Here is free training about AI and Microsoft security tools.
Tuesday, March 26, 2024 11:00 AM Pacific Time / 2:00 PM Eastern Time Stronger identity management is a key element of fortifying your organization’s defenses against security compromises. In this second session of an exclusive four-part webinar series, you can learn how AI-driven tools in Microsoft Copilot for Security and Microsoft Entra help simplify endpoint security with proactive measures. Experts will cover how to: Identify and mitigate identity risks Troubleshoot daily identity tasks Strengthen security access in the era of AI Don’t miss your chance to elevate your security defenses—register now.
Microsoft Copilot for Security Beyond Basics: Reduce Identity Risk with AI
NIST plans to update NIST IR 7621 Rev. 1, Small Business Information Security: The Fundamentals and is issuing this Pre-Draft Call for Comments to solicit feedback. The public is invited to provide input by 12:00 p.m. ET on May 16, 2024. Details Since NIST IR 7621 Revision 1 was published in November of 2016, NIST has developed new frameworks for cybersecurity and risk management and released major updates to critical resources and references. This revision will focus on clarifying the publication’s audience, making the document more user-friendly, aligning with other NIST guidance, updating the narrative with current approaches to cybersecurity risk management, and updating appendices. Before revising, NIST invites the public to suggest changes that would improve the document’s effectiveness, relevance, and general use to better help the small business community understand and manage their cybersecurity risk. NIST welcomes feedback and input on any aspect of NIST IR 7621 and additionally proposes a list of non-exhaustive questions and topics for consideration: • How have you used or referenced NIST IR 7621? • What specific topics in NIST IR 7621 are most useful to you? • What challenges have you faced in applying the guidance in NIST IR 7621? • Is the document’s current level of specificity appropriate, too detailed, or too general? If the level of specificity is not appropriate, how can it be improved? • How can NIST improve the alignment between NIST IR 7621 and other frameworks and publications? • What new cybersecurity capabilities, challenges, or topics should be addressed? • What topics or sections currently in the document are out of scope, no longer relevant, or better addressed elsewhere? • Are there other substantive suggestions that would improve the document? • Are there additional appendices in NIST IR 7621, or resources outside NIST IR 7621, that would add value to the document? Submit Comments • The comment period closes at 12:00 p.m. ET on May 16, 2024. • View the Pre-Draft Call for Comments. • View the publication. • Submit comments using this comment template to ir7621-comments@nist.gov with “Comments on NIST IR 7621” in the subject field. • Email questions to ir7621-comments@nist.gov.
Malicious copies of popular apps have been discovered on the Apple App Store. These apps are designed to be mistaken for legitimate apps and conduct malicious activity, such as stealing login credentials and other sensitive information. Malicious crypto wallet drainers and password vault impersonations have been reported to target unsuspecting victims and trick them into entering their credentials and crypto seed phrases, allowing threat actors to access their accounts to steal their funds and identities.
Leather warned about a malicious Leather app on the Apple App Store. They emphasized that users should refrain from inputting their secret seed phrases into the fake app and prompted victims to transfer their cryptocurrency into a new wallet to protect user assets from being drained by threat actors. They further advised users that the only legitimate Leather download is available directly from their website. As of March 12, the fake Leather app is no longer available on the Apple App Store.
Similar to Leather, Rabby Wallet does not yet offer an app through the Apple App Store. In addition to the fake versions of Rabby Wallet discovered on the platform in October and December 2023, a malicious crypto drainer app, dubbed Rabby Wallet and Crypto Solution, was uploaded to the Apple App Store in February. Apple has since removed all three cases.
The Apple App Store also approved a malicious imitation of the LastPass app. The fake app, dubbed LassPass, resembled the legitimate app’s branding, logo, and interface. The malicious copycat has since been removed, as it violated Apple’s copycat app guidelines. The persistence of malicious copycat apps and the recurring vulnerabilities in Apple’s app verification process highlight the critical need for more robust app screening procedures to prioritize user safety and security.
NIST plans to develop a new mode of the AES that is a tweakable, variable-input-length-strong pseudorandom permutation (VIL-SPRP) with a reduction proof to the security of the underlying block cipher.
The term “accordion cipher mode” (or “accordion mode”) refers to a mode that acts as a cipher on a range of input sizes. A well-designed accordion mode could potentially provide significant advantages over most of the block cipher modes that NIST currently approves. For example, an accordion mode could provide better resistance to cut-and-paste attacks than CBC, or it could be adapted to provide authenticated encryption with associated data (AEAD) with better properties than GCM, such as resistance to nonce misuse, support for short tags, nonce hiding, and key commitment. An accordion mode could also be adapted to provide key wrapping that is more efficient than KW and KWP.
