Author: blogmirnet

Did you know that 88% of organizations lack the confidence to prevent sensitive data loss?¹ Discovery and classification of sensitive data is important for organizations who want to better protect sensitive personally identifiable information (PII) and corporate intellectual property. When these sensitive labeled files are used in business intelligence and analytics solutions, it’s important they remain protected and are shared and accessed only by authorized individuals.

With Microsoft Purview Information Protection, we provide a built-in, intelligent, unified, and extensible solution to protect sensitive data across your digital estate. This includes Microsoft clouds such as Microsoft 365 and Azure, as well as on-premises, hybrid and third-party clouds, and SaaS applications. 

In addition, to ensure the security of your organization’s data, it’s imperative to also enable governance over your organization’s data estate. We are pleased to announce new capabilities in both Microsoft Fabric and Power BI.

With Fabric, Microsoft provides centralized visibility into what’s happening with your data, gives insights into usage and adoption, and enables organizations to secure and govern data end to end with a single central data repository. Fabric provides a unified intelligent data foundation for all first-party analytics workloads and integrates Power BI, Data Factory, and the next generation of Synapse to offer customers an easy –to use and powerful modern analytics solution.

Figure 1: Microsoft Fabric key components

Today we are announcing the following Microsoft Purview capabilities in Fabric, all in public preview:

1. Integration with Information Protection sensitivity labels
2. Microsoft Purview Hub support
3. Audit logs support

Fabric natively integrates the same familiar unified Information Protection sensitivity labels that are used in Microsoft 365, so users can easily see if a file or email is confidential and whether they are blocked from exporting the file. Data owners can apply a sensitivity label to a lakehouse or any other Fabric item, and the label will flow with the data to all downstream items in Fabric. These labels and their protection settings are also automatically applied to Microsoft 365 files that are exported from Fabric.  Learn more about Information protection in Fabric.

Figure 2: Using Information Protection sensitivity labels in Fabric.

Fabric admins can also use the Microsoft Purview hub, which contains insights about sensitive data as well as certified and promoted items. It also serves as a gateway to advanced capabilities in Microsoft Purview and analytics information showing labeled versus unlabeled files containing sensitive data that need to be addressed.  

.

Figure 3: Microsoft Purview hub portal view

In addition, Fabric is also integrated with Microsoft Purview audit, which provides Fabric and compliance admins with comprehensive logs of Fabric activities. All user and system operations are captured in the audit logs and made available in the Microsoft Purview compliance portal. Learn more about audit logs in Fabric.

Finally, we are also pleased to announce the following capabilities in Power BI now in general availability:

1. Inheritance of sensitivity labels from connected data sources in Power BI
2. Data Loss Prevention support for Power BI

Power BI datasets that connect to sensitivity-labeled data in Azure Synapse Analytics Azure SQL Database and Excel files stored in OneDrive or SharePoint Online can automatically inherit those labels, so that the data remains classified and secure when brought into Power BI. Power BI is also supported as a workload in Data Loss Prevention policies, so that sensitive data can be automatically detected and prevented from data exfiltration. Learn more about DLP policies in Power BI.  

An example of downstream inheritance and inheritance from data sources is illustrated below. At the top, we see the Excel file RegionalSales, that is labeled as Highly Confidential. Below that in lineage view we see the Excel file as an external data source, and how its sensitivity label filters down and gets applied to the dataset and its downstream content, which in the image below are the reports built from the dataset.

Figure 4: Screenshot of lineage view that illustrates label inheritance from data sources and downstream inheritance

Along with inheritance from data sources, inheritance upon creation of new content, inheritance upon export to file (e.g., Excel), and other capabilities for applying sensitivity labels, downstream inheritance helps ensure that sensitive data remains protected throughout its journey in Power BI, from data source to point of consumption. Confidential and highly sensitive data that is labeled and protected by Microsoft Purview Information Protection can continue to be protected in Power BI datasets and reports throughout its lifecycle. This provides organizations with more comprehensive visibility, manual or automated protection of sensitive information, and end-to-end information protection within Power BI. Learn more about how to apply sensitivity labels in Power BI here.

