AI-powered innovations in cybersecurity are reshaping how businesses of every size—and across every industry—secure and protect their data. Join us at the second annual Microsoft Secure digital event to learn how to bring world-class threat intelligence, complete end-to-end protection, and industry-leading, responsible AI to your organization. Register today to: Be among the first to hear about new products, capabilities, and offerings. Get demos on the latest AI-powered innovations. Learn from industry luminaries and influencers.
Microsoft Secure Wednesday, March 13, 2024 9:00 AM–11:00 AM Pacific Time (UTC-8)
The initial public draft of NIST Internal Report (IR) 8504, Access Control on NoSQL Databases, is now available for public comment. NoSQL (i.e., “not only SQL” or “non-SQL”) database systems and data stores often outperform traditional relational database management systems (RDBMSs) in various aspects, such as data analysis efficiency, system performance, ease of deployment, flexibility/scalability of data management, and users’ availability. However, with an increasing number of people storing sensitive data in NoSQL databases, access control issues have become a fundamental data protection requirement for database management systems.
This document discusses access control on NoSQL database systems by illustrating the NoSQL database types and their support for access control models. It operates under the assumption that the access control system stores and manages access control data (e.g., subjects, objects, and attributes) in the NoSQL database and describes considerations from the perspective of access control in general.
A public comment period is open through March 15, 2024. See the publication details for a copy of the draft and instructions for submitting comments.
Companies in major industries such as finance and health care must follow best practices for monitoring incoming data for cyberattacks. The latest internet security protocol, known as TLS 1.3, provides state-of-the-art protection, but complicates the performance of these required data audits. The National Institute of Standards and Technology (NIST) has released a practice guide describing methods that are intended to help these industries implement TLS 1.3 and accomplish the required network monitoring and auditing in a safe, secure and effective fashion.
The new draft practice guide, Addressing Visibility Challenges with TLS 1.3 within the Enterprise (NIST Special Publication (SP) 1800-37), was developed over the past several years at the NIST National Cybersecurity Center of Excellence (NCCoE) with the extensive involvement of technology vendors, industry organizations and other stakeholders who participate in the Internet Engineering Task Force (IETF). The guidance offers technical methods to help businesses comply with the most up-to-date ways of securing data that travels over the public internet to their internal servers, while simultaneously adhering to financial industry and other regulations that require continuous monitoring and auditing of this data for evidence of malware and other cyberattacks.
The Cybersecurity and Infrastructure Security Agency (CISA) and the Environmental Protection Agency (EPA) jointly released a Water and Wastewater Systems Sector Cybersecurity Toolkit to aid Water and Wastewater Systems Sector stakeholders in bolstering their cybersecurity preparedness across the nation.
To build security and resilience within the Water and Wastewater Systems Sector, CISA works closely with EPA to deliver tools, resources, training and information that can help organizations within this sector. Together, CISA brings technical expertise as the nation’s cyber defense and infrastructure security agency, and EPA offers extensive expertise as the Water and Wastewater Systems Sector Risk Management Agency.
The toolkit includes useful resources, including a newly published Cybersecurity Incident Response Guide, vital CISA and EPA services including free vulnerability scanning assessments, cybersecurity performance goals alignment, cyber hygiene tools, and more.
A Chinese-state-backed hacking group is targeting legacy devices, primarily Cisco routers, to expand its attack infrastructure in a new campaign that marks a notable strategic shift in its threat activity. Volt Typhoon, an emerging advanced persistent threat (APT) group identified last year, is exploiting two known vulnerabilities, CVE-2019-1653 and CVE-2019-1652, to compromise Cisco RV320/325 routers that were discontinued in 2019. Neither vulnerability has a patch available. In its latest campaign, the threat group is leveraging a botnet of compromised small office/home office (SOHO) devices linked to previous attacks attributed to Volt Typhoon. Notably, Volt Typhoon’s botnet infrastructure communicated with 27 IP addresses that host 69 sites belonging to government entities in the United States, the United Kingdom, and Australia.
New Indicators of Compromise (IOCs) and Shifting Tactics
SecurityScorecard’s STRIKE team released a report detailing their research into the group’s latest campaign after discovering that the group compromised approximately 30 percent of the Cisco RV320-325 routers observed by the team over a 37-day period. Of the 1,116 target devices analyzed, the team identified 325 devices communicating with two IP addresses of known proxies used by Volt Typhoon actors. The threat group is also deploying a custom web shell to maintain access to the compromised devices, which can be identified by the filename “fy.sh.”
