My information Resource (blog.mir.net)

URL: https://www.microsoft.com/security/blog/?p=91853

Overview: As you build your cybersecurity career, take advantage of important
new and proactive security configuration and management capabilities that will
help your organization ‘move left’ on understanding and reducing risk.

The post Microsoft
Security: Use baseline default tools to accelerate your security career
appeared first on Microsoft
Security. 

URL: https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/

Overview: We’re excited to release a new tool called OneFuzz, an extensible
fuzz testing framework for Azure.

The post Microsoft
announces new Project OneFuzz framework, an open source developer tool to find
and fix bugs at scale appeared first on Microsoft
Security.

Microsoft delivers unified SIEM and XDR to modernize security operations

https://www.microsoft.com/security/blog/2020/09/22/microsoft-unified-siem-xdr-modernize-security-operations/
Overview: The new Microsoft Defender is the most comprehensive XDR in the
market today and prevents, detects, and responds to threats across identities,
endpoints, applications, email, IoT, infrastructure, and cloud platforms.

The post Microsoft
delivers unified SIEM and XDR to modernize security operations appeared
first on Microsoft
Security.

—————————-

Enable secure remote work, address regulations and uncover new risks with
Microsoft Compliance
URL: https://www.microsoft.com/security/blog/2020/09/22/enable-secure-remote-work-address-regulations-microsoft-compliance/
Overview: A recent Microsoft poll of Chief Information Security Officers
(CISOs) revealed that providing secure remote access to resources, apps, and data
is their top concern.

The post Enable
secure remote work, address regulations and uncover new risks with Microsoft
Compliance appeared first on Microsoft
Security.

—————————-

Identity at Microsoft Ignite: Rising to the challenges of secure remote
access and employee productivity
URL: https://www.microsoft.com/security/blog/2020/09/22/microsoft-identity-ignite-rising-challenges-secure-remote-access-employee-productivity/
Overview: Keeping your users secure, wherever they are, has been our collective
priority. Identity remains the heartbeat of all the services your users rely
on.

The post Identity
at Microsoft Ignite: Rising to the challenges of secure remote access and
employee productivity appeared first on Microsoft
Security.

As co-chair of the The 2020 NY Metro Joint Cyber Security Conference i invite you to our conferance. The on-line conferance  will take
place virtually on October 22^nd.
NYMJCSC is now in its seventh year; featuring a keynote and
sessions aimed at various aspects of information security and technology.

NYMJCSC will also a post-conference online workshop
on October 23^rd featuring in-depth half-day
hands-on classroom-style educational courses to expand your knowledge and
foster security discussions.

NYMJCSC: Who We Are

The New York Metro Joint Cyber
Security Conference is a collaborative event cooperatively developed, organized
and sponsored by the leading information security industry organizations and
chapters.

Organizational Partners:

• InfraGard Members Alliance – New York Metro Chapter
• Information Systems Audit and Control Association
  (ISACA) – New Jersey Chapter
• Information Systems Audit and Control Association
  (ISACA) – Greater Hartford CT Chapter
• High Technology Crime Investigation Association (HTCIA)
  – New York City Metro Chapter
• Internet Society (ISOC) – New York Chapter
• Information Systems Security Association (ISSA) – New
  York Chapter

Community Partners:

• (ISC)² – New Jersey Chapter
• Information Systems Audit and Control Association
  (ISACA) – New York Metro Chapter
• Cloud Security Alliance (CSA) – New York Metro Chapter
• Association of Certified Fraud Examiners (ACFE) – New
  Jersey Chapter
• Association of Continuity Professionals (ACP) – New
  York City Metro Chapter

Driven by the collaboration between members of this
coalition, the strength of organizational membership, the provision of
desirable CPE credits and the concurrence of National Cyber Security Awareness
Month, the NYMJCSC promises — once again — to be well-attended by members of
the information technology, information security, audit, academic, and business
communities.

Schedule for Oct 22, 2020

8:45 am	Welcome & Introductions
9:00 am	Keynote	William Hugh Murray
9:45 am	Protecting the Big Apple: Managing Cyber Risk at the City Level	Munish Walther-Puri
10:30 am
10:45 am	Beyond Cybersecurity: Why, How, and What Do You Need to Know about Cyber Resilience?	Michael Melore, CISSP
11:30 am
12:15 pm
12:30 pm	Understanding AI’s Risks and Rewards	Mark Francis
1:15 pm	The Art of Social Engineering	John Pizurro
2:00 pm
2:15 pm	Boosting Cyber Resilience – Black Swans, Gray Rhinos and Coordinated Crisis Response	Beth Dunphy
3:00 pm	The OODA Loop for CISOs	Roselle Safran
3:45 pm
4:00 pm	Top Ten Challenges of Securing Smart Infrastructure	Niloufer Tamboly
4:45 pm	Closing Remarks & Raffle

