Registration is about to close for Boost Developer Productivity with AI. Improve workflows and minimize mundane tasks for faster delivery. Join us to learn more about Azure, Visual Studio, and GitHub Copilot, the AI-powered developer platform from Microsoft. Give your developers more freedom to focus on innovation and creativity. Reserve your spot now. Explore the latest AI advancements in software development. Join us at Microsoft Tech Brief: Boost Developer Productivity with AI, a free event, to discover how to accelerate developer productivity and innovate faster with GitHub, the Microsoft AI–powered development platform. Learn how to build new apps using GitHub Copilot and Visual Studio tools and see how to integrate existing apps with Azure services and data storage capabilities. You’ll preview the latest version of GitHub Copilot Chat along with powerful debugging tools in Visual Studio 2022. Gain insights from Microsoft experts as they create an app from the ground up using GitHub Copilot, Visual Studio, Microsoft Dev Box, and GitHub Enterprise Cloud with GitHub Advanced Security. Discover how to help teams deploy software faster with Azure Deployment Environments and GitHub actions. You’ll have the opportunity to: Accelerate coding processes using generative AI workflows that deliver simple code suggestions to complete assembly. Build apps and collaborate seamlessly using self-service tools and flexible solutions, backed by a commitment to open source and DevOps practices. Learn how to write more secure code, respond quickly to vulnerabilities in software supply chains, and adopt best practices to help secure development environments. Embrace a complete development toolkit using ready-to-code, self-service products that easily fit into your tech stacks. Registration closes soon, and space is limited. Sign up for free today. Delivery language: English Closed captioning provided in: English Microsoft Teams delivers a rich, interactive experience that works best with the Teams app. We recommend downloading the app if you don’t have it, as not all browsers are supported. When you join this event, your name, email, or phone number may be viewable by other session participants in the attendee list. By joining this event, you’re agreeing to this experience. When: Wednesday, June 19, 2024, 2:00 – 3:30 PM (GMT-04:00) Where: Online |
Microsoft Tech Brief: Boost Developer Productivity with AI |
Register now > |
Month: June 2024
Free Microsoft Training: Last chance to register to see how to boost developer productivity with AI
Registration is about to close for Boost Developer Productivity with AI. Improve workflows and minimize mundane tasks for faster delivery. Join us to learn more about Azure, Visual Studio, and GitHub Copilot, the AI-powered developer platform from Microsoft. Give your developers more freedom to focus on innovation and creativity. Reserve your spot now. Explore the latest AI advancements in software development. Join us at Microsoft Tech Brief: Boost Developer Productivity with AI, a free event, to discover how to accelerate developer productivity and innovate faster with GitHub, the Microsoft AI–powered development platform. Learn how to build new apps using GitHub Copilot and Visual Studio tools and see how to integrate existing apps with Azure services and data storage capabilities. You’ll preview the latest version of GitHub Copilot Chat along with powerful debugging tools in Visual Studio 2022. Gain insights from Microsoft experts as they create an app from the ground up using GitHub Copilot, Visual Studio, Microsoft Dev Box, and GitHub Enterprise Cloud with GitHub Advanced Security. Discover how to help teams deploy software faster with Azure Deployment Environments and GitHub actions. You’ll have the opportunity to: Accelerate coding processes using generative AI workflows that deliver simple code suggestions to complete assembly. Build apps and collaborate seamlessly using self-service tools and flexible solutions, backed by a commitment to open source and DevOps practices. Learn how to write more secure code, respond quickly to vulnerabilities in software supply chains, and adopt best practices to help secure development environments. Embrace a complete development toolkit using ready-to-code, self-service products that easily fit into your tech stacks. Registration closes soon, and space is limited. Sign up for free today. Delivery language: English Closed captioning provided in: English Microsoft Teams delivers a rich, interactive experience that works best with the Teams app. We recommend downloading the app if you don’t have it, as not all browsers are supported. When you join this event, your name, email, or phone number may be viewable by other session participants in the attendee list. By joining this event, you’re agreeing to this experience. When: Wednesday, June 19, 2024, 2:00 – 3:30 PM (GMT-04:00) Where: Online |
Microsoft Tech Brief: Boost Developer Productivity with AI |
Register now > |
Join NIST for our Ready, Set, Update! Privacy Framework 1.1 + Data Governance and Management Profile Workshop
We are excited to announce our upcoming hybrid workshop to update the NIST Privacy Framework to version 1.1 and develop a joint NIST Frameworks Data Governance and Management (DGM) Profile!
