NIST requests public comments on NIST IR 8214C ipd (initial public
draft), NIST First Call for Multi-Party Threshold Schemes,
for primitives organized into two categories:

1. Cat1: selected NIST-specified
   primitives
2. Cat2: other primitives not
   specified by NIST

The report specifies the various categories, subcategories, and
requirements for a successful submission, including security characterization,
technical description, open-source implementation, and performance evaluation.
The process intends to help the NIST cryptographic technology group collect
reference material to promote a public analysis of the viability of threshold
schemes and related primitives. This will support the NIST multi-party
threshold cryptography and privacy-enhancing cryptography projects in
developing future recommendations.

Threshold schemes should NOT be submitted until the final version
of this report is published. However, using the present draft as a baseline,
potential submitters are encouraged to prepare early for future submissions.

The public comment period is open through April 10, 2023. See
the publication
details for a copy of the initial public draft and instructions for
submitting comments.

NOTE: A call for patent claims is included on page iii of this
draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy –
Inclusion of Patents in ITL Publications.

Read
More

 Here is a list of the new state data privacy statutes slated to come online in 2023:

(1) Most of the provisions of the California Privacy Rights Act (CPRA) become effective on Jan. 1, 2023. CPRA amended the California Consumer Privacy Act (CCPA), which had already created a number of individual rights modeled after the GDPR. CPRA created a new state agency, similar to data protection agencies in the EU countries charged with enforcing the GDPR.

(2) The Colorado Privacy Act (CPA) becomes effective on July 1, 2023. In addition to creating rights patterned after the individual rights under GDPR, CPA requires data security and contract provisions for vendors and assessments for “high-risk” processing.

(3) The Connecticut Data Privacy Act (CDPA), like Colorado’s new privacy law, goes into effect on July 1, 2023. CDPA likewise creates a suite of GDPR-like individual rights, and requires data minimization, security, and assessments for “high risk” processing.

(4) The Utah Consumer Privacy Act (UCPA) becomes effective on Dec. 31, 2023. It provides for certain GDPR-like individual rights, and also requires data security and contract provisions. But UCPA does not include expressly required risk assessments.

(5) The Virginia Consumer Data Privacy Act (VCDPA) becomes effective Jan. 1, 2023. It provides for certain GDPR-like individual rights. But in 2022, the “right-to-delete” was replaced with a right to opt out from certain processing.

THIS IS A POST I FOUND ON MICROSOFT HERE

With the growing adoption and support of IPv6 across enterprise networks, service providers, and devices, many customers are wondering if their users can continue to access their services and applications from IPv6 clients and IPv6 networks.  

 

Today, we’re excited to announce our plan to bring IPv6 support to Microsoft Azure Active Directory (Azure AD). This will allow customers to reach the Azure AD services over IPv4, IPv6 or dual stack endpoints.  

 

For most customers, IPv4 won’t completely disappear from their digital landscape, so we aren’t planning to require IPv6 or to de-prioritize IPv4 in any Azure AD features or services. However, it is important you start planning and prepare for IPv6 support by taking the actions recommended in this blog, and also checking in for updated guidance at https://aka.ms/azureadipv6. 

 

We’ll begin introducing IPv6 support into Azure AD services in a phased approach, starting March 31st, 2023.  

We have guidance below which is specifically for Azure AD customers who use IPv6 addresses and also use Named Locations in their Conditional Access policies.  

 

Customers who use named locations to identify specific network boundaries in their organization need to:  

 

1. Conduct an audit of existing named locations to anticipate potential impact; 
2. Work with your network partner to identify egress IPv6 addresses in use in your environment; 
3. Review and update existing named locations to include the identified IPv6 ranges. 

 

Customers who use Conditional Access location based policies to restrict and secure access to their apps from specific networks need to: 

 

1. Conduct an audit of existing Conditional Access policies to identify use of named locations as a condition to anticipate potential impact; 
2. Review and update existing Conditional Access location based policies to ensure they continue to meet your organization’s security requirements. 

 

We created an easy to remember link where we’ll continue to share additional guidance on IPv6 enablement in Azure AD. Access these details here: https://aka.ms/azureadipv6.  

