Author: blogmirnet

NIST has published Interagency Report (IR) 8476, 3rd High-Performance Computing Security Workshop: Joint NIST-NSF Workshop Report, which offers summaries and key insights from collaborative workshop hosted by NIST and the National Science Foundation (NSF).  

High-performance computing (HPC) is a vital computational infrastructure for processing vast data volumes, conducting intricate simulations, and facilitating advanced machine learning model training. As such, HPC plays a pivotal role in scientific discovery, innovation, and economic competitiveness. Cybersecurity in HPC is crucial for safeguarding against potential attacks and misuses while ensuring the integrity of data and research. Nonetheless, HPC systems often possess unique hardware, software, and user environments that present distinct cybersecurity challenges.

This collaborative workshop successfully brought together stakeholders from government, academia, and industry to engage in discussions pertaining to community needs, ongoing initiatives, and prospective pathways in HPC security. This publicly available workshop report offers comprehensive summaries of technical sessions, key insights from breakout sessions, and a summary of the keynote presentations.

Read More

Explore cybersecurity hygiene standards that help prevent 98% of attacks   Routine security practices are still some of the most effective ways to strengthen your defenses and reduce the risk of an attack. In this article, Basic cyber hygiene prevents 98% of attacks, you’ll learn: Which security standards are the most likely to prevent attacks.How security principles like multifactor authentication and Zero Trust work.Effective strategies for implementing these standards across your organization.

Read the article

Grow your skills at Security Virtual Training Day: Security, Compliance, and Identity Fundamentals from Microsoft Learn. At this free, introductory event, you’ll gain the security skills and training you need to create impact and take advantage of opportunities to move your career forward. You’ll explore the basics of security, compliance, and identity—including best practices to help protect people and data against cyberthreats for greater peace of mind. You’ll also learn more about identity and access management while exploring compliance management fundamentals. You will have the opportunity to: Learn the fundamentals of security, compliance, and identity. Understand the concepts and capabilities of Microsoft identity and access management solutions, as well as compliance management capabilities. Gain the skills and knowledge to jumpstart your preparation for the certification exam. Join us at an upcoming two-part event: October 23, 2023 | 12:00 PM – 3:45 PM | (GMT-05:00) Eastern Time (US & Canada) October 24, 2023 | 12:00 PM – 2:15 PM | (GMT-05:00) Eastern Time (US & Canada) Delivery Language: English Closed Captioning Language(s): English

REGISTER TODAY >

iOS 17.0.1 and iPadOS 17.0.1

Released September 21, 2023

Kernel

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later

Impact: A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Description: The issue was addressed with improved checks.

CVE-2023-41992: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group

Security

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later

Impact: A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Description: A certificate validation issue was addressed.

CVE-2023-41991: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group

WebKit

Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, iPad mini 5th generation and later

Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Description: The issue was addressed with improved checks.

WebKit Bugzilla: 261544
CVE-2023-41993: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: September 21, 2023

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Threat Intelligence Apple is aware of a report that CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993 may have been exploited in the wild against versions of iOS before iOS 16.7.

Systems Affected

iOS prior to 16.7 iPadOS prior to 16.7 watchOS prior to 9.6.3 macOS Ventura prior to 13.6 macOS Monterey prior to 12.7 Safari prior to 16.6.1

Risk Government: – Large and medium government entities: High – Small government entities: Medium

Businesses: – Large and medium business entities: High – Small business entities: Medium

Home Users: Low

Technical Summary Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.

Recommendations

Apply the stable channel update provided by Apple to vulnerable systems immediately after appropriate testing. Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. Restrict use of certain websites, block downloads/attachments, block Javascript, restrict browser extensions, etc. Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. Train users to be aware of access or manipulation attempts by an adversary to reduce the risk of successful spear phishing, social engineering, and other techniques that involve user interaction.

References Apple:  https://support.apple.com/en-us/HT213926 https://support.apple.com/en-us/HT213927 https://support.apple.com/en-us/HT213928 https://support.apple.com/en-us/HT213929 https://support.apple.com/en-us/HT213930 https://support.apple.com/en-us/HT213931 https://support.apple.com/en-us/HT213932

CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41991 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41992 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41993

Featured New resource for role-based Microsoft Certification exams > Access to Microsoft Learn is now available as you complete your exam. During the exam, select the Microsoft Learn button on the exam question screen. This is available in all languages. (Blog post in English)

What’s New Tutorial: Train a classification model > Learn how to train a classification model with no-code AutoML using Azure Machine Learning automated ML in the Azure Machine Learning studio.   GitHub Copilot for Visual Studio video series > Learn how GitHub Copilot can make you more productive when developing apps with Visual Studio.   Azure Machine Learning examples repository > Explore community-driven Azure Machine Learning examples, tested with GitHub Actions.

