Author: blogmirnet

Our first post in the series introduced the concept of federated learning and described how it’s different from traditional centralized learning – in federated learning, the data is distributed among participating organizations, and share model updates (instead of raw data).

What kinds of techniques can we use to build privacy-preserving federated learning systems? It turns out to depend heavily on how the data is distributed. This post defines and explains the different ways data can be distributed, or partitioned, among participants in federated learning systems. Future posts in the series will describe specific techniques applicable in each situation.

Data partitioning schemes describe how data is distributed among participating organizations, as compared to the centralized scheme in which one party holds all the data.

• In a horizontal partitioning scheme, the rows of the data are distributed among the participants.
• In a vertical partitioning scheme, the columns of the data are distributed among the participants. 

Combinations of the two are also possible—we’ll get to those at the end of this post…

Read the Blog

Today, CISA, the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released an update to the joint advisory #StopRansomware: ALPHV Blackcat to provide new indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with the ALPHV Blackcat ransomware as a service (RaaS). ALPHV Blackcat affiliates have been observed primarily targeting the healthcare sector.

CISA, the FBI, and HHS urge network defenders to review the updated joint advisory to protect and detect against malicious activity.

All organizations are encouraged to share information on incidents and anomalous activity to CISA’s 24/7 Operations Center at report@cisa.gov or via our Report page, and/or to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.  For more on ransomware, visit stopransomware.gov.

Microsoft Secure

AI-powered innovations in cybersecurity are reshaping how businesses of every size—and across every industry—secure and protect their data. Join us at the second annual Microsoft Secure digital event to learn how to bring world-class threat intelligence, complete end-to-end protection, and industry-leading, responsible AI to your organization. Register today to: Be among the first to hear about new products, capabilities, and offerings. Get demos on the latest AI-powered innovations. Learn from industry luminaries and influencers.

Microsoft Secure Wednesday, March 13, 2024 9:00 AM–11:00 AM Pacific Time (UTC-8)

Register now >

The initial public draft of NIST Internal Report (IR) 8504, Access Control on NoSQL Databases, is now available for public comment. NoSQL (i.e., “not only SQL” or “non-SQL”) database systems and data stores often outperform traditional relational database management systems (RDBMSs) in various aspects, such as data analysis efficiency, system performance, ease of deployment, flexibility/scalability of data management, and users’ availability. However, with an increasing number of people storing sensitive data in NoSQL databases, access control issues have become a fundamental data protection requirement for database management systems.

This document discusses access control on NoSQL database systems by illustrating the NoSQL database types and their support for access control models. It operates under the assumption that the access control system stores and manages access control data (e.g., subjects, objects, and attributes) in the NoSQL database and describes considerations from the perspective of access control in general.

A public comment period is open through March 15, 2024. See the publication details for a copy of the draft and instructions for submitting comments.

NOTE: A call for patent claims is included on page ii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.

Read More

Companies in major industries such as finance and health care must follow best practices for monitoring incoming data for cyberattacks. The latest internet security protocol, known as TLS 1.3, provides state-of-the-art protection, but complicates the performance of these required data audits. The National Institute of Standards and Technology (NIST) has released a practice guide describing methods that are intended to help these industries implement TLS 1.3 and accomplish the required network monitoring and auditing in a safe, secure and effective fashion.

The new draft practice guide, Addressing Visibility Challenges with TLS 1.3 within the Enterprise (NIST Special Publication (SP) 1800-37), was developed over the past several years at the NIST National Cybersecurity Center of Excellence (NCCoE) with the extensive involvement of technology vendors, industry organizations and other stakeholders who participate in the Internet Engineering Task Force (IETF). The guidance offers technical methods to help businesses comply with the most up-to-date ways of securing data that travels over the public internet to their internal servers, while simultaneously adhering to financial industry and other regulations that require continuous monitoring and auditing of this data for evidence of malware and other cyberattacks.

Read More

The Cybersecurity and Infrastructure Security Agency (CISA) and the Environmental Protection Agency (EPA) jointly released a Water and Wastewater Systems Sector Cybersecurity Toolkit to aid Water and Wastewater Systems Sector stakeholders in bolstering their cybersecurity preparedness across the nation.

To build security and resilience within the Water and Wastewater Systems Sector, CISA works closely with EPA to deliver tools, resources, training and information that can help organizations within this sector. Together, CISA brings technical expertise as the nation’s cyber defense and infrastructure security agency, and EPA offers extensive expertise as the Water and Wastewater Systems Sector Risk Management Agency.

The toolkit includes useful resources, including a newly published Cybersecurity Incident Response Guide, vital CISA and EPA services including free vulnerability scanning assessments, cybersecurity performance goals alignment, cyber hygiene tools, and more.

For more information, please visit: cisa.gov/water.

A Chinese-state-backed hacking group is targeting legacy devices, primarily Cisco routers, to expand its attack infrastructure in a new campaign that marks a notable strategic shift in its threat activity. Volt Typhoon, an emerging advanced persistent threat (APT) group identified last year, is exploiting two known vulnerabilities, CVE-2019-1653 and CVE-2019-1652, to compromise Cisco RV320/325 routers that were discontinued in 2019. Neither vulnerability has a patch available. In its latest campaign, the threat group is leveraging a botnet  of compromised small office/home office (SOHO) devices linked to previous attacks attributed to Volt Typhoon. Notably, Volt Typhoon’s botnet infrastructure communicated with 27 IP addresses that host 69 sites belonging to government entities in the United States, the United Kingdom, and Australia.