 

 

Learn more about Microsoft identity: 

• Get to know Microsoft Entra – a comprehensive identity and access product family 
• Return to the Microsoft Entra (Azure AD) blog home  
• Join the conversation on Twitter and LinkedIn 
• Share product suggestions on the Entra (Azure AD) forum 

 

I been telling people if you are going to use a password manager understand the settings and configuration issues. This is true of all software.

 

I have said over and over again. 

Use on each site different, a strong password and change them regularly. and go to multi-factor solutions.

LastPass has been breached: What now?

If you have a LastPass account you should have received an email updating you on the state of affairs concerning a recent LastPass breach. While this email and the corresponding blog post try to appear transparent, they don’t give you a full picture. In particular, they are rather misleading concerning a very important question: should you change all your passwords now?

To read the full blog please go here

 FOR IMMEDIATE RELEASE

2022-39

Washington D.C., March 9, 2022 —

 Note to Reviewers
NIST is publishing this concept paper to seek additional input on the structure and direction of the
Cybersecurity Framework (CSF or Framework) before crafting a draft of CSF 2.0. 

This concept paper outlines
more significant potential changes that NIST is considering in developing CSF 2.0. These potential changes are
informed by the extensive feedback received to date, including in response to the NIST Cybersecurity Request
for Information (RFI) and the first workshop on CSF 2.0. 

Some of the proposed changes outlined here are larger structural changes that may impact compatibility with
CSF 1.1, thus warranting additional attention and discussion. This paper also outlines potential major changes to
CSF resources, including the CSF website, Profiles, mappings, and guidance. 

 This paper does not cover all potential changes that may be made to the Framework structure, format, and
content, especially specific changes to Categories and Subcategories of the CSF Core. NIST continues to
welcome input on specific changes, including redlines, to the CSF narrative and Core, as well as to related CSF
resources. 

NIST seeks feedback on this paper to inform further development of CSF 2.0, including, for each
numbered section.

 (e.g., Section 1.1. ‘Change the CSF’s title…’): 

 1. Do the proposed changes reflect the current cybersecurity landscape (standards, risks, and
technologies)? 

 2. Are the proposed changes sufficient and appropriate? Are there other elements that should
be considered under each area? 

 3. Do the proposed changes support different use cases in various sectors, types, and sizes of
organizations (and with varied capabilities, resources, and technologies)? 

 4. Are there additional changes not covered here that should be considered? 

 5. For those using CSF 1.1, would the proposed changes affect continued adoption of the
Framework, and how so? 

 6. For those not using the Framework, would the proposed changes affect the potential use of
the Framework? 

 Feedback and comments should be directed to [email protected] by March 3, 2023. All relevant
comments, including attachments and other supporting material, will be made publicly available on the NIST
CSF 2.0 website. 

Personal, sensitive, or confidential business information should not be included. Comments
with inappropriate language will not be considered. 

The changes proposed in this paper will also be discussed at
the upcoming second CSF 2.0 virtual workshop on February 15, 2023, and during CSF 2.0 in-person working
sessions on February 22-23, 2023. 

Contact [email protected] if you would like NIST to consider
participating at a conference, webinar, or informal roundtable to discuss the CSF update and this paper. 

After reviewing feedback on this concept paper and considering insights gained through the workshops, NIST
intends to publish the draft Cybersecurity Framework 2.0 in the coming months for a 90-day public review.

To see the full paper go https://www.nist.gov/system/files/documents/2023/01/19/CSF_2.0_Concept_Paper_01-18-23.pdfre

 

 The NIST AI RMF is a framework to manage risks to individuals,
organizations, and society associated with artificial intelligence (AI). The
Framework is intended for voluntary use  to improve the ability to
incorporate trustworthiness considerations into the design, development, use,
and evaluation of AI products, services, and systems. It has been developed
through a consensus-driven, open, transparent, and collaborative process.

Sign up to
receive email notifications about NIST’s AI activities.

Read More

 At Microsoft, our mission is to help you achieve more, so we’re making certifications, and the resources to learn, prepare, and get certified, free to all eligible students, starting with fundamentals certifications through June 2023.

