Microsoft.Source newsletter

What’s New
Blog Microsoft Ignite 2023 round up > Check out this collection of Ignite announcements and blogs from across the Microsoft Technology Community. (English only)  
Blog GitHub Universe 2023: Key developer takeaways > Catch up on Universe 2023 announcements including general availability of GitHub Copilot Chat and new AI-powered security features. (English only)  
Blog What’s new in ASP.NET Core 8.0 > Learn about the most significant changes in ASP.NET Core 8.0.  
Events See local events >
On demand GitHub Copilot and AI for Developers / On demand > Join Scott Hanselman as he dissects AI’s potential and pitfalls in development in this on demand session from Microsoft Ignite  
On demand Deploying Microsoft Dev Box inside Microsoft / On demand > Learn how to best deploy, manage, and use Microsoft Dev Box.  
Virtual Ask an Azure AI SME series / Starts Jan 17 / Online > Ask experts questions on topics ranging from data science, generative AI, MLOps, responsible AI and more. (English Only)  
On demand Quantum Innovator webinar series / On demand > Get a firsthand account of the Microsoft strategy for scaled quantum computing.  
In person Microsoft Community Days > Find, participate and run community events in any area. These events are supported by Microsoft and Partners.  
Learning
Cloud Skills Challenge Microsoft Ignite Cloud Skills Challenge > Complete the challenge and enter to win a VIP event pass for the next Microsoft Ignite or Microsoft Build! The challenge is on through January 15, 2024.  
Video Learn .NET for free > Free tutorials, videos, courses, and more for beginners and advanced .NET developers.   Challenge Project
Build a minigame with GitHub Copilot and Python > Learn to analyze, create, and use different methods to develop a console minigame in Python with GitHub Codespaces and Copilot.  

Upcoming Webinar: What’s in Store for NIST’s Small Business Cybersecurity Program in 2024?

Event Date: January 10, 2024

Event Time: 2:00 p.m. to 2:45 p.m. ET

Event Location: Virtual

Event Description:

We’re ringing in the New Year by giving you a sneak peek into what the NIST Small Business Cybersecurity Program has planned for 2024. During this webinar, we’ll:

  • Introduce you to the new NIST Lead for Small Business Engagement.
  • Provide an overview of upcoming small business cybersecurity events.
  • Launch our two new NIST Small Business Cybersecurity Community of Interest (COI) sub-groups:
    • COI for Small Business Owners/Operators.
    • COI for Small Business Vendors and Resource Partners.
    • Learn more about each and sign up here.
  • Provide a teaser of what’s coming the rest of the year.
  • Answer your questions/receive your input.

Speaker: Daniel Eliot, Lead for Small Business Engagement, Applied Cybersecurity Division, NIST

Register Here

FBI, CISA, and ASD’s ACSC Release Advisory on Play Ransomware

Today, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) released a joint Cybersecurity Advisory (CSA), #StopRansomware: Play Ransomware, to disseminate Play ransomware group’s tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) identified through FBI investigations as recently as October 2023.

Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data and have impacted a wide range of businesses and critical infrastructure organizations in North America, South America, Europe, and Australia.

FBI, CISA, and the ASD’s ACSC encourage organizations review and implement the recommendations provided in the joint CSA to reduce the likelihood and impact of Play and other ransomware incidents. For more information, see CISA’s #StopRansomware webpage, which includes the updated #StopRansomware Guide.

StopRansomware: Play Ransomware

This Joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders detailing various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) are releasing this joint CSA to disseminate the Play ransomware group’s IOCs and TTPs identified through FBI investigations as recently as October 2023. 
Since June 2022, the Play (also known as Playcrypt) ransomware group has impacted a wide range of businesses and critical infrastructure in North America, South America, and Europe. As of October 2023, the FBI was aware of approximately 300 affected entities allegedly exploited by the ransomware actors.
In Australia, the first Play ransomware incident was observed in April 2023, and most recently in November 2023.
The Play ransomware group is presumed to be a closed group, designed to “guarantee the secrecy of deals,” according to a statement on the group’s data leak website. The Play ransomware actors employ a double-extortion model, encrypting systems after exfiltrating data. Ransom notes do not include an initial ransom demand or payment instructions; however, victims are instructed to contact the threat actors via email.
The FBI, CISA, and ASD’s ACSC encourage organizations to implement the recommendations in the mitigations section of this advisory to reduce the likelihood and impact of ransomware incidents. Recommendations include requiring multi-factor authentication, maintaining offline backups of data, implementing a recovery plan, and keeping all operating systems, software, and firmware up to date.