New Indicators of Compromise (IOCs) and Shifting Tactics

SecurityScorecard’s STRIKE team released a report detailing their research into the group’s latest campaign after discovering that the group compromised approximately 30 percent of the Cisco RV320-325 routers observed by the team over a 37-day period. Of the 1,116 target devices analyzed, the team identified 325 devices communicating with two IP addresses of known proxies used by Volt Typhoon actors. The threat group is also deploying a custom web shell to maintain access to the compromised devices, which can be identified by the filename “fy.sh.”

Additionally, the STRIKE team uncovered multiple new IP addresses linked to their activity, providing further evidence of the threat group’s intent to develop new attack infrastructure:

45.63.60[.]39 45.32.174[.]131 82.117.159[.]158 46.10.197[.]206 176.102.35[.]175 93.62.0[.]77 194.50.159[.]3 80.64.80[.]169 24.212.225[.]54 208.97.106[.]10 70.60.30[.]222 184.67.141[.]110 89.203.140[.] 246 94.125.218[.]19 183.82.110[.]178 117.239.157[.]74 210.212.224[.]124 49.204.75[.]92 61.2.141[.]161 49.204.75[.]90 114.143.222[.]242 117.211.166[.]22 49.204.65[.]90 49.204.73[.]250

While Volt Typhoon continues to target SOHO devices, which are better for concealing malicious traffic, the group has shifted towards targeting legacy systems. The targeted Cisco routers are currently impacted by 35 vulnerabilities that may be left unaddressed. This tactic represents a significant shift, as focusing on end-of-life devices requires knowledge of older systems and associated vulnerabilities, which may not be widely known.

Advances in cloud performance is paving the way for the acceleration of AI innovations across simulations, science, and industry. And as the complexity of AI models grows exponentially, Microsoft is leveraging a decade of experience in supercomputing and supporting the largest AI training workloads, to develop purpose built and optimized AI infrastructure for any scale. Join this webinar and learn about:  Azure’s proven performance for generative AI advancements across both Microsoft and customers.   Purpose built AI infrastructure design and optimization.   Azure’s AI Infrastructure, combined with our overall AI solution stack, addresses these challenges for customers of all sizes.

Azure webinar series Power AI Innovations with Purpose-Built AI Infrastructure Thursday, January 25, 2024 10:00 AM–11:00 AM Pacific Time Note: If someone forwarded you this e-mail, you won’t be able to use the instant registration link. Register here instead. Registering with the button below will sign you up for this event using the e-mail address where you received this mail as well as the full name, contact information, company, and country you previously provided.

Register instantly >

Synopsis As we seek to attract underrepresented communities for the cybersecurity workforce, a demographic that is often overlooked and underserved are Americans who live in the rural and remote areas of the United States.  While rural America has become more economically diverse and access to information technology has improved in recent years, learners in rural areas still experience challenges as compared to their urban counterparts.  The challenges include limited broadband access, limited access to quality education and training, sparse job opportunities, lack of economic diversity, and transportation or community barriers*.  However, as rural broadband access improves, access to online learning content becomes ubiquitous, and remote work or telework becomes more prevalent, it seems that rural Americans represent an untapped resource for addressing the cybersecurity workforce needs of employers.  This webinar will explore promising practices and policies for expanding access and opportunity for rural Americans to pursue cybersecurity careers. *Source: Navigating Challenges Faced by Rural American job Seekers: A Comprehensive Guide (Center for Workforce Inclusion, August 22, 2023) Register Here

Multiple vulnerabilities have been discovered in VMware vCenter Server and Cloud Foundation, the most severe of which could allow for remote code execution. VMware vCenter Server is the centralized management utility for VMware. VMware Cloud Foundation is a multi-cloud platform that provides a full-stack hyperconverged infrastructure (HCI) that is made for modernizing data centers and deploying modern container-based applications. Successful exploitation of these vulnerabilities could allow for remote code execution in the context of the administrator account. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Threat Intelligence VMware is aware of confirmed reports that CVE-2023-34048 has been exploited in the wild.

Systems Affected

VMware vCenter Server versions prior to 8.0U2 VMware vCenter Server versions prior to 8.0U1d VMware vCenter Server versions prior to 7.0U3o VMware Cloud Foundation (VMware vCenter Server) versions prior to KB88287

Risk Government: – Large and medium government entities: High – Small government entities: Medium

Businesses: – Large and medium business entities: High – Small business entities: Medium

Home Users: Low

Technical Summary Multiple vulnerabilities have been discovered in VMware vCenter Server and Cloud Foundation, most severe of which could allow for remote code execution.

Recommendations

Apply appropriate updates provided by VMware to vulnerable systems immediately after appropriate testing. Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. Prevent access to file shares, remote access to systems, unnecessary services. Mechanisms to limit access may include use of network concentrators, RDP gateways, etc. Use intrusion detection signatures to block traffic at network boundaries. Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring.

References VMware: https://www.vmware.com/security/advisories/VMSA-2023-0023.html

SecurityWeek: https://www.securityweek.com/vmware-vcenter-server-vulnerability-exploited-in-wild/

Mandiant: https://www.mandiant.com/resources/blog/chinese-vmware-exploitation-since-2021

CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34048 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34056