Microsoft.Source Newsletter | Issue 57

Microsoft.Source Newsletter | Issue 57
See the latest ideas and projects from the global developer community. If someone forwarded you this newsletter and you want to receive future issues, sign up. This month’s Microsoft.Source delves into the synergy between open-source software (OSS) and Microsoft technologies.  
Resources Learn new skills with step-by-step guidance, learning paths and modules.
 
Featured Documentation Explore Azure OpenAI Service Updates in Detail >
Create advanced Copilot experiences using the Assistants API preview. Discover new models for GPT-4 Turbo (preview), GPT-3.5 Turbo, fine-tuning, and text-to-speech.  
What’s New

Blog Microsoft and Open-Source Software >
Discover Microsoft technologies that are open source, check out repos on GitHub, and learn about tools you can use for your own open-source projects. (in English)   Documentation How to deploy Mistral models with Azure AI Studio >
Microsoft is partnering with Mistral AI to bring its Large Language Models to Azure. Mistral AI offers two categories of models in Azure Machine Learning studio.  
Blog Python in Visual Studio Code – March 2024 Release > See what’s included in the March 2024 release of the Python and Jupyter extensions for Visual Studio Code. (in English)  
Events See local events >

Microsoft Build Microsoft Build / May 21 – 23 / Seattle >
Learn from experts, get hands-on with AI, and make connections with peers, Microsoft engineers, and industry leaders.  
Open Source Summit Open Source Summit / April 16 – 18 / Seattle >
Open Source Summit is the premier event for open source developers, technologists, and community leaders to collaborate, share information, solve problems.  
On demand Getting Started with the Fluent UI Blazor Library / On demand >
This Open at Microsoft episode provides an overview of the Fluent UI Blazor library and how to leverage its open-source set of Blazor components.  
On demand Build Your Own Copilot with Azure AI Studio / On demand >
Learn how to use Azure AI studio to create, manage, and deploy AI solutions with Azure OpenAI Service.  
On demand Architecting IoT applications with .NET and Meadow / On demand >
Get your next IoT project started to enable flexible hardware design and platform support, including Meadow Feather, Raspberry Pi and desktop.  
Learning
Code Sample Code Sample: Simple Chat Application using Azure OpenAI >
Build a Python Quart microframework app that streams responses from ChatGPT to an HTML/JS frontend using JSON Lines over a ReadableStream interface.  
Microsoft Copilot Transform your work with Microsoft Copilot >
Learn about Microsoft Copilot and find out how to extend it or build your own Copilot experiences with this content on Microsoft Learn.  
Cloud Skills Challenge Microsoft Learn AI Skills Challenge >
This immersive challenge will help you gain the skills, confidence, and Microsoft Credentials needed to excel in the era of AI.  

Microsoft 365 Virtual Training Day: Prepare Your Organization for Microsoft Copilot for Microsoft 365

Build the skills you need to create new opportunities and accelerate your understanding of Microsoft Cloud technologies at a free Microsoft 365 Virtual Training Day from Microsoft Learn. Join us at Prepare Your Organization for Microsoft Copilot for Microsoft 365 to learn how to implement AI to help ignite creativity, enhance productivity, and strengthen computing and collaboration skills. You’ll learn about the capabilities of Copilot, including how it works, how to configure it, and how to set it up for more powerful searches. You’ll also explore how Copilot works with Microsoft Graph—and your existing Microsoft 365 apps—to provide intelligent, real-time assistance. You will have the opportunity to: Understand the key components of Copilot for Microsoft 365 and how it works. Learn how to extend Copilot with plugins. Get guidance on completing the necessary Copilot technical and business requirements to prepare for implementation. Learn how to assign Copilot licenses, prepare your organization’s Microsoft 365 data for Copilot searches, and create a Copilot Center of Excellence. Join us at an upcoming Prepare Your Organization for Microsoft Copilot for Microsoft 365 event:
April 22, 2024 | 12:00 PM – 2:00 PM | (GMT-05:00) Eastern Time (US & Canada)


