories and Work Roles were announced.  The proposed updates are based on feedback from the community during previous calls for comments, during regular engagement with stakeholders, and through consultations with subject matter experts. The updates focus on improving clarity, consistency, and accuracy to increase the usefulness of this resource.  Updates include: Minor changes to Work Role Category names, descriptions, and ordering.  Updates to Work Role names, minor updates to Work Role descriptions, and new Work Role IDs to reflect category updates and remove reference to deprecated Specialty Areas. An overview of the proposed updates is provided in “NICE Framework Work Role Categories and Work Roles: An Introduction and Summary of Proposed Updates”.
How to Review and Submit Comments
Read the “NICE Framework Work Role Categories and Work Roles: An Introduction and Summary of Proposed Updates.” Download and review the NICE Framework Work Role Categories and Work Roles: Proposed Updates spreadsheet.  All comments that are received will be reviewed and adjudicated; future revisions will reflect the entirety of the feedback received. Send comments to [email protected] no later than June 23, 2023, at 11:59 p.m. ET. Thank you. We are grateful for your support!

Barracuda Networks Releases Update to Address ESG Vulnerability

Barracuda Networks has released an update to their advisory addressing a vulnerability—CVE-2023-2868—in their Email Security Gateway Appliance (ESG). According to Barracuda, customers should replace impacted appliances immediately. 

CISA urges organizations to review the Barracuda advisory and for all impacted customers to follow the mitigation steps as well as hunt for the listed indicators of compromise (IOCs) to uncover any malicious activity. For more information, see Mandiant’s advisory on Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor.

Note: Customers who used enterprise privileged credentials for management of their Barracuda appliance (such as Active Directory Domain Admin or similar) should take immediate incident investigation steps to validate the use and behavior of all credentials used on the appliance. It is of utmost importance to verify that threat actors have not compromised customer enterprise networks via this entry vector.