Events See local events > Microsoft Ignite / November 14-17 / In person or online. > Register for Microsoft Ignite. Experience the latest AI innovations, learn from experts, advance your skills, and connect with your community.   GitHub Universe / November 8-9 / In person and online > Register for the GitHub global developer conference. Stay in the flow, optimize collaboration, and prevent vulnerabilities with AI-powered security.   Deconstructing the Contoso Real Estate App / Weekly / Online > Build a composable enterprise-grade app with JavaScript on Azure. This 4-part weekly series runs through October 5 and will also be available on demand.   .NET Conf 2023 / November 14-16 / Online > Attend a wide selection of live sessions that feature speakers from the community and .NET team members. This year .NET 8.0 will launch at .NET Conf!   Microsoft Exam Readiness Zone / On demand > Get help preparing for a Microsoft Certification exam with tips, tricks, and strategies from experts.

Learning Learning path collection: Azure OpenAI Service > Get to know the connection between AI, responsible AI, and text, code, and image generation. Learn how to use GPT-4, ChatGPT, and Dall-E.   GitHub skills collection > Learn how to use GitHub with interactive courses designed for beginners and experts. (English only)   Learning path collection: Machine Learning > Discover tools for building and running your own models from your own data, while developing your machine learning skills.

Face recognition software is commonly used as a gatekeeper for accessing secure websites and electronic devices, but what if someone can defeat it by simply wearing a mask resembling another person’s face? Newly published research from the National Institute of Standards and Technology (NIST) reveals the current state of the art for software designed to detect this sort of spoof attack.

The new study appears together with another that evaluates software’s ability to call out potential problems with a photograph or digital face image, such as one captured for use in a passport. Together, the two NIST publications provide insight into how effectively modern image-processing software performs an increasingly significant task: face analysis.

Read More

This Joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released this Joint Cybersecurity Advisory to disseminate known ransomware IOCs and TTPs associated with the Snatch ransomware variant identified through FBI investigations as recently as June 1, 2023.

Since mid-2021, Snatch threat actors have consistently evolved their tactics to take advantage of current trends in the cybercriminal space and leveraged successes of other ransomware variants’ operations. Snatch threat actors have targeted a wide range of critical infrastructure sectors including the Defense Industrial Base (DIB), Food and Agriculture, and Information Technology sectors. Snatch threat actors conduct ransomware operations involving data exfiltration and double extortion. After data exfiltration often involving direct communications with victims demanding ransom, Snatch threat actors may threaten victims with double extortion, where the victims’ data will be posted on Snatch’s extortion blog if the ransom goes unpaid.

The FBI and CISA encourage organizations to implement the recommendations in the mitigations section of this advisory to reduce the likelihood and impact of ransomware incidents.

Cisco Talos has published an open-source report regarding the North Korean state-sponsored actor, the Lazarus Group, reported to be targeting internet backbone infrastructure and healthcare entities in Europe and the United States. The attackers have been exploiting a vulnerability in ManageEngine products, which is tracked as CVE-2022-47966. This vulnerability was added to the Cybersecurity and Infrastructure Security Agency’s (CISA)  Known Exploited Vulnerabilities Catalog in January 2023. Through this exploit, the attackers are deploying the remote access trojan (RAT) known as “QuiteRAT.” Security researchers previously identified this malware in February 2023, and it is reportedly the successor to the group’s previously used malware “MagicRAT,” which contains many of the same capabilities. Further analysis of this campaign has also shown that the group is using a new malware tool called “CollectionRAT,” which appears to operate like most RATs by allowing the attacker to run arbitrary commands among other capabilities. Both CISA and the FBI have previously warned that these types of vulnerabilities are common attack methods for malicious actors and can pose a significant risk to healthcare and public health organizations.

This HC3 Sector Alert provides additional details, indicators of compromise, mitigation recommendations, and is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cyber criminals.

With a mention in the new National Cyber Workforce and Education Strategy and even a dedicated state law, K–12 cybersecurity education clearly has the eye of policymakers. However, despite public attention and new opportunities for high school students to pursue cybersecurity coursework, high schools often struggle to provide students with a clear understanding of what cybersecurity careers actually look like. Hands-on learning experiences, like those we’ve had at our schools and during our internship with NICE at NIST, can help bring cybersecurity education and career pathways into focus for young learners.

High school cybersecurity education, career awareness, and hands-on activities are in short supply

Cybersecurity can be a challenging topic for students. They may need to learn new programming languages, techniques to analyze large sets of data, and other new systems and technologies. Professional skills in communication, teamwork, and leadership, which are all essential in cybersecurity, also take time and practice to develop…

Read More Here