Author: blogmirnet

In May and June, U.S. Executive Branch employees and contractors can participate in eleven CDM Dashboard courses, including the new CDM and Federal Mandates- Featuring how to use the CDM Dashboard to enable automated BOD-22-01 Reporting course. This course presents information regarding current federal cybersecurity directives, mandates and policies, and how they can be supported by the CDM Agency Dashboard. Featured prominently will be details on how to use the CDM Dashboard to enable automated BOD-22-01 Reporting.
Incident Response (IR): This free training series includes 100-level webinars for a general audience which are cybersecurity topic overviews that provide core guidance and best practices to make your network more resilient to attacks. It also includes 200-level Cyber Range Training courses for government employees and contractors across Federal, State, Local, Tribal, and Territorial government, educational partners, and critical infrastructure partners. These Cyber Range Trainings provide guided step-action labs to learn and practice investigation, remediation and incident response skills. Additionally, we are in the process of changing the registration period from opening one month before the course date to opening two months before the course date. IR Training Events through June 2023 Date Course Code Registration Opens Course Hours                     06/06/2023 IR108 05/05/2023 Indicators of Compromise 1 06/15/2023 IR208 05/15/2023 Understanding Indicators of Compromise 4 06/21/2023 IR104 05/19/2023 Defending Internet Accessible Systems 1 06/22/2023 IR210 05/22/2023 Introduction to Log Management 4 To learn more or register visit: https://www.cisa.gov/incident-response-training Industrial Control Systems (ICS): We offer free, virtual ICS trainings geared toward Critical Infrastructure owners and operators. The trainings are designed to reduce cybersecurity risks to critical infrastructure and encourage cooperation between CISA and the private sector. Trainings vary in length and run from 8:00 a.m. – 5:00 p.m. MDT (10:00 a.m. – 7:00 p.m. EDT). All trainings are conducted through Online Training or CISA Virtual Learning Portal (VLP), with the exception of the three- or four-day, in-person courses at Idaho National Labs (INL) in Idaho Falls, ID. ICS Training Events through June 2023 Date Course Code Course Location 05/23/2023-05/25/2023 401L Industrial Control Systems Evaluation Training – In-Person 3 Days IN-PERSON TRAINING (3 days) 06/05/2023-06/23/2023 401v Industrial Control Systems Evaluation (401v) Scheduled Online Training 06/05/2023-06/23/2023 301v Industrial Control Systems Cybersecurity (301v) Scheduled Online Training 06/05/2023-06/08/2023 301L Industrial Control Systems Cybersecurity Training – In-Person 4 Days IN-PERSON TRAINING (4 days) 06/27/2023-06/29/2023 401L Industrial Control Systems Evaluation Training – In-Person 3 Days IN-PERSON TRAINING (3 days) On Demand 100W Operational Security (OPSEC) for Control Systems CISA Training Virtual Learning Portal (VLP) On Demand 210W-1 Differences in Deployments of ICS CISA Training Virtual Learning Portal (VLP) On Demand 210W-2 Influence of Common IT Components on ICS CISA Training Virtual Learning Portal (VLP) On Demand 210W-3 Common ICS Components CISA Training Virtual Learning Portal (VLP) On Demand 210W-4 Cybersecurity within IT & ICS Domains CISA Training Virtual Learning Portal (VLP) On Demand 210W-5 Cybersecurity Risk CISA Training Virtual Learning Portal (VLP) On Demand 210W-6 Current Trends (Threat) CISA Training Virtual Learning Portal (VLP) On Demand 210W-7 Current Trends (Vulnerabilities) CISA Training Virtual Learning Portal (VLP) On Demand 210W-8 Determining the Impacts of a Cybersecurity Incident CISA Training Virtual Learning Portal (VLP) On Demand 210W-9 Attack Methodologies in IT & ICS  CISA Training Virtual Learning Portal (VLP) On Demand 210W-10 Mapping IT Defense-in-Depth Security Solutions to ICS – Part 1  CISA Training Virtual Learning Portal (VLP) On Demand 210W-11 Mapping IT Defense-in-Depth Security Solutions to ICS – Part 2  CISA Training Virtual Learning Portal (VLP) On Demand FRE2115 Industrial Control Systems Cybersecurity Landscape for Managers CISA Training Virtual Learning Portal (VLP) To learn more or sign up, visit: https://www.cisa.gov/ics-training-calendar
*The following virtual courses are prerequisites to attending in-person 301 and 401 trainings hosted by CISA at the Idaho National Laboratory: ICS 301v: Focuses on understanding, protecting and securing ICS from cyberattacks. ICS 401v: Focuses on analyzing and evaluating an ICS network to determine its defense status and what changes need to be made.
