Author: blogmirnet

NIST will convene a hybrid symposium on September 24-25, 2024, in Washington, D.C., to discuss recent efforts by the NIST AI Innovation Lab (NAIIL) to help unleash artificial intelligence (AI) innovations in ways which enable trust. 

Participants will learn about recent and ongoing efforts, and contribute to NIST’s vision for the work ahead, including opportunities to expand its collaborations with the AI community. Responsible for a variety of NIST’s AI efforts and headquartered within the agency’s Information Technology Laboratory, NAIIL advances AI measurement methods and guidelines, including their incorporation into international standards. 

The 1.5 day event will take place at The George Washington University in Washington, D.C. Limited in-person and unlimited remote participation is available. The symposium will feature discussions about the most recent developments and next steps in key issues relating to AI innovation and trust. Sessions will build on NIST’s past, ongoing, and planned efforts.

For more information and to register: https://www.nist.gov/news-events/events/2024/09/unleashing-ai-innovation-enabling-trustRegister Now

In this post, we talk with Dr. Xiaowei Huang, Dr. Yi Dong, Dr. Mat Weldon, and Dr. Michael Fenton, who were winners in the UK-US Privacy-Enhancing Technologies (PETs) Prize Challenges. We discuss implementation challenges of privacy-preserving federated learning (PPFL) – specifically, the areas of threat modeling and real world deployments.

In research on PPFL, the protections of a PPFL system are usually encoded in a threat model that defines what kinds of attackers the system can defend against. Some systems assume that attackers will eavesdrop on the system’s operation but won’t be able to affect its operation (a so-called honest but curious attacker), while others assume that attackers may modify or break the system’s operation (an active or fully malicious attacker). Weaker attackers are generally…

Read the Blog

Build the skills you need to create new opportunities and accelerate your understanding of Microsoft Cloud technologies at a free Microsoft Security Virtual Training Day from Microsoft Learn. Join us at Defend Against Threats with Extended Detection and Response to learn how to better protect apps and data in Microsoft 365 Defender, Microsoft Defender for Endpoint, and Microsoft Sentinel. You’ll get an in-depth view into attack disruption, incidents and alerts, and best practices for investigation and incident management. You will have the opportunity to: Learn how to investigate, respond to, and hunt for threats using Microsoft Defender and Microsoft Sentinel. Understand how integrating Microsoft 365 Defender and Microsoft Sentinel enhances security and response time. Discover how to help mitigate threats across your entire infrastructure with Microsoft Security tools and solutions. Join us at an upcoming Defend Against Threats with Extended Detection and Response event: September 17, 2024 | 12:00 PM – 3:15 PM | (GMT-05:00) Eastern Time (US & Canada) Delivery Language: English Closed Captioning Language(s): English

REGISTER TODAY >

When we need to show proof of identity, we might reach for our driver’s license — or perhaps, sooner than many of us imagine, we may opt for a digital credential stored on a smartphone. To ensure we can use both novel and time-tested methods to prove our identities securely when accessing essential services, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has updated its draft digital identity guidance. 

The draft Digital Identity Guidelines (NIST Special Publication [SP] 800-63 Revision 4 and its companion publications SPs 800-63A, 800-63B and 800-63C) have been updated to reflect the robust feedback that NIST received in 2023 as part of a four-month-long comment period and yearlong period of external engagement.

Read More

September 26^th (Conference & Workshop)
@ Microsoft Technology Center – 11 Times Square, NYC

---

The 2024 NY Metro Joint Cyber Security Conference will be held on September 26th, celebrating our 11th year featuring keynotes, panels and sessions aimed at educating everyone on the various aspects of information security and technology. Workshops featuring in-depth extended classroom-style educational courses to expand your knowledge and foster security discussions will take place virtually post-conference. As co-chair of this event I invite you to join us. I will be speaking at the event Conference link is InfoSecurity.NYC (nymjcsc.org) Workshop links should go to https://infosecurity.nyc/workshop.htm InfoSecurity.NYC: Who We Are The New York Metro Joint Cyber Security Conference is a collaborative event cooperatively developed, organized and sponsored by the leading information security industry organizations and chapters. Driven by the collaboration between members of this coalition, the strength of organizational membership, the provision of desirable CPE credits and the concurrence of National Cyber Security Awareness Month, the NYMJCSC was — once again — well-attended by members of the information technology, information security, audit, academic, and business communities.