_Schedule of Workshop and Topics Oct 23. 2020

AZ-900: Microsoft Azure Fundamentals
Instructor: Jay Ferron

In this full day
course students will learn the following information. This training is for
those who have heard about the cloud and now want to learn the Fundamentals.
Students will also learn how they can get a free account in Azure with a
$200.00 credit. This full day session will include lots of demos. Topics
include:

• Describe Cloud Concepts
• Describe the benefits and considerations of using
  cloud services
• Describe the differences between
  Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and
  Software-as-a-Service (SaaS)
• Describe the differences between Public, Private and
  Hybrid cloud models
• Describe Core Azure Services
• Describe the core Azure architectural components
• Describe some of the core products available in Azure
• Describe some of the solutions available on Azure
• Describe Azure management tools
• Describe Security, Privacy, Compliance, and Trust
• Describe securing network connectivity in Azure
• Describe core Azure Identity services
• Describe security tools and features of Azure
• Describe Azure governance methodologies
• Describe monitoring and reporting options in Azure
• Describe privacy, compliance and data protection
  standards in Azure
• Describe Azure Pricing, Service Level Agreements, and
  Lifecycles
• Describe Azure subscriptions
• Describe planning and management of costs
• Describe Azure Service Level Agreements (SLAs)
• Describe service lifecycle in Azur

Robotic Process Automation: The Promise, the Patterns,
and the Pitfalls
Instructors: Mike Ogrinz and John C. Checco

Automation (RPA/RDA)
is proliferating as it is being used to optimize mundane tasks, cut costs and
support Machine Learning and AI applications. Designing for automation is not
as simple as record and play, there are several major areas for consideration
to create robust but auditable RPAs. Topics include:

• Lesson 1: A Brief History of Robotics
• 1.1 Find out where it all began
• 1.2 Consider the modern robotics era
• 1.3 Discover the new tools bring to the table
• Lesson 2: The Patterns & Anti-Patterns
• 2.1 Learn a subset of patterns for deploying RPA to
  create value
• 2.2 Discover RPA use cases that undermine success
• Lesson 3: Governance and Controls
• 3.1 Responsible Automation . Why?
• 3.2 The Guardrails – Part I
• 3.3 The Guardrails – Part II
• Lesson 4: Demos
• 4.1 Experience demos of leading RPA tools and
  capabilities
• Lesson 5: The Future of RPA

To register go here: 

https://www.eventbrite.com/e/2020-ny-metro-joint-cyber-security-conference-workshop-registration-117659696319

 Original
release date: September 18, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency
Directive (ED) 20-04 addressing a critical vulnerability—
CVE-2020-1472—affecting Microsoft Windows Netlogon Remote Protocol. An
unauthenticated attacker with network access to a domain controller could
exploit this vulnerability to compromise all Active Directory identity
services.

Earlier this month, exploit
code for this vulnerability was publicly released. Given the nature of the
exploit and documented adversary behavior, CISA assumes active exploitation of
this vulnerability is occurring in the wild.

ED 20-04 applies to Executive Branch departments and agencies; however, CISA
strongly recommends state and local governments, the private sector, and others
patch this critical vulnerability as soon as possible. Review the following
resources for more information:

• CISA
  Emergency Directive 20-04: Mitigate Netlogon Elevation of Privilege
  Vulnerability from August 2020 Patch Tuesday
• CERT/CC
  Vulnerability Note [VU#490028]
• Microsoft
  Security Vulnerability Information for CVE-2020-1472
• Microsoft’s guidance on How
  to manage the changes in Netlogon secure channel connections associated
  with CVE-2020-1472

This eResouceKit is your guide to Working, Learning, and Living from Home, with your security and privacy defended. It will be a long and challenging road for us all, but we can and will get there, together by taking informed actions to gain control and risk prioritization during and after the pandemic – Cities and Communities, Businesses, First Responders, and Self-Employed/Gig Worker.

    Fortinet is leveraging curriculum from its NSE Institute’s training and certification program to offer 24 advanced security courses for free to help IT professionals expand their cybersecurity knowledge and address new risks.

    By learning about Fortinet technologies, such as FortiGate, FortiNAC and FortiManager, training participants will acquire an array of skills to defend any network against threats. Recorded lab demos for these courses will be available for on-demand viewing and supplemented with regularly scheduled live sessions with Fortinet Certified Trainers. During these live sessions, Trainers will be available to demo labs and conduct Q&A sessions. Anyone interested in getting started with Fortinet’s free training courses can visit here.