Day 1 of the workshop will take place Tuesday, June 25th at the Herbert C. Hoover Building, 1401 Constitution Ave, NW, Washington, DC. The opening plenary will feature expert panels that explore organizational data governance and management approaches and challenges as well as insights for updating the NIST Privacy Framework. Following the plenary, participants can provide their feedback and perspectives during separate breakout sessions for the Privacy Framework 1.1 update and the DGM Profile. For those unable to attend in-person, virtual access to the plenary and breakout sessions can be selected during registration.
Please note, day 2 of the workshop will take place Wednesday, June 26th with virtual only breakout sessions. Each breakout session will repeat the same topics to accommodate maximum participation from different time zones.
Registration is free and required for this event, whether you plan to attend in-person or virtually. We encourage in-person attendance. Event registration, agenda, and other workshop information is available here.
If you have any questions, please email us at [email protected].
We look forward to seeing you in June!
Best,
NIST Privacy Framework Team
Travelers Beware: Targeting of Travel-Related Organizations and Third Parties
Memorial Day is often referred to as the unofficial start of the summer season, and for many, the upcoming summer means increased reservations or transactions for travelers. Travel-related organizations, such as transportation and lodging, fall under the 16 essential critical infrastructure sectors and may have vital dependencies on other sectors. Travelers create online accounts and share personally identifiable information (PII), financial information, and passport numbers with popular travel-related organizations and their third parties, which are at risk of data breaches. The NJCCIC highlights two major critical infrastructure sectors impacted by travel, recent data breaches, and recommendations to help protect online accounts and data to reduce cyber risk.
The Transportation Systems sector and its subsectors ensure the continuity of operations for people and goods moving quickly and safely throughout the country and internationally by airplane, car, boat, railroad, bus, and more. In 2023, Pilot Credentials, a portal managing applications for various airlines, including American Airlines and Southwest Airlines, was targeted in a cyberattack, resulting in compromised data, including names, dates of birth, Social Security numbers, driver’s license numbers, and passport information. In January, Medusa ransomware operators disrupted the Kansas City Area Transportation Authority (KCATA). They updated its data leak site with allegedly exfiltrated data of KCATA’s registered members and pass holders, including personal and payment information. The US Department of Transportation (DOT) is also investigating the data security and privacy policies of the top 10 US airlines, including American, Delta, Frontier, Southwest, and United. DOT intends to review whether airlines are properly safeguarding customer information and are unfairly monetizing or sharing it with third parties.
The Commercial Facilities sector and its subsectors include lodging, such as hotels, motels, conference centers, RV parks, and campgrounds. This sector also consists of sites that draw large crowds of people and tourists, including retail centers and districts, shopping malls, movie theaters, casinos, theme and amusement parks, aquariums, zoos, museums, and sporting arenas. In 2023, MGM Resorts International experienced a cyberattack impacting its hotels and casinos. An unauthorized third party obtained customers’ personal information, including names, phone numbers, email addresses, postal addresses, gender, dates of birth, and driver’s license numbers. Social Security numbers or passport numbers were affected for some customers. Additionally, threat actors targeted hotels contracted with the Booking.com platform and executed a sophisticated phishing campaign against hotel guests. Once the hotel’s property management portal account credentials were acquired, the threat actors gained access to guest information accumulated over an extended period.
In March, the Daixin ransomware group stole data in the Omni Hotels & Resorts cyberattack. The impacted information included names, email addresses, mailing addresses, and select guest loyalty program information dating back to 2017. Recently, pcTattletale, a consumer-grade spyware app, was found on the check-in systems of at least three Wyndham Hotels & Resorts. The spyware stealthily and continuously captured screenshots of guest and reservation details from two hotel booking systems, Booking.com and Sabre.
Data security, privacy policies, and security awareness training are of the utmost importance to help safeguard this sensitive information from data breaches. Travelers are advised to proactively identify and counteract the risk of data breaches, potentially resulting in social engineering schemes, account compromise, fraudulent transactions, identity theft, and further malicious cyber activity. The Cyber Safe Travel Tips NJCCIC Product provides more details about the security of devices, accounts, networks, vehicles, and international travel.
Recommendations
- Participate in security awareness training to provide a strong line of defense and identify red flags in potentially malicious communications.
- Use strong, unique passwords and enable multi-factor authentication, choosing authentication apps or hardware tokens over SMS text-based codes.