How to Get Started 

Read this blog to see how you can get a free trial to Fabric and view Fabric trial documents.

Get access to Microsoft Purview solutions directly in the Microsoft Purview compliance portal with a trial. By enabling the trial in the Purview compliance portal, you can quickly access these advanced classifiers. Visit your Microsoft Purview compliance portal for more details or check out the Microsoft Purview solutions trial.

Synopsis As the United States moves to establish space as an operational domain and seeks to support a space economy, there are corresponding challenges to addressing cybersecurity vulnerabilities and threats to the sector. While many existing cybersecurity principles and practices remain applicable to space as an emerging commercial critical infrastructure sector, there are many nuances and specialties that will require augmenting existing cybersecurity education and training content and learning experiences, and requirements for new work roles or competency areas are likely to emerge.  Register Today

Today, the National Security Agency (NSA) and CISA published 5G Network Slicing: Security Considerations for Design, Deployment, and Maintenance. This guidance—created by the Enduring Security Framework (ESF), a public-private cross-sector working group led by the NSA and CISA—presents recommendations to address some identified threats to 5G standalone network slicing, and provides industry recognized practices for the design, deployment, operation, and maintenance of a hardened 5G standalone network slice(s). This guidance builds upon the 2022 ESF guidance Potential Threats to 5G Network Slicing. 

CISA encourages 5G providers, integrators, and network operators to review this guidance and implement the recommended actions. For additional 5G guidance, visit CISA.gov/5G-library.

CISA has developed and published a factsheet, Free Tools for Cloud Environments, to help businesses transitioning into a cloud environment identify proper tools and techniques necessary for the protection of critical assets and data security. Free Tools for Cloud Environments provides network defenders and incident response/analysts open-source tools, methods, and guidance for identifying, mitigating, and detecting cyber threats, known vulnerabilities, and anomalies while operating a cloud or hybrid environment. 

Cloud service platforms and cloud service providers (CSPs) have developed built-in security capabilities for organizations to enhance security capabilities while operating in cloud environments. Organizations are encouraged to use the built-in security features from CSPs and to take advantage of free CISA- and partner-developed tools/applications to fill security gaps and complement existing security features. Publicly available PowerShell tools exist to all network defenders for investigation and aid of an organization’s security posture, including:  

• Cybersecurity Evaluation Tool (CSET),
• Secure Cloud Business Applications (SCuBA) Gear,
• Untitled Goose Tool,
• Decider, and
• Memory Forensic on Cloud (JPCERT/CC).

Note: These tools are highlighted and explained to assist with on-site investigation and remediation in cloud environments but are not all-encompassing and are provided for informational purposes only. CISA does not endorse any commercial product or service, including any subjects of analysis.

CISA encourages network defenders to take the measures above and consult the Free Tools for Cloud Environments factsheet to reduce the likelihood of a damaging cyber incident, detect malicious activity, respond to confirmed incidents, and strengthen resilience. 

Adobe has released security updates to address a critical vulnerability (CVE-2023-38203) affecting ColdFusion. An attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Adobe security release APSB23-41 and apply the necessary updates.

The National Cybersecurity Center of Excellence (NCCoE) today released for public comment the initial public draft of NIST Internal Report (NIST IR) 8473, Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure. The comment period is open through August 28, 2023.

About the Report

This Cybersecurity Framework Profile (Profile) has been developed for the Electric Vehicle Extreme Fast Charging (EV/XFC) ecosystem and the subsidiary functions that support each of the four domains: (i) Electric Vehicles (EV); (ii) Extreme Fast Charging (XFC); (iii) XFC Cloud or Third-Party Operations; (iv) and Utility and Building Networks. The document provides a foundation that relevant parties may use to develop profiles specific to their organization to assess their cybersecurity posture as a part of their risk management process. This non-regulatory, voluntary profile is intended to supplement, not replace, an existing risk management program or the current cybersecurity standards, regulations, and industry guidelines that are in current use by the EV/XFC industry.