Technology is changing the future of work. In every industry, employers expect interns and recent graduates to have the digital capabilities they need to thrive in a modern—often hybrid or remote—working environment. While digital skills are a great start, students also need skills in data, AI, and cloud technologies to make the most of every opportunity. Earning a Microsoft Certification does more than just build technical skills; certifications can help you stand out, gain confidence, and even get paid more1. Microsoft Certifications also validate your skills and abilities, while proving your commitment to learning the latest technologies.

Five steps to kick-start your tech career

1. Sign into Microsoft Learn and create your student profile

Microsoft Learn is the place to start and customize your learning journey with up-to-date content developed by experts and a variety of resources. Master new skills with a comprehensive collection of training options that empower you to learn in a style that fits you best. Sign into Microsoft Learn and create your student profile to track your progress on learning activities, create and share content collections, accrue points and achievements, use free Azure resources, and get personalized recommendations.

2. Determine which certification is right for you and start learning

Microsoft Certifications are based on industry analysis of specific jobs and roles and are continually updated to reflect the latest technologies. They enhance your credibility, giving you the professional advantage of globally recognized, industry-endorsed skills. Earning a Microsoft Certification enables employers and peers to recognize your talent and experience—and can help you build the technical skills you need to succeed in today’s fast-paced, digital world.

Microsoft Certifications start with foundational skills and move into the deeper technical skills you will need to perform industry roles. Microsoft Certifications also cover technical topics from Azure to AI, to data analytics and cybersecurity.

Learn the concepts included in the certification exams

3. Verify your student status and claim your free exam

As part of this initiative, Microsoft provides exam vouchers to eligible students so that they can take Fundamentals exams for free.

Fundamentals certifications are a great way to start your certification journey. Validate your foundational understanding with mixed concepts and apply what you learn about Microsoft technologies—no area experience required. Fundamentals also give you a springboard into deeper, role-based learning paths and certifications.

You just need to verify your enrollment at an accredited academic institution to claim the benefits.

4. Become certified—and earn college credit

Get even more credit for your new skills. Students can now receive college credits for passing Microsoft Exams and earning Microsoft Certifications. Read the story of students Sam Jones and Jason Powell, who saved money and completed their degrees faster with college credits they earned as a result of their Microsoft Certifications. Review the tools and resources they used so you can do the same.

5. Share your certification achievements

Celebrate your success! You worked hard to earn your certification. Now, be sure to share your new achievement with the world via a digital badge.

Showcasing your professional achievements may help you get noticed by potential employers. When you share your digital badge on popular sites, such as LinkedIn, Facebook, and Twitter, or when you embed it into your resume, personal website, or email signature, anyone who sees your badge will immediately recognize it as a trusted Microsoft validation of your achievement.

Learn more about how to claim your badge and showcase your skills and certifications

This is a post from Microsoft. 

On January 13th, Windows Security and Microsoft Defender for Endpoint customers may have experienced a series of false positive detections for the Attack Surface Reduction (ASR) rule “Block Win32 API calls from Office macro” after updating to security intelligence builds between 1.381.2134.0 and 1.381.2163.0. These detections resulted in the deletion of files that matched the incorrect detection logic primarily impacting Windows shortcut (.lnk) files.

 

There is no impact for customers who do not have the “Block Win32 API calls from Office macro” rule turned on in block mode or did not update to security intelligence update builds 1.381.2134.0, 1.381.2140.0, 1.381.2152 and 1.381.2163.0. 

 

For currently impacted customers: what do I need to do? 

Impacted customers will need both the updated security intelligence build and follow the process to recover start menu and taskbar shortcuts.

 

The updated security intelligence build

Customers should update to build 1.381.2164.0 or later. Customers utilizing automatic updates for Microsoft Defender antivirus do not need to take additional action to receive the updated security intelligence build. Enterprise customers managing updates should download the latest update and deploy it across their environments.  The security intelligence build does not restore deleted shortcuts. Instructions on how to restore those are immediately below. If you turned “Block Win32 calls from Office macros” into audit mode per prior guidance you can now safely turn on block mode.

 

To recover deleted start menu and taskbar shortcuts

Microsoft has confirmed steps that customers can take to recreate start menu links for a significant sub-set of the affected applications that were deleted.  