Delivery Language: English
Closed Captioning Language(s): English

Register Here

Beware of AI Tax Scams

With Tax Day quickly approaching, many taxpayers may feel stressed as they work to file their tax returns promptly and accurately. During this time, cybercriminals may exploit this human vulnerability and leverage the rapid advancement and increase in artificial intelligence (AI) and deepfakes . They continue to explore ways to steal and use your information, including personally identifiable information (PII), financial information such as W-2s and banking information, login account credentials, and other sensitive information. Once information is captured or stolen, threat actors can use it to impersonate their victims, file fraudulent tax returns on their behalf, and steal their tax refunds. They can also use the information for other identity theft and fraud schemes.
Threat actors use social engineering tactics, AI-generated deepfakes, and voice cloning technologies to impersonate legitimate and trusted tax authorities, including the Internal Revenue Service (IRS) and tax preparation services, by stealing and using their branding, logos, and interfaces. They target vulnerable people through email, phone, text messaging, and social media platforms to trick them into disclosing their information and initiating fraudulent transactions. For example, threat actors may claim a tax refund is due or send information to track the status of tax refunds via phishing emails or text messages with links that, if clicked, direct targets to spoofed IRS websites. Additionally, threat actors may claim via phone that their target did not pay taxes or filed them incorrectly and now owes the IRS for back taxes. They may also threaten arrest or legal action if the fictitious debt is not paid immediately via wire transfer, gift cards, or pre-paid debit cards.
Threat actors also create highly sophisticated phishing emails with AI-generated content to convince their targets to divulge sensitive information or visit malicious links to spoofed websites of popular online tax preparation software. Additionally, they develop AI-powered fraudulent tax software appearing as legitimate software to lure targets into downloading malicious applications that steal and capture their information. Threat actors also trick their targets by falsely advertising and promoting themselves as legitimate tax preparation services. These scammers, or “ghost tax preparers,” are not certified, but they still prepare and file false and fraudulent tax returns and defraud their clients. They may be quickly established and promise fast or significant tax refunds to entice potential victims. The NJCCIC observed emails containing a link to direct targets to a tax preparer’s website. If clicked, the website displayed its services, including streamlining the tax filing process, and it provided IRS credentials to create a sense of legitimacy. However, upon further inspection and analysis, the link to this website was considered phishing and malicious.

AZORult Malware Distributed HTML Smuggling

Threat actors are using HTML smuggling and fraudulent Google Sites pages to disseminate AZORult in a new malware campaign. AZORult, dubbed PuffStealer and Ruzalto, was first detected in 2016. It searches the desktop for sensitive documents using keywords for extensions and file names and collects browser data and cryptocurrency wallet information. AZORult’s payload has been distributed in phishing, malspam, and malvertising campaigns and is currently targeting the healthcare industry. This campaign is laden with obfuscation and evasion techniques to minimize the chance of detection by anti-malware software.
Researchers found that the HTML smuggling technique employed has AZORult’s malicious JavaScript embedded in a separate JSON file and hosted on an external website. Once the Google Site is visited, a CAPTCHA test is initiated to add a sense of legitimacy for users and protect the malware against URL scanners, such as VirusTotal. After passing the CAPTCHA test, the payload is reconstructed and downloaded to the victim’s machine. The downloaded file is disguised as a PDF file, often appearing as a bank statement to trick users into opening the file. Once launched, it will execute a series of PowerShell scripts. This payload includes ASMI bypass techniques and reflective code loading to bypass host and disk-based detection and minimize artifacts.

Protecting Model Updates in Privacy-Preserving Federated Learning

In our second post we described attacks on models and the concepts of input privacy and output privacy. ln our last post, we described horizontal and vertical partitioning of data in privacy-preserving federated learning (PPFL) systems. In this post, we explore the problem of providing input privacy in PPFL systems for the horizontally-partitioned setting.

Models, training, and aggregation

To explore techniques for input privacy in PPFL, we first have to be more precise about the training process.