You can register here

For the Conference https://infosecurity-nyc-2024.eventbrite.com

For the Workshops: 2024 NY Metro Joint Cyber Security Workshops Tickets, Fri, Sep 27, 2024 at 8:30 AM | Eventbrite

• Verify discovered an Android package, “Showcase.apk,” with excessive system privileges, including remote code execution and remote package installation capabilities, on a very large percentage of Pixel devices shipped worldwide since September 2017
  
• The application downloads a configuration file over an unsecure connection and can be manipulated to execute code at the system level
  
• The application retrieves the configuration file from a single US-based, AWS-hosted domain over unsecured HTTP, which leaves the configuration vulnerable and can makes the device vulnerable
  
• The app vulnerability leaves millions of Android Pixel devices susceptible to man-in-the-middle (MITM) attacks, giving cybercriminals the ability to inject malicious code and dangerous spyware
  
• Cybercriminals can use vulnerabilities in the app’s infrastructure to execute code or shell commands with system privileges on Android devices to take over devices to perpetrate cybercrime and breaches
  
• Removal of the app is not possible through a user’s standard uninstallation process, and at this time, Google has not offered a patch for the vulnerability
  
• It appears that Showcase.apk is preinstalled in Pixel firmware and included in Google’s OTA image for Pixel devices
  
• The app is not enabled by default, but there might be multiple methods to enable it. The iVerify research team investigated one method requiring physical access

Read the Full Details Here

The NIST National Cybersecurity Center of Excellence (NCCoE) has released the fourth version of our preliminary draft practice guide, Implementing a Zero Trust Architecture (NIST SP 1800-35), for public comment. This publication outlines results and best practices from the NCCoE effort to work with 24 vendors to demonstrate end-to-end zero trust architectures.

As an enterprise’s data and resources have become distributed across on-premises and multiple cloud environments, protecting them has become increasingly challenging. Many users need options to access information across the globe, at all hours, across devices. The NCCoE is addressing these unique challenges by collaborating with industry participants to demonstrate 17 sample zero trust architecture implementations (applied to a conventional, general-purpose enterprise IT infrastructure).

Detailed technical information for each sample implementation can serve as a valuable resource for technology implementers by providing models they can replicate. The lessons learned from the implementations and integrations can help organizations save time and resources.

Starting with this release, we are introducing our traditional NIST SP 1800-35 document in two formats; one “High-Level Document in PDF Format” and one “Full Document in Web Format.”

The document in PDF format is meant to serve as introductory reading with insight into the project effort (since it provides a high-level summary of project goals, reference architecture, various ZTA implementations, and findings).

The web format document provides in-depth details about technologies leveraged, their integrations and configurations, and the use cases and scenarios demonstrated. It also contains information on the implemented security capabilities and their mappings to the NIST Cybersecurity Framework (CSF) versions 1.1 and 2.0, NIST SP 800-53r5, and security measures outlined in “EO-Critical Software” under Executive Order 14028.

We Want to Hear from You!

We welcome your input and look forward to your comments by September 30, 2024. We also invite you to join our mailing list to receive news and updates about this project.  

Comment Now

---

5G technology for broadband cellular networks will significantly improve how humans and machines communicate, operate, and interact in the physical and virtual world. 5G provides increased bandwidth and capacity, and low latency. However, professionals in fields like technology, cybersecurity, and privacy are faced with safeguarding this technology while its development, deployment, and usage are still evolving.

To help, the NIST National Cybersecurity Center of Excellence (NCCoE) has launched the Applying 5G Cybersecurity and Privacy Capabilities white paper series. The series targets technology, cybersecurity, and privacy program managers within commercial mobile network operators, potential private 5G network operators, and organizations using and managing 5G-enabled technology who are concerned with how to identify, understand, assess, and mitigate risk for 5G networks. In the series we provide recommended practices and illustrate how to implement them. All of the capabilities featured in the white papers have been implemented in the NCCoE testbed on commercial-grade 5G equipment.

We are pleased to announce the following white paper which introduces the series:

Applying 5G Cybersecurity and Privacy Capabilities—Introduction to the White Paper Series

This publication explains what you can expect from each part of the series: information, guidance, recommended practices, and research findings for a specific technical cybersecurity or privacy-supporting capability available in 5G systems or their supporting infrastructures.

Simultaneously, we are also publishing the first technical white paper of the series:

Protecting Subscriber Identifiers with Subscription Concealed Identifier (SUCI)

This publication describes enabling SUCI protection, an optional capability new in 5G which provides important security and privacy protections for subscribers. 5G network operators are encouraged to enable SUCI on their 5G networks and subscriber SIMs and to configure SUCI to use a non-null encryption cipher scheme; this provides their customers with the advantages of SUCI’s protections.

