Author: blogmirnet

Build the skills you need to create new opportunities and accelerate your understanding of Microsoft Cloud technologies at a free Microsoft 365 Virtual Training Day from Microsoft Learn. Join us at Prepare Your Organization for Microsoft Copilot for Microsoft 365 to learn how to implement AI to help ignite creativity, enhance productivity, and strengthen computing and collaboration skills. You’ll learn about the capabilities of Copilot, including how it works, how to configure it, and how to set it up for more powerful searches. You’ll also explore how Copilot works with Microsoft Graph—and your existing Microsoft 365 apps—to provide intelligent, real-time assistance. You will have the opportunity to: Understand the key components of Copilot for Microsoft 365 and how it works. Learn how to extend Copilot with plugins. Get guidance on completing the necessary Copilot technical and business requirements to prepare for implementation. Learn how to assign Copilot licenses, prepare your organization’s Microsoft 365 data for Copilot searches, and create a Copilot Center of Excellence. Join us at an upcoming Prepare Your Organization for Microsoft Copilot for Microsoft 365 event: June 28, 2024 | 12:00 PM – 2:00 PM | (GMT-05:00) Eastern Time (US & Canada) Delivery Language: English Closed Captioning Language(s): English

REGISTER TODAY >

Build the skills you need to create new opportunities and accelerate your understanding of Microsoft Cloud technologies at a free Microsoft 365 Virtual Training Day from Microsoft Learn. Join us at Microsoft 365 Fundamentals to learn how to simplify the adoption of cloud services while supporting strong security, compliance, privacy, and trust. Also, discover how applications such as Microsoft Teams and Microsoft Viva help improve productivity, facilitate collaboration, and optimize communications. After completing this training, you’ll be eligible to take the Microsoft 365 Fundamentals certification exam at 50% off the exam price. You will have the opportunity to: Find out how the productivity, collaboration, and endpoint management capabilities of Microsoft 365 empower people to stay connected and get more done across hybrid environments. Discover how Microsoft 365 security, compliance, and identity solutions help secure an entire digital estate, simplify compliance, and reduce risk. Explore the pricing models, licensing, and billing options available to meet the needs of your organization. Join us at an upcoming two-part Microsoft 365 Fundamentals event: June 20, 2024 | 12:00 PM – 3:30 PM | (GMT-05:00) Eastern Time (US & Canada) June 21, 2024 | 12:00 PM – 4:00 PM | (GMT-05:00) Eastern Time (US & Canada) Delivery Language: English Closed Captioning Language(s): English

REGISTER TODAY >

Register now >

Azure Network Security | Azure Firewall Integration in Microsoft Copilot for Security Wednesday June 12, 2024 | 8:00AM – 9:00AM (PST, Redmond Time) Description: The Azure Firewall integration in Copilot helps analysts perform detailed investigations of the malicious traffic intercepted by the IDPS feature of their Firewalls across their entire fleet using natural language questions in the Copilot for Security standalone experience. Join this webinar to see a live demo of the feature and learn more about what’s to come in the future! Presenter(s):

Microsoft Defender for Cloud | Shift Left with Microsoft Defender for Cloud Thursday June 13, 2024 | 8:00AM – 9:00AM (PST, Redmond Time) Description: Learn how to shift security left and work with developers to secure cloud native applications with Defender for Cloud. Presenter(s):

Multiple vulnerabilities have been discovered in PHP, which could allow for remote code execution. PHP is a programming language originally designed for use in web-based applications with HTML content. Successful exploitation could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Threat Intelligence Open-source reports have stated that proof of concept exploits are available for CVE-2024-4577.

Systems Affected

PHP versions: 5 – 8.3.7

Risk Government: – Large and medium government entities: High – Small government entities: Medium

Businesses: – Large and medium business entities: High – Small business entities: Medium

Home Users: Low

Recommendations

Apply appropriate patches provided by PHP to vulnerable systems immediately after appropriate testing. Restrict use of certain websites, block downloads/attachments, block JavaScript, restrict browser extensions, etc. Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. Block execution of code on a system through application control, and/or script blocking. Remove or deny access to unnecessary and potentially vulnerable software to prevent abuse by adversaries.

References PHP:  https://www.php.net/ChangeLog-8.php

Cybersecurity Help: https://www.cybersecurity-help.cz/vdb/SB2024060501

CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1874  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2408 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4577 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5458

NIST has released three self-guided online introductory courses on the NIST Special Publication (SP) 800-53 security and privacy control catalog, the SP 800-53A control assessment procedures, and SP 800-53B control baselines. The courses provide a high-level overview of foundational security and privacy risk management concepts based directly on their respective NIST Special Publications.

