Author: blogmirnet

Register now >

Azure Network Security | Azure Firewall Integration in Microsoft Copilot for Security Wednesday June 12, 2024 | 8:00AM – 9:00AM (PST, Redmond Time) Description: The Azure Firewall integration in Copilot helps analysts perform detailed investigations of the malicious traffic intercepted by the IDPS feature of their Firewalls across their entire fleet using natural language questions in the Copilot for Security standalone experience. Join this webinar to see a live demo of the feature and learn more about what’s to come in the future! Presenter(s):

Microsoft Defender for Cloud | Shift Left with Microsoft Defender for Cloud Thursday June 13, 2024 | 8:00AM – 9:00AM (PST, Redmond Time) Description: Learn how to shift security left and work with developers to secure cloud native applications with Defender for Cloud. Presenter(s):

Multiple vulnerabilities have been discovered in PHP, which could allow for remote code execution. PHP is a programming language originally designed for use in web-based applications with HTML content. Successful exploitation could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Threat Intelligence Open-source reports have stated that proof of concept exploits are available for CVE-2024-4577.

Systems Affected

PHP versions: 5 – 8.3.7

Risk Government: – Large and medium government entities: High – Small government entities: Medium

Businesses: – Large and medium business entities: High – Small business entities: Medium

Home Users: Low

Recommendations

Apply appropriate patches provided by PHP to vulnerable systems immediately after appropriate testing. Restrict use of certain websites, block downloads/attachments, block JavaScript, restrict browser extensions, etc. Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. Block execution of code on a system through application control, and/or script blocking. Remove or deny access to unnecessary and potentially vulnerable software to prevent abuse by adversaries.

References PHP:  https://www.php.net/ChangeLog-8.php

Cybersecurity Help: https://www.cybersecurity-help.cz/vdb/SB2024060501

CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1874  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2408 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4577 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5458

NIST has released three self-guided online introductory courses on the NIST Special Publication (SP) 800-53 security and privacy control catalog, the SP 800-53A control assessment procedures, and SP 800-53B control baselines. The courses provide a high-level overview of foundational security and privacy risk management concepts based directly on their respective NIST Special Publications.

Security and Privacy Controls Introductory Course Based on SP 800-53, Security and Privacy Controls for Information Systems and Organizations, the course introduces the SP 800-53 control catalog and each control family.

Assessing Security and Privacy Controls Introductory Course Based on SP 800-53A, Assessing Security and Privacy Controls in Information Systems and Organizations, the course covers the methodology for assessing the SP 800-53 controls. The material also explains the structure of the assessment procedures and assessment objectives.

Control Baselines Introductory Course Based on SP 800-53B, Control Baselines for Information Systems and Organizations, the course provides an overview of the security and privacy control baselines and guidance for tailoring security and privacy control baselines.

The online introductory courses are available at no cost, and registration is not required. The courses can be accessed at https://csrc.nist.gov/Projects/risk-management/rmf-courses.

Please direct questions about the courses to sec-cert@nist.gov.

Read More

The U.S. Small Business Administration is celebrating National Small Business Week from April 28 – May 4, 2024. This week recognizes and celebrates the small business community’s significant contributions to the nation. Organizations across the country participate by hosting in-person and virtual events, recognizing small business leaders and change-makers, and highlighting resources that help the small business community more easily and efficiently start and scale their businesses. 

To add to the festivities, this NIST Cybersecurity Insights blog showcases the NIST Cybersecurity Framework 2.0 Small Business Quick Start Guide, a new resource designed to help the small and medium-sized business (SMB) community begin to manage and reduce their cybersecurity risks. You’ve worked hard to start and grow your business. Are you taking the steps necessary to protect it? As small businesses have become more reliant upon data and technology to operate and scale a modern business, cybersecurity has become a fundamental risk that must be addressed alongside other business risks. This Guide is designed to help…

Read the Blog

Managing cybersecurity risks is essential in today’s digital world, and cybersecurity is an increasingly interdisciplinary field that offers high-paying, in-demand work opportunities. The NICE Framework uses clear language to describe cybersecurity work and those who perform it in a standardized way, regardless of where they are positioned in the organizational structure. It is used across the public and private sectors and from large to small organizations for career discovery, education and training, and hiring and workforce planning. The updates to the NICE Framework components help individuals, educators, and employers prepare to meet today’s demands for cybersecurity-related jobs by describing cybersecurity Work Roles and Competency Areas and the tasks, knowledge, and skills needed to support them. 

What we’ve seen as a result is…

Read the Blog

Contractors and other organizations that do business with the federal government now have clearer, more straightforward guidance for protecting the sensitive data they handle.