- Navigate directly to legitimate websites and verify websites before submitting account credentials or providing personal or financial information.
- Reduce your digital footprint so threat actors cannot easily target you.
- Keep systems up to date and apply patches after appropriate testing.
- Employ tools such as haveibeenpwned.com to determine if your PII has been exposed via a public data breach.
Disrupting Availability: DDOS/DOS Attacks
Distributed denial-of-service (DDOS) attacks have a low barrier to entry, as DDOS-for-hire services allow quick and often anonymous purchases to attack a specified target. These attacks typically rely on a vast network of compromised computers, known as botnets, to flood a system simultaneously with traffic or requests to disrupt the availability of services. The Internet Archive is one of the most recent victims of a DDOS attack. While access to their usual services was disrupted, the Internet Archive confirmed that no data was stolen in the attack. |
State governments recently fell victim to DDOS attacks. The Alabama government and the Pennsylvania court’s websites were temporarily knocked offline. Although government services were disrupted, no ransom was requested, no attackers claimed responsibility for the attacks, and no data was stolen. |
In April, a DDOS attack disrupted STAAR testing. All Klein Forest High School campuses were affected district-wide, including 6,891 students taking their STAAR tests on April 16 and 17,298 students on April 17. These disruptions caused 3,700 test-takers to be locked out and were forced to restart between the two days. The student who caused the attack allegedly utilized a DDOS-for-hire service. |
Gaming servers are not entirely safe against DDOS attacks. Earlier this month, Final Fantasy servers were flooded with traffic over a few days, preventing users from accessing the online game. Users were receiving a 90002 error upon attempting to select a character. The error appears when connection interference or issues with the game’s servers occur. Some users even shared that they were kicked off the servers due to the overloaded system. |
Denial of service (DOS) attacks are often seen on a much smaller scale and with less severe results. These attacks usually involve one computer but may use a small number of computers to overwhelm a target with traffic. Researchers recently discovered a type of self-perpetuating DOS loop that targets application-layer messaging. These loops can create traffic volumes and are difficult to stop once set in motion. In one variation of this type of disruption, an attacker could overload a vulnerable server by creating many loops with additional loops to target a singular target server. Eventually, the host bandwidth or computational resources will be depleted. To date, a DOS loop has never been observed in an attack; however, researchers are concerned about the impact and potential fallout of an estimated 300,000 compromised hosts if propagated. |
Recommendations |
Monitor network traffic, checking for any abnormal increases that could indicate the beginning of a DDOS attack. Regularly check for and remediate exploitable security flaws and vulnerabilities. Distribute servers and critical data in different data centers to ensure they are on separate networks with diverse paths. Keep all devices patched with the latest security updates. Review the DDOS Attack Types and Mitigation Strategies NJCCIC Product for more information on DDOS attacks. |
NCCoE Releases Draft NIST SP 1800-36, Trusted IoT Onboarding
The NIST National Cybersecurity Center of Excellence (NCCoE) has released Draft NIST Special Publication (SP) 1800-36, Trusted Internet of Things (IoT) Device Network-Layer Onboarding and Lifecycle Management. The comment period is open until July 30, 2024.
About the Project
Provisioning network credentials to IoT devices in an untrusted manner leaves networks vulnerable to having unauthorized IoT devices connect to them. It also leaves IoT devices vulnerable to being taken over by unauthorized networks. Instead, trusted, scalable, and automatic mechanisms are needed to safely manage IoT devices throughout their lifecycles, beginning with secure ways to provision devices with their network credentials—a process known as trusted network-layer onboarding. Trusted network-layer onboarding, in combination with additional device security capabilities, such as device attestation, application-layer onboarding, secure lifecycle management, and device intent enforcement, could improve the security of networks and IoT devices.
To help organizations protect both their IoT devices and their networks, the NCCoE collaborated with 11 IoT product and service providers. This joint effort resulted in the development of five functional technology solutions for trusted network-layer onboarding, as well as two factory provisioning builds, detailed in the practice guide.
Submit Your Comments
The public comment period for the draft is open until 11:59 p.m. EST on July 30, 2024. Visit the NCCoE IoT Onboarding project page for the draft publication and comment form.
Contribute
If you have expertise in IoT and/or network security and would like to help shape this or future projects, please consider joining the IoT Onboarding Community of Interest (COI). You can become a COI member by completing the sign-up form on our project page here.