CISA and FBI Release Advisory on ALPHV Blackcat Affiliates

Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), #StopRansomware: ALPHV Blackcat, to disseminate known ALPHV Blackcat affiliates’ tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) identified through FBI investigations as recently as Dec. 6, 2023. The advisory also provides updates to the FBI FLASH BlackCat/ALPHV Ransomware Indicators of Compromise released April 19, 2022.

ALPHV Blackcat affiliates have extensive networks and experience with ransomware and data extortion operations. FBI investigations, as of September 2023, place the number of compromised entities at over 1000—over half of which are in the United States and approximately 250 outside the United States.

CISA and FBI encourage critical infrastructure organizations to review and implement the mitigations provided in the joint CSA to reduce the likelihood and impact of ALPHV Blackcat ransomware and data extortion incidents. For more information, see CISA’s #StopRansomware webpage, which includes the updated #StopRansomware Guide.

Collaborators Announced for NCCoE Responding to and Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector Project

The NCCoE has invited technology providers and industry experts from Amazon Web Services, Cisco, Dragos, Garland Technologies, Inductive Automation, QCOR, Rockwell Automation, Siemens, TDI Technologies, and Tenable to collaborate on the Responding to and Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector project.

These collaborators will work with the NCCoE project team to demonstrate a practical solution to assist organizations in detecting, responding, and recovering from a cyber incident within an operational technology environment.

The result will be a freely available NIST Cybersecurity Practice Guide that includes a reference design and a detailed description of the practical steps needed to implement the solution based on the NIST Cybersecurity Framework and industry standards and best practices.

Each of these organizations responded to a notice in the Federal Register to submit capabilities that aligned with desired solution characteristics for the project. The accepted collaborators were extended a Cooperative Research and Development Agreement, enabling them to participate in a consortium in which they will contribute expertise and hardware or software to help refine a reference design and build example standards-based solutions.

To learn more about this project, visit our project page.

Project Page

NIST Calls for Information to Support Safe, Secure and Trustworthy Development and Use of Artificial Intelligence

NIST Calls for Information to Support Safe, Secure and Trustworthy Development and Use of Artificial Intelligence Hands draw on a transparent screen with circuits making the shape of a brain and "AI" written in the center. The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has issued a Request for Information (RFI) that will assist in the implementations of its responsibilities under the recent Executive Order on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI). The order directs NIST to develop guidelines for evaluation, red-teaming and more; facilitate development of consensus-based standards; and provide testing environments for the evaluation of AI systems. These guidelines and infrastructure will be a resource to help the AI community in the safe and trustworthy development and responsible use of AI. “President Biden has been clear — AI is the defining technology of our generation, and we have an obligation to harness the power of AI for good while protecting people from its risks. As part of the president’s Executive Order, the Department of Commerce is soliciting feedback across industry, academia, civil society and more so we can develop industry standards around AI safety, security, and trust that will enable America to continue leading the world in the responsible development and use of this rapidly evolving technology,” said U.S. Secretary of Commerce Gina Raimondo.
Read More

Open for Public Comment: NCCoE Releases Two Preliminary Drafts for Migration to Post Quantum Cryptography Project

This is an updated notification with the correct date.

The NIST National Cybersecurity Center of Excellence (NCCoE) has released two preliminary draft practice guides for Migration to Post-Quantum Cryptography Project for public comment. The comment period is open now through February 20, 2024.

NIST SP 1800-38B, Quantum Readiness: Cryptographic Discovery, is a preliminary draft offering (1) a functional test plan that exercises the cryptographic discovery tools to determine baseline capabilities; (2) a use case scenario to provide context and scope our demonstration; (3) an examination of the threats addressed in this demonstration; (4) a multifaceted approach to start the discovery process that most organizations can start today; and (5) a high-level architecture based on our use case that integrates contributed discovery tools in our lab.

NIST SP 1800-38C, Quantum Readiness: Testing Draft Standards for Interoperability and Performance, is a preliminary draft offering (1) identification of compatibility issues between quantum ready algorithms, (2) resolution of compatibility issues in a controlled, non-production environment, and (3) reduction of time spent by individual organizations performing similar interoperability testing for their own PQC migration efforts.

About the Project

NIST’s NCCoE initiated the Migration to Post-Quantum Cryptography (PQC) project to share insights and findings to ease migration from current public-key cryptographic algorithms to soon-to-be standardized PQC algorithms.