NIST intends to post preliminary ideas and plans by early April 2024. The goal of the workshop is to solicit public input on the specific requirements for the design and use of an accordion mode and the evaluation criteria in the development process. Potential topics for discussion include:
Parameter lengths for the accordion mode: keys, tweaks, data input
Whether the accordion mode should support an underlying block cipher with 256-bit blocks
Formal security goals for the accordion mode
Requirements and features for the main use cases (e.g., AEAD )
Potential design strategies
Performance targets
Implementation considerations
The development and standardization process
Attendees may submit extended abstracts or slides for a short presentation (up to 10 minutes) for any number of the sessions. Submissions must be provided electronically in PDF format and sent to ciphermodes@nist.gov by May 1, 2024. NIST will post the accepted abstracts and presentations on the workshop website, though no formal proceedings will be published.
Most of the workshop sessions are expected to include a panel discussion or extensive open discussion. Time will also be allotted for impromptu “lightning talks” — brief presentations of recent research results without slides. All sessions and lightning talks will be recorded.
Waivers of the registration fee are available for a limited number of students, but no waivers are available for speakers.
March 22, 2024 | 2:00 PM – 3:00 PM | (GMT-05:00) Eastern Time (US & Canada)
Join us at Microsoft Discovery Hour: Differentiate with AI-Powered Intelligent Apps to discover how to drive competitive advantages using cloud computing, data, and AI. During this free event, you’ll explore ways to modernize, build, deploy, and scale applications with speed, flexibility, and enterprise-grade security using Azure services for AI, containers, and databases. Explore real-life use cases to understand ways to improve customer experiences and open new business opportunities with intelligent applications.
Who should attend:
Chief technology, digital, experience, information, marketing, finance, and security officers
Vice presidents, general managers, and directors of software and application development, engineering, and software architecture
Vice presidents, general managers, and directors of product developmentDuring this event, you’ll be able to:
Get to know the core data, AI, and app technologies used to build intelligent apps.
Identify ways to reimagine and create a robust, modernized app strategy that builds on the architectural foundations of cloud-first applications.
Discover opportunities to create revenue-building products and services based on Azure services.
Here’s what you can expect:
EVENT PRESENTATION
Welcome
How AI is changing what software makes possible
Real-world examples
Reimagining app strategy in the era of AI
Question and answer
Closing
Click here for the Microsoft Event Code of Conduct.
Disclaimer: Microsoft Discovery Hour: Differentiate with AI-Powered Intelligent Apps is open to the public and offered at no cost. Prior to registering for this event, government employees must check with their employers to ensure that their participation is permitted and in accordance with applicable policies and laws.
This Joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) are releasing this updated Joint Cybersecurity Advisory to disseminate known IOCs and TTPs associated with the ALPHV/BlackCat ransomware as a service (RaaS) identified through FBI investigations as recently as February 2024.
This advisory provides updates to the FBI FLASH BlackCat/ALPHV Ransomware Indicators of Compromise released April 19, 2022, and to this advisory released December 19, 2023. ALPHV/BlackCat actors have since employed improvised communication methods by creating victim-specific emails to notify of the initial compromise. Since mid-December 2023, of the nearly 70 leaked victims, the Healthcare and Public Health sector has been the most commonly victimized. This is likely in response to the ALPHV/BlackCat administrator’s post encouraging its affiliates to target hospitals after operational action against the group and its infrastructure in early December 2023.
FBI, CISA, and HHS encourage critical infrastructure organizations to implement the recommendations in the mitigations section of this advisory to reduce the likelihood and impact of ALPHV/BlackCat ransomware and data extortion incidents.
The Federal Bureau of Investigation (FBI), National Security Agency (NSA), US Cyber Command, and international partners are releasing this Joint Cybersecurity Advisory to warn of Russian state-sponsored cyber actors’ use of compromised Ubiquiti EdgeRouters to facilitate malicious cyber operations worldwide.
The FBI, NSA, US Cyber Command, and international partners assess the Russian General Staff Main Intelligence Directorate (GRU), 85th Main Special Service Center (GTsSS), also known as APT28, Fancy Bear, and Forest Blizzard (Strontium), have used compromised EdgeRouters globally to harvest credentials, collect NTLMv2 digests, proxy network traffic, and host spearphishing landing pages and custom tools.
The US Department of Justice, including the FBI, and international partners recently disrupted a GRU botnet consisting of such routers. However, owners of relevant devices should take the remedial actions described in the advisory to ensure the long-term success of the disruption effort and to identify and remediate any similar compromises.
This Joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this Joint Cybersecurity Advisory to disseminate known TTPs and IOCs associated with the Phobos ransomware variants observed as recently as February 2024, according to open-source reporting. Phobos is structured as a ransomware-as-a-service (RaaS) model. Since May 2019, Phobos ransomware incidents impacting state, local, tribal, and territorial (SLTT) governments have been regularly reported to the MS-ISAC. These incidents targeted municipal and county governments, emergency services, education, public healthcare, and other critical infrastructure entities to successfully ransom several million US dollars.
The FBI, CISA, and the MS-ISAC encourage organizations to implement the recommendations in the mitigations section of this advisory to reduce the likelihood and impact of Phobos ransomware and other ransomware incidents.
Subdomain hijacking occurs when threat actors gain control of a subdomain of a legitimate domain by taking over unused or abandoned subdomains or exploiting misconfigured DNS records. They systematically scan for forgotten subdomains with dangling CNAME records of abandoned domains via specific targeting or automated tools. The threat actors then register these subdomains under their ownership to host malicious content or initiate additional attacks, such as hosting phishing landing pages designed to harvest login credentials. Additionally, a DNS SPF record of a known domain may hold unused or abandoned subdomains associated with obsolete email or marketing-related services. Threat actors can take ownership of those subdomains, inject their IP address into the SPF record, and send emails on behalf of the primary domain name.
Since 2022, researchers have tracked a sophisticated subdomain hijacking operation dubbed SubdoMailing . Over 8,000 domains and 13,000 subdomains for legitimate brands and organizations have been impacted, including VMware, McAfee, Symantec, Better Business Bureau, and more. While subdomain hijacking is not new, what is concerning about this operation is the magnitude of identified domains and subdomains already compromised and counting. The impacts of these successful attacks can lead to reputational damage, financial losses, operational disruption, data breaches, phishing and fraud, and malware distribution.
The threat actor behind the SubdoMailing operation, ResurrecAds, leverages trusted domains and a sophisticated distribution architecture to bypass email authentication controls and send millions of spam and phishing emails daily. The emails are designed to appear legitimate and evade detection of standard text-based spam filters by including an image that, if clicked, triggers a series of click-redirects through different domains. The redirects check the device type and geographic location to custom tailor the content and maximize profit, such as malicious advertisements, affiliate links, quiz scams, phishing websites, and malware downloads.
The NJCCIC recommends that domain administrators and site owners utilize Guardio Lab’s SubdoMailing checker tool and website , which is updated daily, to search for impacted domains as detected by their systems. Additionally, the search results of affected domains display details of known abuses, type of hijack, and relevant subdomains and SPF records in need of attention. Furthermore, Guardio Labs offers recommendations, including monitoring all CNAME records, monitoring SPF policies, removing permissive SPF settings, and implementing DMARC. Also, regularly check DNS records for any unauthorized changes or unused or abandoned subdomains, train designated employees about subdomain hijacking to identify unusual changes to DNS records or website traffic, and confirm that third-party servers are not referenced in CNAME records of organization domains before deletion. If feasible, consider registering the domain name as intellectual property to provide legal protection in the event of a hijacking. Also, registrars recently have the option to block the registration of domains with similar appearances, spellings, or otherwise infringement on brand names to protect their trademark and help prevent malicious usage.
We recommend that users and organizations educate themselves and others on these continuing threats and tactics to reduce victimization. Users are advised to refrain from responding to unsolicited communications, clicking links, or opening attachments from unknown senders, and exercise caution with communications from known senders. If unsure of the legitimacy, contact the sender via a separate means of communication, such as by phone, from trusted sources before taking action. If you suspect your PII has been compromised, please review the Identity Theft and Compromised PII NJCCIC Informational Report for additional recommendations and resources, including credit freezes and enabling MFA on accounts. Additionally, we advise reporting suspicious or fraudulent correspondence to the respective entity. Impersonation scams and other malicious cyber activity can be reported to the NJCCIC.
Non-fungible token (NFT) technology provides a mechanism to sell and exchange both virtual and physical assets on a blockchain. While NFTs are most often used for autographing digital assets (associating one’s name with a digital object), they utilize a strong cryptographic foundation that may enable them to regularly support ownership-transferring sales of digital and physical objects. For this, NFT implementations need to address potential security concerns to reduce the risk to purchasers.
This publication:
Defines NFTs
Identifies 11 properties that should be provided by most correctly functioning and secured NFT implementations
Evaluates each property to reveal 27 potential security concerns