 

Version 4.0 is now streamlined so the script will perform all the actions including running the MpRecoverTaskbar.exe and is better equipped to handle errors. This script also provides additional checks that help recover more shortcuts and links. For more details click here.

 

1/ Download both AddShortcuts.ps1 and MpRecoverTaskBar.exe and select from the following options:

 

Option A/ If you are using System Center Config Manager or Group Policy Object Editor or third-party tools then deploy both files and run the command “powershell -ep bypass -file .AddShortcuts.ps1 -MpTaskBarRecoverUtilDownload=false” as Administrator.

 

Option B/ If you are using Intune or no management tool then deploy AddShortcuts.ps1 and run the command “powershell -ep bypass -file .AddShortcuts.ps1” as Administrator.  This will automatically download MPTaskBarRecover.exe from the Microsoft download center onto the user’s machine and run the script. Detailed instructions on how to deploy the script using Microsoft Intune are here. 

 

2/ The changes will come into effect after users logout and login to their accounts.

 

3/ The MPRecoverTaskbar.exe can be run multiple times on end-user machines if necessary.  If end-users are missing taskbar icons after completing this process, then try running it a second time from %windir%MPRecoverTaskbar.exe in the user context.

 

The script requires PowerShell 5.x and does not currently support PowerShell 7.x.

 

Version 4.0 includes all the improvements from Version 3.0: restores from Volume Shadow Copy Service by default, recovers .URL files in the user’s profile’s Favorites and Desktop directories, if those URL files exist in the Volume Shadow Copy Service, contains improvements for non-English language machines, while adding improved error handling and additional checks that help recover more shortcuts and links.

 

To add programs to the script: edit the $program variable and add a new line with the name of the application lnk and the executable. 

 

For customers that prefer manual steps rather than the script running an application repair on affected applications will recreate deleted links.  Users can run the Application Repair functionality for programs including Microsoft 365, Microsoft Edge, and Microsoft Visual Studio.

To repair an application, follow these instructions:

1. Windows 10:
1. Select Start  > Settings  > Apps > Apps & features
2. Select the app you want to fix.
3. Select Modify link under the name of the app if it is available.
4. A new page will launch and allow you to select repair.
2. Windows 11:
1. Type “Installed Apps” in the search bar.
2. Click “Installed Apps”.
3. Select the app you want to fix.
4. Click on “…”
5. Select Modify or Advanced Options if it is available.
6. A new page will launch and allow you to select repair.

Verifying environment impact

Customers can verify the impact of this issue in their environment through the following advanced hunting queries (AHQs):

 

This AHQ can retrieve all block events from devices with ASR rule “Block Win32 API calls from Office macro” enabled on “Block” mode, run this query.

DeviceEvents

| where Timestamp >= datetime(2023-01-13)

| where ActionType contains “AsrOfficeMacroWin32ApiCallsBlocked”

| extend JSON = parse_json(AdditionalFields)

| extend isAudit = tostring(JSON.IsAudit)

| where isAudit == “false”

| summarize by Timestamp, DeviceName, DeviceId, FileName, FolderPath, ActionType, AdditionalFields

| sort by Timestamp asc

 

This AHQ can retrieve all events from devices with ASR rule “Block Win32 API calls from Office macro” enabled on “block” and “audit” mode, run this query.

 

DeviceEvents

| where Timestamp >= datetime(2023-01-13)

| where ActionType contains “AsrOfficeMacroWin32ApiCallsBlocked”

| summarize by Timestamp, DeviceName, DeviceId, FileName, FolderPath, ActionType, AdditionalFields

| sort by Timestamp asc

 

This AHQ can retrieve the device count with this ASR rule “Block Win32 API calls from Office macro” enabled and if the number is exceeding 10K, run this query.

 

DeviceEvents

| where Timestamp >= datetime(2023-01-13)

| where ActionType contains “AsrOfficeMacroWin32ApiCallsBlocked”

| summarize deviceCount = dcount(DeviceId)

| extend IsMoreThanTenThousand = iif(deviceCount> 10000, True, False)

 

Advanced Hunting Queries are not available in Defender for Endpoint P1 which is also included in E3 and A3 or in Defender for Business.  To identify affected machines run the script here on individual user machines.  

 

FAQ 

Additional questions are addressed in the FAQ document.