Security and Privacy Controls Introductory Course Based on SP 800-53, Security and Privacy Controls for Information Systems and Organizations, the course introduces the SP 800-53 control catalog and each control family.

Assessing Security and Privacy Controls Introductory Course Based on SP 800-53A, Assessing Security and Privacy Controls in Information Systems and Organizations, the course covers the methodology for assessing the SP 800-53 controls. The material also explains the structure of the assessment procedures and assessment objectives.

Control Baselines Introductory Course Based on SP 800-53B, Control Baselines for Information Systems and Organizations, the course provides an overview of the security and privacy control baselines and guidance for tailoring security and privacy control baselines.

The online introductory courses are available at no cost, and registration is not required. The courses can be accessed at https://csrc.nist.gov/Projects/risk-management/rmf-courses.

Please direct questions about the courses to sec-cert@nist.gov.

Read More

The U.S. Small Business Administration is celebrating National Small Business Week from April 28 – May 4, 2024. This week recognizes and celebrates the small business community’s significant contributions to the nation. Organizations across the country participate by hosting in-person and virtual events, recognizing small business leaders and change-makers, and highlighting resources that help the small business community more easily and efficiently start and scale their businesses. 

To add to the festivities, this NIST Cybersecurity Insights blog showcases the NIST Cybersecurity Framework 2.0 Small Business Quick Start Guide, a new resource designed to help the small and medium-sized business (SMB) community begin to manage and reduce their cybersecurity risks. You’ve worked hard to start and grow your business. Are you taking the steps necessary to protect it? As small businesses have become more reliant upon data and technology to operate and scale a modern business, cybersecurity has become a fundamental risk that must be addressed alongside other business risks. This Guide is designed to help…

Read the Blog

Managing cybersecurity risks is essential in today’s digital world, and cybersecurity is an increasingly interdisciplinary field that offers high-paying, in-demand work opportunities. The NICE Framework uses clear language to describe cybersecurity work and those who perform it in a standardized way, regardless of where they are positioned in the organizational structure. It is used across the public and private sectors and from large to small organizations for career discovery, education and training, and hiring and workforce planning. The updates to the NICE Framework components help individuals, educators, and employers prepare to meet today’s demands for cybersecurity-related jobs by describing cybersecurity Work Roles and Competency Areas and the tasks, knowledge, and skills needed to support them. 

What we’ve seen as a result is…

Read the Blog

Contractors and other organizations that do business with the federal government now have clearer, more straightforward guidance for protecting the sensitive data they handle.

The National Institute of Standards and Technology (NIST) has finalized its updated guidelines for protecting this data, known as controlled unclassified information (CUI), in two publications: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST Special Publication [SP] 800-171, Revision 3), and its companion, Assessing Security Requirements for Controlled Unclassified Information (NIST SP 800-171A, Revision 3).

Read More

This week, NIST released Special Publication 800-229, Fiscal Year (FY) 2023 Cybersecurity and Privacy Annual Report. This publication shares key highlights of our major cybersecurity and privacy accomplishments as we wrapped up our celebration of NIST’s 50 years of work in the cybersecurity arena.

In FY 2023, the NIST Information Technology Laboratory’s (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in the world of cybersecurity and privacy. This Annual Report highlights key research activities for the ITL Cybersecurity and Privacy Program across key priorities such as:

• Cryptography
• Education, training, and workforce development
• Emerging technologies
• Human-centered cybersecurity
• Identity and access management
• Privacy
• Risk management
• Trustworthy networks and platforms
• The NIST National Cybersecurity Center of Excellen

Read the Report

Agencies face significant challenges in protecting beneficiary information and ensuring the integrity of their programs. Appropriately balancing access and security—while considering nuanced program circumstances and populations—is vital to meaningfully improving public benefits and delivery. NIST, along with the Digital Benefits Network at the Beeck Center for Social Impact + Innovation at Georgetown University and the Center for Democracy and Technology are working on this issue with the launch of a two-year-long collaborative research and development project.

This project works to adapt NIST’s Digital Identity Guidelines to better support the implementation of public benefits policy and delivery while balancing security, privacy, equity, and usability. The project will result in a voluntary community profile of NIST’s Digital Identity Guidelines to support and empower practitioners and public sector leaders in evaluating the necessity and degree of authentication (and identity-proofing practices) in benefits delivery. 

Learn More