Month: June 2023

This month’s episode of Uncovering Hidden Risks discusses what it means to support multicloud, the risks of running a multicloud strategy, and how customers can think about this as they accelerate their digital transformation. Considering over 90% of organizations are already multicloud – meaning they rely on more than one cloud provider; it is important to understand how to protect people and data in a constantly evolving digital environment.

Joining our host Erica Toelle is our guest, Ashish Kumar. Ashish has over 25 years of experience in Engineering, Consulting, and Technology sales, helping businesses build products, increase revenue and market share, enhance branding, and lower operational costs. Ashish discusses the intersection between security and compliance, why knowing your posture is essential, and how we can have a safer digital world. You can also check out Ashish’s book, “Managing Risks in digital transformation.”

Go here to learn more.

As you may know I am one of the Co-chairs of this event. This will be our 10 year of running this conference. We have an open call for speakers on the site. If you have a topic your passionate about, please think about submit a proposal. We respectfully invite qualified members from the cybersecurity community to submit for speaking at the 2023 New York Metro Joint Cyber-Security Conference and/or Workshop.

InfoSecurity.NYC ∴ Call for Speakers (nymjcsc.org)

To learn more about the conference please go to the web site https://www.nymjcsc.org/

JUNE 6^th, 2023:

ACTION NOTICE: Impacted ESG appliances must be immediately replaced regardless of patch version level. If you have not replaced your appliance after receiving notice in your UI, contact support now (support@barracuda.com).  

Barracuda’s remediation recommendation at this time is full replacement of the impacted ESG. 

See the full article here

Explore core AI concepts at Azure Virtual Training Day: AI Fundamentals from Microsoft Learn. Join us for this free training event to learn how organizations use AI technology to solve real-world challenges and see how to build intelligent applications using Azure AI services. This training is suitable for anyone interested in AI solutions—including those in technical or business roles. You will have the opportunity to: Understand foundational AI concepts and real-world use cases. Get started using AI services on Azure and machine learning in Azure Machine Learning Studio. Identify common AI workloads and ways to use AI responsibly. Join us at an upcoming event: Wednesday, June 28, 2023 | 9:00 AM – 12:30 PM | (GMT-05:00) Eastern Time (US & Canada) Delivery Language: English Closed Captioning Language(s): English

REGISTER TODAY >

NIST released the newly redesigned and streamlined Special Publication 800-225, Fiscal Year (FY) 2022 Cybersecurity and Privacy Annual Report.

In FY 2022, the NIST Information Technology Laboratory’s (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in the world of cybersecurity and privacy. This Annual Report highlights key research activities for the ITL Cybersecurity and Privacy Program, including: the ongoing participation and development of international standards,  research and practical applications in several key priority areas, accomplishments in improving software and supply chain cybersecurity, IoT cybersecurity guidelines work, National Cybersecurity Center of Excellence (NCCoE) projects, and Risk Management Framework projects. NIST also celebrated 50 years of work in the cybersecurity space and the NCCoE celebrated a 10-year anniversary since inception.

Read the Report

Read the e-book

With the widespread adoption of the public cloud, more organizations are pivoting from a perimeter-based security model to a Zero Trust model. Under a Zero Trust model, all network connections are treated as threats that must be vetted, resulting in a proactive, boundaryless approach to security. Transitioning to Zero Trust security can take years of time, money, and effort—which is why it’s important to set yourself up for success. Read the e-book, 10 Tips for Enabling Zero Trust Security, to learn how to: Realign your access requests around identity.Use controls that grant access based on identity, access rights, device health, and a variety of other conditions.Plan for a strategy that includes both existing network protections and newer, identity-based controls.Aggregate your data using a security information and event management (SIEM) system.Empower your users to carry out self-service tasks, such as password resets.

Advances in cloud performance is paving the way for the acceleration of AI innovations across simulations, science, and industry. And as the complexity of AI models grows exponentially, Microsoft is leveraging a decade of experience in supercomputing and supporting the largest AI training workloads, to develop purpose built and optimized AI infrastructure for any scale. Join this webinar and learn about:  Azure’s proven performance for generative AI advancements across both Microsoft and customers.   Purpose built AI infrastructure design and optimization.   Azure’s AI Infrastructure, combined with our overall AI solution stack, addresses these challenges for customers of all sizes.

Azure webinar series Power AI Innovations with Purpose-Built AI Infrastructure Thursday, June 15, 2023 10:00 AM–11:00 AM Pacific Time Register here

Azure VMware Solution can help you lower infrastructure costs while increasing business agility and resilience. Learn how to get started with your VMware cloud migration journey.  In this session, we will take you under the hood of Azure VMware Solution with hands-on demonstrations and best practices. Our experts will share:  Network planning for your VMware migration demonstration.  Executing your migration with HCX and vMotion demonstration.  Connecting additional Azure services with Azure VMware Solution demonstration.  Day-two operations and how to optimize Azure VMware Solution.  Options to use existing licenses to lower your cloud costs.  Join the live session for Q&A and walk-throughs of key features. We’ll leave you with tools and actionable tips to kickstart your VMware cloud migration.

Azure webinar series Get Started with Azure VMware Solution: A Look Inside Tuesday, June 6, 2023 10:00 AM–11:00 AM Pacific Time Register here

Date: Wednesday, June 28, 2023

Time: 2:00-2:45 p.m. (ET)

Event Description:

As manufacturers are increasingly targeted in cyberattacks, any gaps in cybersecurity leave small manufacturers vulnerable to attacks. Small manufacturers tend to operate facilities with limited staff and resources, often causing cybersecurity to fall by the wayside as something that costs too much time and money. Additionally, bringing together various cybersecurity standards, frameworks, and guides to derive a coherent action plan is a challenge even for those experienced in cybersecurity. Security segmentation is a cost effective and efficient security design approach for protecting cyber assets by grouping them based on their communication and security requirements.

Join us on June 28, 2023 from 2:00-2:45 p.m. ET to discuss the NCCoE’s most recent manufacturing publication, NIST Cybersecurity White Paper: Security Segmentation in a Small Manufacturing Environment. The paper outlines a practical six-step approach that manufacturers can follow to implement security segmentation and mitigate cyber vulnerabilities in their manufacturing environments.

Join us on June 28 for a discussion where you’ll be able to:

• Meet the publication authors.
• Receive an overview of the new white paper.
• Ask the publication authors questions.
• Learn how to stay involved in the NCCoE’s manufacturing-related efforts.

Register Here

Today, CISA, Federal Bureau of Investigation (FBI), the National Security Agency (NSA), Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Israel National Cyber Directorate (INCD) released the Guide to Securing Remote Access Software. This new joint guide is the result of a collaborative effort to provide an overview of legitimate uses of remote access software, as well as common exploitations and associated tactics, techniques, and procedures (TTPs), and how to detect and defend against malicious actors abusing this software. 

Remote access software provides organizations with a broad array of capabilities to maintain and improve information technology (IT), operational technology (OT), and industrial control system (ICS) services; however, malicious actors often exploit this software for easy and broad access to victim systems. 
 
CISA encourages organizations to review this joint guide for recommendations and best practices to implement in alignment with their specific cybersecurity requirements to better detect and defend against exploitation. Additionally, please refer to the additional information below on guidance for MSPs and small- and mid-sized businesses and on malicious use of remote monitoring and management software in using remote software and implementing mitigations.