Purpose

The EV/XFC Cybersecurity Framework Profile is designed to be part of an enterprise risk management program to aid organizations in managing threats to systems, networks, and assets within the EV/XFC ecosystem. The EV/XFC Cybersecurity Framework Profile is not intended to serve as a solution or compliance checklist. Users of this profile will understand that its application cannot eliminate the likelihood of disruption or guarantee some level of assurance.

Use of the Profile will help organizations:

• Identify key assets and interfaces in each of the ecosystem domains.
• Address cybersecurity risk in the management and use of EV/XFC services.
• Identify the threats, vulnerabilities, and associated risks to EV/XFC services, equipment, and data.
• Apply protection mechanisms to reduce risk to manageable levels.
• Detect disruptions and manipulation of EV/XFC services.
• Respond to and recover from EV/XFC service anomalies in a timely, effective, and resilient manner.

Submit Comments

The public comment period closes at 11:59 p.m. EDT on Monday, August 28, 2023. Please email all draft comments to evxfc-nccoe@nist.gov. We encourage you to submit all feedback using the comment template found on our project page.

Join the Community of Interest

If you have expertise in EV/XFC and/or cybersecurity, consider joining the Community of Interest (COI) to receive the latest project news and announcements. Email the team at evxfc-nccoe@nist.gov declaring your interest or complete the sign-up form on our project page.Learn More

Create more business impact using proactive and predictive analytics at Azure Virtual Training Day: Digitally Transform with Modern Analytics from Microsoft Learn. Join us for this free training event to learn how to build an analytics solution using Azure Synapse Analytics. Maximize your organization’s intelligent decision-making capabilities and learn to build an end-to-end solution by preparing data for storage, processing, and analysis. You will have the opportunity to: Create a data warehouse in the cloud. Accelerate your big data engineering with Spark in Azure Synapse Analytics. Build automated data integration with Azure Synapse Pipelines. Learn to perform operation analytics with Azure Synapse Link. Join us at an upcoming two-part event: Monday, August 14, 2023 | 9:00 AM – 12:15 PM | (GMT-08:00) Pacific Time (US & Canada) Tuesday, August 15, 2023 | 9:00 AM – 10:45 AM | (GMT-08:00) Pacific Time (US & Canada) Delivery Language: English Closed Captioning Language(s): English

REGISTER TODAY >

Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a remote code execution vulnerability exploited before disclosure to Microsoft via Word documents, using lures related to the Ukrainian World Congress.

Storm-0978 (DEV-0978; also referred to as RomCom, the name of their backdoor, by other vendors) is a cybercriminal group based out of Russia, known to conduct opportunistic ransomware and extortion-only operations, as well as targeted credential-gathering campaigns likely in support of intelligence operations. Storm-0978 operates, develops, and distributes the RomCom backdoor. The actor also deploys the Underground ransomware, which is closely related to the Industrial Spy ransomware first observed in the wild in May 2022. The actor’s latest campaign detected in June 2023 involved abuse of CVE-2023-36884 to deliver a backdoor with similarities to RomCom.

Storm-0978 is known to target organizations with trojanized versions of popular legitimate software, leading to the installation of RomCom. Storm-0978’s targeted operations have impacted government and military organizations primarily in Ukraine, as well as organizations in Europe and North America potentially involved in Ukrainian affairs. Identified ransomware attacks have impacted the telecommunications and finance industries, among others.

Microsoft 365 Defender detects multiple stages of Storm-0978 activity. Customers who use Microsoft Defender for Office 365 are protected from attachments that attempt to exploit CVE-2023-36884. In addition, customers who use Microsoft 365 Apps (Versions 2302 and later) are protected from exploitation of the vulnerability via Office. Organizations who cannot take advantage of these protections can set the FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION registry key to avoid exploitation. More mitigation recommendations are outlined in this blog.