CISA’s Cybersecurity Workforce Training for Underserved Communities and CyberWarrior: CISA’s non-traditional training program grantee, CyberWarrior, increases opportunity and economic mobility for people of all backgrounds through training, mentorship and technology. Through its CyberWarrior Academy, it delivers hands-on, intensive, lab-driven technical training in cybersecurity methods and procedures. CyberWarrior Training Events Date Audience Course 05/18/2023  General Public  May Master Class – Ransomware  May Master Class | CyberWarrior.com  06/15/2023 General Public June Master Class – Social Engineering June Master Class | CyberWarrior.com 07/13/2023 General Public July Master Class – DeepFakes July Master Class | CyberWarrior.com 08/17/2023 General Public August Master Class – Open Source Intelligence August Master Class | CyberWarrior.com 09/14/2023 General Public September Master Class – Incident Response September Master Class | CyberWarrior.com To learn more or sign up, visit: https://www.cyberwarrior.com/cybersecurity-events/   Federal Cyber Defense Skilling Academy: The Federal Cyber Defense Skilling Academy helps civilian federal employees develop their cyber defense skills through training in the baseline knowledge, skills and abilities of a Cyber Defense Analyst (CDA). Students will have the opportunity to temporarily step away from their current role while they participate in the intense, full-time, three-month accelerated training program. The course provides valuable opportunities to practice new CDA skills in a lab environment. As an added incentive, students will receive CompTIA Security+ training during the last two weeks of the Skilling Academy and a voucher to take the certification exam. Please note, applications for each cohort are due approximately one month before the program begins. Visit our website for details on how to apply. Skilling Academy Cohorts 2023 Date  Audience  Event  05/22/2023 DHS Employees Second May 2023 Program Begins To learn more or register, visit: https://www.cisa.gov/SkillingAcademy  CISA’s K – 12 Cybersecurity Education Training Assistance Program (CETAP): Through CISA’s CETAP grantee, CYBER.ORG, we offer K-12 teachers with cybersecurity curricula and education tools. CYBER.ORG develops and distributes free cybersecurity, STEM and computer science curricula to K-12 educators across the country. Below are upcoming training events through CYBER.ORG.
CYBER.ORG Training Events through June 2023 Date Audience Course 06/20/2023-06/22/2023 K-12 Educators CYBER.ORG EdCon: CYBER.ORG’s national conference designed to inspire and empower novice and expert cybersecurity K-12 educators alike. EdCon | CYBER.org 06/26/2023-06/30/2023 High School Teachers Cybersecurity Bootcamp for 9-12 Teachers: This bootcamp is a weeklong event that prepares teachers to teach CYBER.ORG’s High School Cybersecurity course. Cybersecurity Bootcamp | CYBER.org To learn more or sign up, visit: https://cyber.org/events
Continuous Diagnostics and Mitigation (CDM): We offer instructor led, hands-on CDM Agency Dashboard training for U.S. Executive Branch employees and contractors in our cyber range virtual training environment. These courses are intended for those at agencies participating in the CDM program who monitor, manage and/or oversee controls on their information systems (e.g., ISSOs, CDM POCs, ISSMs and those who report metrics and measures). All courses will be taught using the latest version of the CDM Dashboard (ES-5) using a virtual training range. The newest offering is the CDM220 Federal Mandates and BOD 22-01 & 23-01 Reporting course, which will focus on the newest version ES-6 of the CDM Dashboard. CDM Training Events through June 2023 Date Course Code Registration Opens Course Hours                     05/24/2023 CDM210 04/24/2023 Introduction to CDM Enabled Threat Hunting (CETH) 4 06/01/2023 CDM220 05/01/2023 CDM and Federal Directives 4 06/07/2023 CDM111 05/08/2023 Analyzing Cyber Risk (In-Person) 7 06/08/2023 CDM111 05/08/2023 Analyzing Cyber Risk (In-Person) 7 06/13/2023 CDM142 05/12/2023 Asset Management with the CDM Agency Dashboard 4 06/27/2023 CDM201 05/26/2023 Identity and Access Management with the CDM Dashboard 4 To learn more or register visit: https://www.cisa.gov/cdm-training
CDET Mission	CDET Vision
Address today’s cyber workforce challenges through innovative education and training opportunities	Lead and influence national cyber training and education to promote and enable the cyber-ready workforce of tomorrow
Contact Us: [email protected]