Feedback Wanted

We welcome your input and look forward to your comments by September 16, 2024. We invite you to join the 5G Community of Interest (COI) and we’ll notify you when a paper in the series is being released. 

Coming Soon: Using Hardware-Based Security to Ensure 5G System Platform Integrity Whitepaper!

Download and Comment Now

Build the skills you need to create new opportunities and accelerate your understanding of Microsoft Cloud technologies at a free Microsoft Security Virtual Training Day from Microsoft Learn. Join us at Security, Compliance, and Identity (SCI) Fundamentals to master the basics of SCI. You’ll learn about identity and access management while exploring compliance management fundamentals and solutions. Learn the technical skills, knowledge, and insights you need to help protect people and data in your organization with comprehensive Microsoft Security solutions. After completing this training, you’ll be eligible to take the Security, Compliance, and Identity Fundamentals certification exam at 50% off the exam price. You will have the opportunity to: Dive into comprehensive threat prevention, detection, and response capabilities in Microsoft Defender. Discover the latest identity and access innovations and how to strengthen your defense strategy with Microsoft Entra. Understand how to protect personal data and stay on top of shifting privacy requirements with Microsoft Priva. Learn more about governance, protection, and compliance solutions for your organization’s data with Microsoft Purview. See how to uncover sophisticated threats and respond decisively with Microsoft Sentinel. Jump-start preparation for the Microsoft Security, Compliance, and Identity Fundamentals certification exam. Join us at an upcoming two-part Security, Compliance, and Identity Fundamentals event: Delivery Language: English Closed Captioning Language(s): English
September 12, 2024 | 12:00 PM – 3:15 PM | (GMT-05:00) Eastern Time (US & Canada)  September 13, 2024 | 12:00 PM – 2:30 PM | (GMT-05:00) Eastern Time (US & Canada)   September 24, 2024 | 12:00 PM – 3:15 PM | (GMT-05:00) Eastern Time (US & Canada)  September 25, 2024 | 12:00 PM – 2:30 PM | (GMT-05:00) Eastern Time (US & Canada)

Visit the Microsoft Virtual Training Days website to learn more about other event opportunities.

Ransomware remains a prevalent threat as threat actors use extortion tactics to pressure victim organizations to pay the ransom. They deny access to encrypted files, steal data, and threaten a data breach by posting on public ransomware leak sites or releasing the stolen data to regulators, clients, or patients. The NJCCIC continues to receive reports of ransomware incidents impacting New Jersey public sector organizations, including local governments and educational institutions, and private sector organizations, including healthcare, manufacturing, construction, and third-party vendors providing critical services and resources to organizations.

For the first half of 2024, ransomware incidents reported to the NJCCIC included Akira, Play, Qilin, INC, and Clop ransomware; however, LockBit 3.0 (Black) ransomware dominated the cyber threat landscape. Threat actors exploited vulnerabilities to infiltrate systems and networks by targeting organizations running a virtual private network (VPN) service, primarily lacking proper MFA implementation. Other reported points of entry were users clicking on phishing and malvertising links.

Once threat actors gained unauthorized access, they infiltrated the target organization, gained access to internal systems, and moved laterally to other critical systems. Once they exfiltrated data, they encrypted systems and servers, shutting down access to essential services and files containing personally identifiable information (PII) and financial information. Other impacted systems and information included emergency communications, transportation, human resources, employee records, payroll, and student information. Additionally, the ransomware incidents affected onsite backups; therefore, victim organizations had to resort to offsite backups, if available and viable for restoration.

Heading into the second half of 2024, the NJCCIC has received similar ransomware reports of LockBit 3.0 (Black) and Rhysida ransomware as threat actors continue targeting public sector organizations and phishing for PII and VPN credentials.

Recommendations

Establish a comprehensive data backup plan that includes regularly performing scheduled backups, keeping an updated copy offline in a separate and secure location, and testing it regularly. Avoid clicking links, responding to, or otherwise acting on unsolicited emails. Keep systems up to date and apply patches after appropriate testing. Use strong, unique passwords for all accounts and enable MFA where available, choosing authentication apps or hardware tokens over SMS text-based codes. Utilize network segmentation to isolate valuable assets and help prevent the spread of ransomware and malware. Enforce the principle of least privilege, disable unused ports and services, and use web application firewalls (WAFs). Maintain robust and up-to-date endpoint detection tools on every endpoint. Consider leveraging behavior-based detection tools rather than signature-based tools. Report ransomware and other malicious cyber activity to the FBI’s IC3 and the NJCCIC.