NIST
seeks feedback on Draft
NIST Special Publication (SP) 800-53B, Control Baselines for Information Systems and Organizations. 
SP 800-53B provides three security control baselines for low-impact,
moderate-impact, and high-impact federal systems, as well as a privacy control
baseline for systems irrespective of impact level. The security and privacy
control baselines have been updated with the controls described in SP 800-53,
Revision 5; the content of control baselines reflects the results of a
comprehensive interagency review conducted in 2017 and continuing input and
analysis of threat and empirical cyber-attack data collected since the update
to SP 800-53.

In
addition to the control baselines, this publication provides tailoring guidance
and a set of working assumptions to help guide and inform the control selection
process for organizations. Finally, this publication provides guidance on the
development of overlays to facilitate control baseline customization for
specific communities of interest, technologies, and environments of operation.
The control baselines were previously published in NIST SP 800-53, but moved so
that SP 800-53 could serve as a consolidated catalog of security and privacy
controls that can be used by different communities of interest.

In
addition to your feedback on the three security control baselines, NIST is also
seeking your comments on the privacy control baseline and the privacy control
baseline selection criteria.  Since the selection of the privacy control
baseline is based on a mapping of controls and control enhancements in SP
800-53 to the privacy program responsibilities under OMB Circular A-130,
suggested changes to the privacy control baseline must be supported by a
reference to OMB A-130.  Alternatively, you may provide a description and
rationale for new or modified privacy control baseline selection
criteria. 

Your
feedback on this draft publication is important to us. We appreciate each
contribution from our reviewers from the public and private sectors, nationally
and internationally, to help shape NIST publications to ensure they meet the
needs and expectations of our customers.

A public comment period for this document is open through
September 11, 2020. See the publication
details for a copy of the draft and instructions for providing
comments (including a comment template spreadsheet for your use).

NOTE:
A call for patent claims is included on page vi of this draft. For additional
information, see the Information
Technology Laboratory (ITL) Patent Policy–Inclusion of Patents in ITL
Publications.

Publication
details:
https://csrc.nist.gov/publications/detail/sp/800-53b/draft

     No More Ransom initiative, with four founding members, No More Ransom provides free decryption tools for ransomware and has been growing.

    The “No More Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, Kaspersky and McAfee with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.

    Since it is much easier to avoid the threat than to fight against it once the system is affected, the project also aims to educate users about how ransomware works and what countermeasures can be taken to effectively prevent infection. The more parties supporting this project the better the results can be. This initiative is open to other public and private parties. 

    The site also has a way to find out what your infected with, whether there is a solution available. If there is, we will provide you with the link to download the decryption solution.

       WannaCry additional prevention advice

1. Disable smb v1, this prevents Wannacry from spreading within your network.

2. Install the Microsoft patches, this also prevents Wannacry from spreading within your network. For more information click here.

How to prevent a ransomware attack?

1. Back-up! Back-up! Back-up! Have a recovery system in place so a ransomware infection can’t destroy your personal data forever. It’s best to create two back-up copies: one to be stored in the cloud (remember to use a service that makes an automatic backup of your files) and one to store physically (portable hard drive, thumb drive, extra laptop, etc.). Disconnect these from your computer when you are done. Your back up copies will also come in handy should you accidentally delete a critical file or experience a hard drive failure.

2. Use robust antivirus software to protect your system from ransomware. Do not switch off the ‘heuristic functions’ as these help the solution to catch samples of ransomware that have not yet been formally detected.

3. Keep all the software on your computer up to date. When your operating system (OS) or applications release a new version, install it. And if the software offers the option of automatic updating, take it.

4. Trust no one. Literally. Any account can be compromised and malicious links can be sent from the accounts of friends on social media, colleagues or an online gaming partner. Never open attachments in emails from someone you don’t know. Cybercriminals often distribute fake email messages that look very much like email notifications from an online store, a bank, the police, a court or a tax collection agency, luring recipients into clicking on a malicious link and releasing the malware into their system.

5. Enable the ‘Show file extensions’ option in the Windows settings on your computer. This will make it much easier to spot potentially malicious files. Stay away from file extensions like ‘.exe’, ‘.vbs’ and ‘.scr’. Scammers can use several extensions to disguise a malicious file as a video, photo, or document (like hot-chics.avi.exe or doc.scr).

6. If you discover a rogue or unknown process on your machine, disconnect it immediately from the internet or other network connections (such as home Wi-Fi) — this will prevent the infection from spreading.