In horizontally-partitioned federated learning, a common approach is to…

Read the Blog

NY Metro ISSA Chapter News

As Vice President of the chapter here is

Upcoming NY Chapter Webinars

April 2ndThe Cyber Ranch Podcast, Allan Alford

Register @ https://nymissa-webinar-20240402.eventbrite.com

May 7th, Implementing Zero Trust in an Enterprise, Vinicius Da Costa 

Follow our NY Metro ISSA LinkedIn group for registration details on upcoming events. [We are open to suggestions for topics and/or speakers.]

Ongoing Chapter Activities

SECRT – Security Leaders Round Table 

SECRT is an invitation only series breakfast roundtable with chapters across the US and 1400+ opt-in members. To become part of the SECRT, visit www.secrt.us or contact Mike Melore directly.

Military Transition Bridge into Cybersecurity Career Pathways and Jobs The Cybersecurity Workforce Alliance and iQ4 are under a federal grant to develop workplace cyber/risk skills for Veterans, National Guard, Police, Coast Guard and Correction Services communities. Refer to IQ4/CWA Vets Training Program or contact David Solano for more information.

Empower your team with new skills to build and modernize intelligent apps

  Kickstart AI app innovation at your organization. Get the Building Intelligent Apps: Team Readiness and Skilling Toolkit to learn how to assess your team’s readiness and empower them to start building intelligent apps. Find guidance on creating a plan for success and training resources to help developers build and modernize apps in Azure. Request the toolkit to: See how to foster confidence with in-depth, hands-on learning materials to expand your team’s knowledge and eliminate common barriers to building with AI. Discover ways to overcome hesitation about cost and complexity and remain competitive by equipping your development team to build intelligent apps with AI and advanced technologies. Explore best practices and tools to manage and optimize workloads and get the most from your investment after deployment.  
Get the toolkit 

Apply for Cybersecurity Education and Workforce Development Funding Today

NIST is pleased to announce a new Notice of Funding Opportunity (NOFO) to support Regional Alliances and Multistakeholder Partnerships to Stimulate (RAMPS) cybersecurity education and workforce development. The funding expands the existing RAMPS program* and anticipates awarding an additional fifteen awards of up to $200,000 through cooperative agreements.

As part of the Department of Commerce’s Principles for Highly Effective Workforce Investments and Good Jobs Principles, RAMPS will support the NIST-led NICE program. NICE works with government, academia, and the private sector to advance cybersecurity education and workforce. Effective partnerships will focus on bringing together employers and educators to focus on developing the skilled and diverse workforce to meet industry needs within a local or regional economy. 

Applicants must demonstrate through letters of commitment that, in addition to the applicant, at least one of each of the following types of organizations is committed to being part of the proposed regional alliance:

  • at least one institution of higher education or nonprofit training organization, and
  • at least one local employer or owner or operator of critical infrastructure.

A webinar for interested applicants will be held on April 8, 2024, at 3-4pm Eastern Time to provide general information regarding this funding opportunity, offer general guidance on preparing applications, and answer questions.

Deadline to apply: May 24, 2024

View this funding Opportunity on Grants.gov

HOPE XV will be the fifteenth Hackers On Planet Earth event

The 15th Hackers On Planet Earth (HOPE) conference will be held from July 12-14, 2024. At St. John’s University Queens, NY.

The Call for Participation is now open!

SUBMIT YOUR HOPE PROPOSAL

Talks & Panels

Speaking at HOPE is a magical and unique experience. We encourage people of all backgrounds and experience levels to pursue their ideas for talks. We often have discussions by professors and intelligence experts sharing the schedule with presentations from young people who are just getting started. HOPE is filled with diverse thought, opinion, and experience. That’s why your ideas are welcome here.

We have some tips on making your proposal as good as it can be. The conference will have multiple simultaneous speaker tracks for solo talks, panel discussions, keynotes, and more. Email speakers@hope.net with your completed proposal. If your proposal is accepted, you will hear back from us in the coming weeks. Regardless, we hope to see you in July!