Learn More Here

CISA, in coordination with Sandia National Laboratories, released a free, open-source hunt and incident response tool, known as Untitled Goose to the CISA GitHub Repository in March. Untitled Goose Tool adds novel authentication and data gathering methods to help network defenders analyze Microsoft cloud services and detect potentially malicious activity in Microsoft Azure, Active Directory (AAD), and Microsoft 365 (M365) environments. Users can run Untitled Goose Tool once, as a snapshot in time, or routinely. For certain log types, the tool will pick up from the last time it was executed.

CISA advises users to employ Untitled Goose Tool to:

• Export and review AAD sign-in and audit logs, M365 unified audit log (UAL), Azure activity logs, Microsoft Defender for IoT (internet of things) alerts, and Microsoft Defender for Endpoint (MDE) data for suspicious activity.
• Query, export, and investigate AAD, M365, and Azure configurations.

The repository has already garnered over 23,000 unique visitors and received 668 stars from the community. CISA welcomes user contributions to add new features or further build out the tool via the Untitled Goose Tool GitHub Repository.

Learn More Here

This Joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Cyber Security Centre (ACSC) are releasing this Joint Cybersecurity Advisory to disseminate known BianLian ransomware and data extortion group IOCs and TTPs identified through FBI and ACSC investigations as of March 2023.

BianLian is a ransomware developer, deployer, and data extortion cybercriminal group who has targeted organizations in multiple U.S. critical infrastructure sectors since June 2022. They have also targeted Australian critical infrastructure sectors in addition to professional services and property development. The group gains access to victim systems through valid Remote Desktop Protocol (RDP) credentials, use open-source tools and command-line scripting for discovery and credential harvesting, and exfiltrate victim data via File Transfer Protocol (FTP), Rclone, or Mega. BianLian group actors then extort money by threatening to release data if payment is not made. BianLian group originally employed a double-extortion model in which they encrypted victims’ systems after exfiltrating the data; however, around January 2023, they shifted to primarily exfiltration-based extortion.

The FBI, CISA, and ACSC encourage critical infrastructure organizations and small and medium-sized organizations to implement the recommendations in the mitigations section of this Joint Cybersecurity Advisory to reduce the likelihood and impact of BianLian and other ransomware incidents.

Read the e-book

As more companies embrace remote and hybrid work, they face greater vulnerabilities and inefficiencies with employees having multiple sign-ons. The e-book A Modern Workforce Requires Integrated, Identity-Driven Security unpacks these vulnerabilities and discusses how: Managing different point solutions to improve security or using separate sign-ons for cloud productivity tools creates unnecessary security gaps and unknown risks.An integrated approach streamlines security across on-premises and multicloud environments, spanning all endpoints, apps, and workloads.Machine learning and connected intelligence in Azure Active Directory (AD) monitor for suspicious activity and offer real-time assistance against breaches from lost or stolen identities.

Watch this six-part series to see how GitHub Copilot can help you learn AI. Explore machine learning fundamentals, watch a demo of how to build a classification model, and then move on to more advanced algorithms (neural networks).

Watch now >

Join this webinar to learn about the latest Azure Arc capabilities that will help you manage all your Kubernetes clusters and data services wherever they are, including consistent GitOps configurations for your clusters and a new connected mode for your data services. You’ll learn about: Deploying consistent apps through GitOps configurations. Managing and governing all your clusters wherever they are. The benefits of the new directly connected mode for data services.   Manage Kubernetes and Data Services Anywhere with Azure Arc   Tuesday, May 30, 2023 | 1:00 PM – 2:00 PM ET

Manage Kubernetes and Data Services Anywhere with Azure Arc

Register now >

Grow your skills at Security Virtual Training Day: Security, Compliance, and Identity Fundamentals from Microsoft Learn. At this free, introductory event, you’ll gain the security skills and training you need to create impact and take advantage of opportunities to move your career forward. You’ll explore the basics of security, compliance, and identity—including best practices to help protect people and data against cyberthreats for greater peace of mind. You’ll also learn more about identity and access management while exploring compliance management fundamentals. You will have the opportunity to: Learn the fundamentals of security, compliance, and identity. Understand the concepts and capabilities of Microsoft identity and access management solutions, as well as compliance management capabilities. Gain the skills and knowledge to jumpstart your preparation for the certification exam. Join us at an upcoming two-part event: Wednesday, June 7, 2023 | 10:00 AM – 1:45 PM | (GMT-05:00) Eastern Time (US & Canada) Thursday, June 8, 2023 | 10:00 AM – 12:00 PM | (GMT-05:00) Eastern Time (US & Canada) Delivery Language: English Closed Captioning Language(s): English