Comment Now
Vulnerability in Check Point Security Gateways Could Allow for Credential Access
A vulnerability has been discovered in Check Point Security Gateway Products that could allow for credential access. A Check Point Security Gateway sits between an organization’s environment and the Internet to enforce policy and block threats and malware. Successful exploitation of this vulnerability could allow for credential access to local accounts due to an arbitrary file read vulnerability. Other sensitive files such as SSH keys and certificates may also be read. Depending on the privileges associated with the accounts, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Local accounts that are configured to have fewer rights on the system could be less impacted than those that operate with administrative rights. |
Threat Intelligence Check Point is aware that an exploit for CVE-2024-24919 exists in the wild and is being actively exploited. Additionally, the Norwegian cybersecurity organization mnemonic has reported observing threat actors extracting ntds.dit, a store of Active Directory hashes on a Domain Controller, from compromised customers within 2-3 hours after logging in with a local user. |
Systems Affected |
Quantum Security Gateway and CloudGuard Network Security prior to R81.20, R81.10, R81, R80.40 Quantum Maestro and Quantum Scalable Chassis prior to R81.20, R81.10, R80.40, R80.30SP, R80.20SP Quantum Spark Gateways prior to R81.10.x, R80.20.x, R77.20.x |
Risk Government: – Large and medium government entities: High – Small government entities: High |
Businesses: – Large and medium business entities: High – Small business entities: High |
Home Users: Low |
Recommendations |
Apply the updates provided by Check Point to vulnerable systems immediately after appropriate testing. Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. |
References Check Point: https://support.checkpoint.com/results/sk/sk182336 https://blog.checkpoint.com/security/enhance-your-vpn-security-posture/ |
Microsoft Security Public Webinars
Register now > |
June 05 – Microsoft Purview | Collecting Copilot Interactions using Purview eDiscovery June 06 – Microsoft Defender for Cloud | What’s New in Microsoft Defender for Cloud Container Security June 12 – Azure Network Security | Azure Firewall Integration in Microsoft Copilot for Security June 13 – Microsoft Defender for Cloud | Shift Left with Microsoft Defender for Cloud June 20 – Microsoft Defender for Cloud | Elevate Cloud Security Using Permissions Management in Microsoft Defender for Cloud June 25 – Microsoft Defender for Cloud | New Version for File Integrity Monitoring |
Multiple Vulnerabilities in Progress Telerik Report Server Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in Progress Telerik Report Server, which could allow for remote code execution. Telerik Report Server provides centralized management for Progress’ business intelligence reporting suite through a web application. Successful chain exploitation of these vulnerabilities could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Services whose accounts are configured to have fewer rights on the system could be less impacted than those who operate with administrative rights. |
Threat Intelligence According to open source reports, a proof-of-concept was posted on GitHub. There are currently no other reports of these vulnerabilities being exploited in the wild. |
Systems Affected |
Progress Telerik Report Server versions prior to 2024 Q2 (10.1.24.514) |
Risk Government: – Large and medium government entities: High – Small government entities: Medium |
Businesses: – Large and medium business entities: High – Small business entities: Medium |
Home Users: Low |
Recommendations |
Apply appropriate updates provided by Progress to vulnerable systems immediately after appropriate testing. Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. Architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a DMZ to contain any internet-facing services that should not be exposed from the internal network. Configure separate virtual private cloud (VPC) instances to isolate critical cloud systems. |
Proof-of-Concept: https://github.com/sinsinology/CVE-2024-4358 https://summoning.team/blog/progress-report-server-rce-cve-2024-4358-cve-2024-1800 |
First NIST Cybersecurity Framework Community Profiles Workshop
The NIST NCCoE is hosting a Community Profiles Workshop on June 20, 2024, at 2:00 P.M. ET.
Since the NIST Cybersecurity Framework (CSF) was first released in 2014, the CSF has been used by communities with shared interests in cybersecurity risk management. They developed what CSF 2.0 terms “Community Profiles” to describe the ways various organizations have used CSF Profiles to develop cybersecurity risk management guidance that applies to multiple organizations, as well as to differentiate them from Organizational Profiles that are not shared publicly. A Community Profile can be thought of as guidance for a specific community that is organized around the common taxonomy of the CSF.
During this workshop, participants will:
- Learn from communities that have successfully developed Community Profiles
- Hear what the NCCoE learned from the recent comment period on the Community Profiles Guide
- Share input regarding Community Profiles and influence future NIST guidance in this area
If you have any questions about this event, please reach out to our team at [email protected].