Workshops

Over the three decades of HOPE conferences, workshops have become a big part of what makes HOPE a unique, interactive, and fun experience. Perhaps you have knowledge or skills that are best shared in a hands-on environment. Perhaps you’re presenting a talk and want to give a follow-up workshop for your audience to learn more. We welcome your proposals!

Past HOPE conferences have each hosted several dozens of workshops that were enjoyed by many – in a small room, or large, in a more intimate environment or a large open area. We have tips and guidelines that will help you make your workshop submission more likely to be accepted. Workshops at past HOPE conferences include such diverse topics as: electronics, coding, how to submit FOIA (Freedom of Information) requests, hacking Wi-Fi routers, making tea, dealing with COVID, improving education, music synthesis, brain-computer interfaces, and much more. Send your proposal (one proposal per email!) to workshops@hope.net.

Other

* Villages. The conference has space for groups to set up thematic gathering places for attendees to congregate and socialize. Proposals will have the name of the village and what will be featured there. If you have an idea for a village, email us at village@hope.net.

* Performances. HOPE has settings for music and other performances. If you’re a musician/artist who would like to perform in front of the HOPE crowd, email us at perform@hope.net. Be sure to tell us something about your performance ideas. If you have recorded material, links to that would be very helpful.

* Exhibitions and Installations. We have all kinds of space for art and exhibits. If you have an idea for something that you think could fit in here (such as futuristic art inspired by the hacker and phreak ethos or works that examine society from a technological angle, etc.), email us at artspace@hope.net with details.

* Vendors. For a small fee, vendors with hacker-oriented wares will be able to set up a table and sell to attendees. All vendors are subject to approval by HOPE staff and must be relevant in some way to the hacker community. If you’re interested, email vendors@hope.net for more details.

* More! Your ideas that don’t fit into any of these categories are welcome. Email hope@hope.net and tell us about them. We’re always looking to try something new.

TOPICS OF INTEREST

No matter what part of HOPE you choose to be involved in, you will encounter all sorts of hacker-related themes. If you find yourself interested in any of the topics below, then you’ll definitely have fun at HOPE! And if you have anything you want to share from this small list, we encourage you to submit a speaker and/or workshop proposal using the instructions above.

Programming

Intrusion Methods and Defense

Spying, Counterintelligence, and Tradecraft

Social Engineering

System Architecture, Design, and Circuitry

Social Impacts of Technology

Hacker History

Hacker Morality

Cryptanalysis, Cryptology, Cryptography

Election Security

Artificial Intelligence

Infrastructure

Green Tech

Retrocomputing

Telephony

Ham Radio

Quantum Computing

Censorship

Linux

Biometrics

Anonymity

Engineering

DMCA

Forensics

Net Neutrality

Right to Repair

Cyberterrorism

Biohacking

VPNs

Hackerspaces

Ransomware

Government Institutions

Privacy

SQL Injection

Exploits

Mechanics

Surveillance and Countersurveillance

Coding

Pentesting

Tiger Teaming

Trashing

Bluetooth

Cybercrime

Malware

Military

GDPR

Mesh Networks

Log4J

Blockchains

Whistleblowing

Shodan

Smartphones

Viruses

Robotics

Phreaking

Script Kiddies

Car Hacking

Hacktivism

Piracy

Stuff Not on This List

Learn more Here

Gain insight into the power of AI-driven tools with Microsoft Copilot for Security

Here is free training about AI and Microsoft security tools.

Tuesday, March 26, 2024
11:00 AM Pacific Time / 2:00 PM Eastern Time Stronger identity management is a key element of fortifying your organization’s defenses against security compromises. In this second session of an exclusive four-part webinar series, you can learn how AI-driven tools in Microsoft Copilot for Security and Microsoft Entra help simplify endpoint security with proactive measures. Experts will cover how to: Identify and mitigate identity risks Troubleshoot daily identity tasks Strengthen security access in the era of AI Don’t miss your chance to elevate your security defenses—register now.
 
Microsoft Copilot for Security Beyond Basics: Reduce Identity Risk with AI
 
Register now >