REGISTER TODAY >

Build skills that help you create new technology possibilities and explore foundational cloud concepts at Azure Virtual Training Day: Fundamentals from Microsoft Learn. Join us for this free training event to expand your knowledge of cloud models and cloud service types. You’ll also review Azure services focused on computing, networking, and storage. You will have the opportunity to: Understand the value of the shared responsibility model between consumers and cloud providers. Identify the tools and services that can help you manage, secure, and stay compliant across your Azure cloud ecosystem and in on-premises, hybrid, and multicloud environments. See how to use Azure services to rapidly expand your cloud footprint while maintaining data security and privacy. Join us at an upcoming two-part event: Thursday, June 1, 2023 | 10:00 AM – 12:45 PM | (GMT-05:00) Eastern Time (US & Canada) Friday, June 2, 2023 | 10:00 AM – 12:45 PM | (GMT-05:00) Eastern Time (US & Canada) Delivery Language: English Closed Captioning Language(s): English

REGISTER TODAY >

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency ( NSA), the US Cyber Command Cyber National Mission Force ( CNMF), the United Kingdom National Cyber Security Centre (NCSC UK), the Canadian Centre for Cyber Security (CCCS), Canada’s Communications Security Establishment ( CSE ), the Australian Cyber Security Centre (ACSC), and the New Zealand National Cyber Security Centre (NCSC NZ) released a Joint Cybersecurity Advisory  providing details on

The Snake implant is considered the most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s FSB for long-term intelligence collection on sensitive targets. To conduct operations using this tool, the FSB created a covert peer-to-peer (P2P) network of numerous Snake-infected computers worldwide. Many systems in this P2P network serve as relay nodes which route disguised operational traffic to and from Snake implants on the FSB’s ultimate targets. Snake’s custom communications protocols employ encryption and fragmentation for confidentiality and are designed to hamper detection and collection efforts.

Snake infrastructure has been identified in over 50 countries across North America, South America, Europe, Africa, Asia, and Australia, to include the United States and Russia itself. Although Snake uses infrastructure across all industries, its targeting is purposeful and tactical in nature. Globally, the FSB has used Snake to collect sensitive intelligence from high-priority targets, such as government networks, research facilities, and journalists. As one example, FSB actors used Snake to access and exfiltrate sensitive international relations documents, as well as other diplomatic communications, from a victim in a North Atlantic Treaty Organization (NATO) country. Within the United States, the FSB has victimized industries including education, small businesses, and media organizations, as well as critical infrastructure sectors including government facilities, financial services, critical manufacturing, and communications.

This Joint Cybersecurity Advisory provides background on Snake’s attribution to the FSB and detailed technical descriptions of the implant’s host architecture and network communications. This CSA also addresses a recent Snake variant that has not yet been widely disclosed. The technical information and mitigation recommendations in this Joint Cybersecurity Advisory are provided to assist network defenders in detecting Snake and associated activity. For more information on FSB and Russian state-sponsored cyber activity, please see the joint advisory Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure and CISA’s Russia Cyber Threat Overview and Advisories webpage.

Today, NIST has published an update of Federal Information Processing Standards Publication (FIPS) 197, Advanced Encryption Standard (AES). This update makes no technical changes to the algorithm specified in the standard, which was originally published in 2001.

However, this update includes extensive editorial improvements to the original version, including the following:

• The front matter is modernized (e.g., a foreword and abstract are added).
• Terms and symbols are defined more comprehensively and consistently.
• Formatting/typesetting is improved in a variety of ways.
• Unnecessary formalism is removed.
• Diagrams for the three key schedules are included.
• Some references were updated, and additional references are provided.

The changes are documented in greater detail in Appendix D of the updated FIPS. NIST originally proposed to update FIPS 197 in this manner on December 19, 2022.  The proposal included the release of a draft of the FIPS update for public comment, as well as a summary of the determination that no technical revisions were necessary. No public comments were received on the proposal nor the draft.

Previously, NIST had posted an initial call for comments on FIPS 197 on May 10, 2021, and received three sets of public comments. More details about this review are available from NIST’s Crypto Publication Review Project site.

Read More