Why migrate to PQC? PQC algorithms are being standardized because advances in quantum computing could enable the compromise of many of the current cryptographic algorithms being widely used to protect digital information. Implementing PQC will protect digital information from an attack by cryptanalytically relevant quantum computer (CRQC) and cryptanalytically relevant classical computer.

Why did the NCCoE start this project? Previous initiatives to update or replace cryptographic algorithms in hardware, firmware, operating systems, communication protocols, cryptographic libraries, and applications employed in data centers on-premises or in the cloud and distributed compute, storage, and network infrastructures have taken many years. The NCCoE identified the need to bring together a collaborative team with expertise in cryptography to work together in the NCCoE PQC lab to perform cryptographic discovery and share what we have learned together as one means to reduce how long it will take an organization to achieve quantum readiness via PQC adoption.

Why should I read the Cryptographic Discovery publication? The publication assumes you are supporting your organization’s quantum readiness project, and you have a need for information to assess the risk of a CRQC to your organization. The information you need comes from discovery of where and how cryptographic products, algorithms, and protocols are used by your organization to protect the confidentiality and integrity of your organization’s important data and digital systems. This publication shares insights and findings about cryptographic discovery tools that may aid your progress.

Why should I read the Interoperability and Performance publication? The publication assumes you are supporting upgrading your use of quantum-vulnerable public-key cryptographic implementations, and you want to build your understanding of aspects of interoperability and performance for the soon-to-be standardized PQC algorithms to determine your approach for making your public-key cryptographic implementations quantum-resistant.

Submit Comments

The public comment period for both Migration to PQC preliminary drafts, 1800-38B and 1800-38C, closes on February 20, 2024.

  1. View the publications.
  2. Submit comments via the webform on the project page.
  3. Email questions to applied-crypto-pqc@nist.gov.

Why should I submit comments? We value and welcome your input on ways we can improve the publication and look forward to your comments.

Join the Community of Interest

If you would like to help shape this project, consider joining the NCCoE Migration to Post-Quantum Cryptography Community of Interest (COI) to receive the latest project news and updates!

Join here.


Microsoft Security Virtual Training Day:Security, Compliance, and Identity Fundamentals

Grow your skills at Security Virtual Training Day: Security, Compliance, and Identity Fundamentals from Microsoft Learn. At this free, introductory event, you’ll gain the security skills and training you need to create impact and take advantage of opportunities to move your career forward. You’ll explore the basics of security, compliance, and identity—including best practices to help protect people and data against cyberthreats for greater peace of mind. You’ll also learn more about identity and access management while exploring compliance management fundamentals. You will have the opportunity to: Learn the fundamentals of security, compliance, and identity. Understand the concepts and capabilities of Microsoft identity and access management solutions, as well as compliance management capabilities. Gain the skills and knowledge to jumpstart your preparation for the certification exam. Join us at an upcoming two-part event:
January 24, 2024 | 12:00 PM – 3:45 PM | (GMT-05:00) Eastern Time (US & Canada)
January 25, 2024 | 12:00 PM – 2:15 PM | (GMT-05:00) Eastern Time (US & Canada)

Delivery Language: English
Closed Captioning Language(s): English
 
REGISTER TODAY >

Managing Risk from Software Defined Networking Controllers

This National Security Agency (NSA) Cybersecurity Information Sheet is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cyber criminals.
Software Defined Networking (SDN) is a networking paradigm that enables enterprises to employ a centralized network management server to command and control network devices and control access to applications. This server is referred to as an SDN Controller (SDNC). Unlike traditional networks that require administrators to log in to each device, SDN allows administrators to scale device configuration and maintenance by only logging in to the SDNC to make changes to many devices at once. Often with little or no additional human interaction, SDN enables dynamic changes to switching and routing functions based on changing conditions detected in the network environment. Additionally, SDNCs may support integration with other servers and applications in an enterprise environment, typically via application programming interfaces (APIs). This integration can allow the SDNC to be part of an enterprise’s greater automation and orchestration effort.
The SDNC benefits enterprise network management due to its centralized nature, but it also brings risk and could become a high priority target for adversaries. The SDNC’s attack surface includes its management interface, the API it uses to communicate with other devices, the SDNC device itself, and the endpoints and switches that the SDNC manages. Malicious cyber actors could compromise these attack surfaces to perform management functions as if they were legitimate administrators, find sensitive configuration or authentication data, trick network devices into following a rogue SDNC’s commands, or misconfigure the SDNC or SDN environment.
Given the critical nature of the SDNC, it requires additional oversight to prevent both malicious activity as well as unintentional changes to the network. The purpose of this Cybersecurity Information Sheet is to describe mitigations for SDNC risks.