The National Institute of Standards and Technology (NIST) has finalized its updated guidelines for protecting this data, known as controlled unclassified information (CUI), in two publications: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST Special Publication [SP] 800-171, Revision 3), and its companion, Assessing Security Requirements for Controlled Unclassified Information (NIST SP 800-171A, Revision 3).

Read More

This week, NIST released Special Publication 800-229, Fiscal Year (FY) 2023 Cybersecurity and Privacy Annual Report. This publication shares key highlights of our major cybersecurity and privacy accomplishments as we wrapped up our celebration of NIST’s 50 years of work in the cybersecurity arena.

In FY 2023, the NIST Information Technology Laboratory’s (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in the world of cybersecurity and privacy. This Annual Report highlights key research activities for the ITL Cybersecurity and Privacy Program across key priorities such as:

• Cryptography
• Education, training, and workforce development
• Emerging technologies
• Human-centered cybersecurity
• Identity and access management
• Privacy
• Risk management
• Trustworthy networks and platforms
• The NIST National Cybersecurity Center of Excellen

Read the Report

Agencies face significant challenges in protecting beneficiary information and ensuring the integrity of their programs. Appropriately balancing access and security—while considering nuanced program circumstances and populations—is vital to meaningfully improving public benefits and delivery. NIST, along with the Digital Benefits Network at the Beeck Center for Social Impact + Innovation at Georgetown University and the Center for Democracy and Technology are working on this issue with the launch of a two-year-long collaborative research and development project.

This project works to adapt NIST’s Digital Identity Guidelines to better support the implementation of public benefits policy and delivery while balancing security, privacy, equity, and usability. The project will result in a voluntary community profile of NIST’s Digital Identity Guidelines to support and empower practitioners and public sector leaders in evaluating the necessity and degree of authentication (and identity-proofing practices) in benefits delivery. 

Learn More

Multiple vulnerabilities have been discovered in Fortinet FortiSIEM which could allow for remote code execution. FortiSIEM is a multi-tenant SIEM that offers real-time infrastructure and user awareness for precise threat detection, analysis, and reporting. Successful exploitation could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Threat Intelligence Open-source reports have stated that proof of concept exploits are available for CVE-2024-23108 and CVE-2023-34992.

Systems Affected

Fortinet FortiSIEM versions 7.1.0 – 7.1.1, 7.0.0 – 7.0.2 , 6.7.0 – 6.7.8 , 6.6.0 – 6.6.3 , 6.5.0 – 6.5.2 , 6.4.0 – 6.4.2

Risk Government: – Large and medium government entities: High – Small government entities: Medium

Businesses: – Large and medium business entities: High – Small business entities: Medium

Home Users: Low

Recommendations

Apply appropriate patches provided by FortiNet to vulnerable systems immediately after appropriate testing. Restrict use of certain websites, block downloads/attachments, block JavaScript, restrict browser extensions, etc. Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. Block execution of code on a system through application control, and/or script blocking. Remove or deny access to unnecessary and potentially vulnerable software to prevent abuse by adversaries.

References FortiNet: https://www.fortiguard.com/psirt/FG-IR-23-130

Help Net Security: https://www.helpnetsecurity.com/2024/05/29/cve-2024-23108-cve-2023-34992-poc/

CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34992 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23108 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23109

SECON New Jersey 2024 – Securing the Connected World SECON New Jersey 2024 is open for registration! With less than two weeks away, ISC2 New Jersey Chapter and ISACA New Jersey Chapter will be hosting the 2024 SECON conference and it’s going to be the best one yet! Check out some of the conference highlights to date: 🔥 Four Keynote speakers: Michael Geraghty, Michael Redmond, Ira Winkler and Dr. Erdal Ozkaya 🔥 +40 speakers (most of them are either NJ ISC2 or ISACA chapter members) 🔥 Several panel discussions 🔥 Our career track will be run by professional career coaches 🔥 SWAG will be awesome, as usual 🔥 Roughly 90% tickets have already been purchased. (Last year, it was sold out!) 🔥 We’ll be offering ISC2 exam scholarships for those that qualify 🔥 Student tickets are only $10 🔥 Our event is hybrid, in case you can’t make it in person 🔥 Earn up to 7 CPEs Stan Mierzwa, CISSP, CCSK, Assoc. CCISO, ITIL and the Kean Center for Cybersecurity have been fantastic partners over the past several years. Thank you again for letting us host our event at your facility! Get your tickets soon before they sell out! Event: SECON NJ 2024 Date: Thursday, June 13th, 2024| 9:00 a.m. to 5:00 p.m. Location: Kean University, 1075 Morris Avenue, NJCSTM/STEM Building, Union, NJ 07083 Virtual Location: gather.town Register here. njsecon.org