Additionally, the STRIKE team uncovered multiple new IP addresses linked to their activity, providing further evidence of the threat group’s intent to develop new attack infrastructure:
While Volt Typhoon continues to target SOHO devices, which are better for concealing malicious traffic, the group has shifted towards targeting legacy systems. The targeted Cisco routers are currently impacted by 35 vulnerabilities that may be left unaddressed. This tactic represents a significant shift, as focusing on end-of-life devices requires knowledge of older systems and associated vulnerabilities, which may not be widely known.
Advances in cloud performance is paving the way for the acceleration of AI innovations across simulations, science, and industry. And as the complexity of AI models grows exponentially, Microsoft is leveraging a decade of experience in supercomputing and supporting the largest AI training workloads, to develop purpose built and optimized AI infrastructure for any scale.
Join this webinar and learn about: Azure’s proven performance for generative AI advancements across both Microsoft and customers. Purpose built AI infrastructure design and optimization. Azure’s AI Infrastructure, combined with our overall AI solution stack, addresses these challenges for customers of all sizes.
Azure webinar series Power AI Innovations with Purpose-Built AI Infrastructure Thursday, January 25, 2024 10:00 AM–11:00 AM Pacific Time
Note: If someone forwarded you this e-mail, you won’t be able to use the instant registration link. Register here instead. Registering with the button below will sign you up for this event using the e-mail address where you received this mail as well as the full name, contact information, company, and country you previously provided.
Synopsis As we seek to attract underrepresented communities for the cybersecurity workforce, a demographic that is often overlooked and underserved are Americans who live in the rural and remote areas of the United States. While rural America has become more economically diverse and access to information technology has improved in recent years, learners in rural areas still experience challenges as compared to their urban counterparts. The challenges include limited broadband access, limited access to quality education and training, sparse job opportunities, lack of economic diversity, and transportation or community barriers*. However, as rural broadband access improves, access to online learning content becomes ubiquitous, and remote work or telework becomes more prevalent, it seems that rural Americans represent an untapped resource for addressing the cybersecurity workforce needs of employers. This webinar will explore promising practices and policies for expanding access and opportunity for rural Americans to pursue cybersecurity careers. *Source: Navigating Challenges Faced by Rural American job Seekers: A Comprehensive Guide (Center for Workforce Inclusion, August 22, 2023)
Multiple vulnerabilities have been discovered in VMware vCenter Server and Cloud Foundation, the most severe of which could allow for remote code execution. VMware vCenter Server is the centralized management utility for VMware. VMware Cloud Foundation is a multi-cloud platform that provides a full-stack hyperconverged infrastructure (HCI) that is made for modernizing data centers and deploying modern container-based applications. Successful exploitation of these vulnerabilities could allow for remote code execution in the context of the administrator account. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Threat IntelligenceVMware is aware of confirmed reports thatCVE-2023-34048has been exploited in the wild.
Systems Affected
VMware vCenter Server versions prior to 8.0U2 VMware vCenter Server versions prior to 8.0U1d VMware vCenter Server versions prior to 7.0U3o VMware Cloud Foundation (VMware vCenter Server) versions prior to KB88287
Risk Government: – Large and medium government entities: High – Small government entities: Medium
Businesses: – Large and medium business entities: High – Small business entities: Medium
Home Users: Low
Technical Summary Multiple vulnerabilities have been discovered in VMware vCenter Server and Cloud Foundation, most severe of which could allow for remote code execution.
Recommendations
Apply appropriate updates provided by VMware to vulnerable systems immediately after appropriate testing. Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. Prevent access to file shares, remote access to systems, unnecessary services. Mechanisms to limit access may include use of network concentrators, RDP gateways, etc. Use intrusion detection signatures to block traffic at network boundaries. Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring.
The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive (ED) 24-01 that requires Federal Civilian Executive Branch (FCEB) agencies to implement vendor published mitigation guidance immediately to Ivanti Connect Secure and Ivanti Policy Secure solutions to prevent future exploitation and to run the vendor’s Integrity Checker Tool to identify any active or past compromise.
Last week, Ivanti released information regarding two vulnerabilities, CVE-2023-46805 and CVE-2024-21887 , that allow an attacker to move laterally across a target network, perform data exfiltration, and establish persistent system access. CISA has determined an Emergency Directive is necessary based on the widespread exploitation of these vulnerabilities by multiple threat actors, prevalence of the affected products in the federal enterprise, high potential for compromise of agency information systems, and potential impact of a successful compromise.
While this Directive only applies to FCEB agencies, the threat extends to every sector using these products and we urge all organizations to adopt this guidance.