Targeting

Storm-0978 has conducted phishing operations with lures related to Ukrainian political affairs and targeting military and government bodies primarily in Europe. Based on the post-compromise activity identified by Microsoft, Storm-0978 distributes backdoors to target organizations and may steal credentials to be used in later targeted operations.

The actor’s ransomware activity, in contrast, has been largely opportunistic in nature and entirely separate from espionage-focused targets. Identified attacks have impacted the telecommunications and finance industries.

Tools and TTPs

Tools

Storm-0978 uses trojanized versions of popular, legitimate software, leading to the installation of RomCom, which Microsoft assesses is developed by Storm-0978. Observed examples of trojanized software include Adobe products, Advanced IP Scanner, Solarwinds Network Performance Monitor, Solarwinds Orion, KeePass, and Signal. To host the trojanized installers for delivery, Storm-0978 typically registers malicious domains mimicking the legitimate software (for example, the malicious domain advanced-ip-scaner[.]com).

In financially motivated attacks involving ransomware, Storm-0978 uses the Industrial Spy ransomware, a ransomware strain first observed in the wild in May 2022, and the Underground ransomware. The actor has also used the Trigona ransomware in at least one identified attack.

Additionally, based on attributed phishing activity, Storm-0978 has acquired exploits targeting zero-day vulnerabilities. Identified exploit activity includes abuse of CVE-2023-36884, including a remote code execution vulnerability exploited via Microsoft Word documents in June 2023, as well as abuse of vulnerabilities contributing to a security feature bypass.

Read the full article on Microsoft Here

Get the skills to drive employee engagement at Microsoft 365 Virtual Training Day: Introduction to Microsoft Viva. Join us at this free event from Microsoft Learn to explore how the Viva employee experience platform works with Microsoft Teams to connect Viva Connections, Viva Insights, Viva Topics, and Viva Learning, helping you create more continuity and balance in a hybrid work environment. Learn how to help teams collaborate more effectively, use data-driven insights to work smarter, learn on the job, and nurture well-being. Discover how to create a more informed, connected, and inspired workforce and easily connect Viva with your existing systems and tools. You will have the opportunity to: Create a thriving culture that improves employee well-being through an employee experience platform. Use AI to recommend related documents and subject matter experts in the apps you use every day. Use data-driven, personalized insights to identify opportunities to improve employee well-being. Create a personalized destination for employees to discover relevant news, conversations, and the tools they need to succeed. Join us at an upcoming two-part event: Wednesday, August 9, 2023 | 10:00 AM – 12:20 PM | (GMT-05:00) Eastern Time (US & Canada) Thursday, August 10, 2023 | 10:00 AM – 11:45 AM | (GMT-05:00) Eastern Time (US & Canada) Delivery Language: English Closed Captioning Language(s): English

REGISTER TODAY >

NIST Digital Identity Events | Public Workshop (7/25) & Government-Only Meeting (7/26) Coming up in about two weeks! During these two separate events, NIST presenters will provide updates on Digital Identity Guidelines, share major themes from our recent public comment period, discuss plans for substantive updates and changes, and talk about the Identity and Access Management (IAM) Roadmap. Public Workshop (all are encouraged to attend) July 25, 2023 | 9:00 a.m. – 1:30 p.m. EDT | Hybrid Event (in-person and virtual) – Agenda just added! This event will give the public an opportunity to participate in discussions and talk about potential changes to our guidance as we continue the adjudication of comments received on NIST Special Publication 800-63, Digital Identity Guidelines (Draft NIST SP 800-63-4). The focus will be on key themes and major changes.Learn More & Register Now! NIST Cybersecurity and Privacy Program Questions/Comments about this notice: dig-comments@nist.gov NCCoE Website questions: nccoe@nist.gov