Registration for Ability Summit is open

 

Registration is now open for Ability Summit
on May 5-6th. This two-day, free digital event brings
together people with disabilities, allies, and accessibility professionals to
Imagine, Build, Include, and Empower the future of disability
inclusion and accessibility.

  • Ability Summit will spotlight current and
    future accessibility technologies.
  • Speakers will include Microsoft
    executives, customers, partners, and leaders with disabilities.

Explore the Ability Summit site for more information
about the digital event.

Automation of the Cryptographic Module Validation Program (CMVP): Draft NCCoE Project Description

 

The
National
Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, Automation of the
Cryptographic Module Validation Program (CMVP).
Release of this project description begins a process to further identify
project requirements, scope, and hardware and software components for use in a
laboratory environment.

The
NCCoE will solicit participation from industry to demonstrate first-party and
third-party tests and test tools for automation of the CMVP, as well as
first-party processes and means for communicating the results to NIST.
Increased automation is necessary because a number of elements of the current
validation processes are manual in nature, making third-party testing and
government validation of cryptographic modules often incompatible with industry
requirements. In addition to demonstrating tests, tools, and processes, this
project will also result in practice descriptions in the form of white papers,
playbook generation, and implementation demonstrations, which aim to improve
the ability and efficiency of organizations.

The public comment period is open through May 12, 2021. See the publication
details for a copy of the draft and instructions for submitting
comments. You can also help shape and contribute to this project. Join the
Community of Interest by sending an email to applied-crypto-visibility@nist.gov.

Microsoft Security Blogs

 Title: International
Women’s Day: How to support and grow women in cybersecurity


URL: https://www.microsoft.com/security/blog/2021/03/08/international-womens-day-how-to-support-and-grow-women-in-cybersecurity/

itle: Whats new: Azure Sentinel and Microsoft 365 Defender incident
integration
URL: https://techcommunity.microsoft.com/t5/azure-sentinel/whats-new-azure-sentinel-and-microsoft-365-defender-incident/ba-p/2191090
Title: March Ahead with
Azure Purview: Unify ALL your data using Apache Atlas open API support
URL: https://techcommunity.microsoft.com/t5/azure-purview/march-ahead-with-azure-purview-unify-all-your-data-using-apache/ba-p/2185411

Microsoft Exchange Exploit

 

CISA
Strongly Urges All Organizations to Immediately Address Microsoft Exchange
Vulnerabilities

03/08/2021 07:31 PM EST

 

Original
release date: March 8, 2021

CISA has published a Remediating
Microsoft Exchange Vulnerabilities web page that strongly urges all
organizations to immediately address the recent Microsoft Exchange Server
product vulnerabilities. As exploitation of these vulnerabilities is widespread
and indiscriminate, CISA strongly advises organizations follow the guidance
laid out in the web page. The guidance provides specific steps for both leaders
and IT security staff and is applicable for all sizes of organizations across
all sectors.

New Microsoft Security Blogs

 Title: MCAS Data Protection
Blog Series: MCAS DLP Walk-Through

URL: https://techcommunity.microsoft.com/t5/microsoft-security-and/mcas-data-protection-blog-series-mcas-dlp-walk-through/ba-p/2169900


Title: Utilize Watchlists to Drive Efficiency During Azure Sentinel
Investigations
URL: https://techcommunity.microsoft.com/t5/azure-sentinel/utilize-watchlists-to-drive-efficiency-during-azure-sentinel/ba-p/2090711
Title: XLM + AMSI: New runtime
defense against Excel 4.0 macro malware
URL: https://www.microsoft.com/security/blog/2021/03/03/xlm-amsi-new-runtime-defense-against-excel-4-0-macro-malware/
Title: Information
protection strategies and roadmap to address issues around sensitive data
URL: https://techcommunity.microsoft.com/t5/microsoft-security-and/information-protection-strategies-and-roadmap-to-address-issues/ba-p/2160117

Apple Releases Security Updates

Original
release date: February 9, 2021

Apple has released security updates to address vulnerabilities in macOS Big
Sur 11.2, macOS Catalina 10.15.7, and macOS Mojave 10.14.6. An attacker could
exploit these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review the Apple security
update and apply the necessary updates. 

This product is provided subject to this Notification
and this Privacy
& Use policy.

Multiple Security Updates Affecting TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086

 Title:
Multiple Security Updates Affecting TCP/IP:  CVE-2021-24074, CVE-2021-24094,
and CVE-2021-24086

URL: https://msrc-blog.microsoft.com/2021/02/09/multiple-security-updates-affecting-tcp-ip/
Published On (YYYY-dd-MM):2021-09-02
Overview:
Today Microsoft released a set of fixes affecting Windows TCP/IP
implementation that include two Critical Remote Code Execution
(RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and
an Important Denial of Service
(DoS) vulnerability (CVE-2021-24086). The two RCE vulnerabilities are
complex which make it difficult to
create functional exploits, so they are not
likely in the short term. We believe attackers will be able to create
DoS exploits much more quickly and expect all three issues might
be exploited with a DoS attack shortly after
release. Thus, we recommend customers move …

Multiple Security Updates Affecting TCP/IP: 
CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086 Read More »

Azure AD B2C Deep Dive Webinar Series

 

Azure AD B2C
Deep Dive Webinar Series

Virtual
Event | 2/19 – 5/14, 2021 | 3:00 – 4:30pm, GMT

 

Please join us for Azure AD B2C
series. You can register for all sessions or pick topics of interest to you.

– Join
the entire series

Register here

 

Session 1 – February 19th –
Azure AD B2C overview

This session focuses on
understanding the use case and architecture for Azure AD B2C. When do I use
it? How does it work? How can I configure it? What is the roadmap? The
session will be a combination of slides and demos ranging from basic to more
advanced tasks.

Register here

 

Session 2 – March 12th – How
to deploy Azure AD B2C from scratch

Learn how to create your Azure
AD B2C environment, configure connections to identity providers, customize
attribute collection and add your branding:

  • Create your Azure
    AD B2C directory
  • Connect with
    social and enterprise identity providers
  • Integrate your
    applications and systems
  • Brand and
    customize the user experience

Register here

 

Session 3 – April 9th- Get started with Azure
AD B2C custom policies

Learn how to set up the Azure AD B2C policy and relying party
policies. Explorer the custom policy XML elements, and file structure.

  1. Deploy a custom
    policy starter pack (manual and automatically)
  2. Understanding the
    basics of custom policy: claims, claims transformation, user journeys, technical
    profile, and relying party policy.
  3. Customized your
    policy (add sign-in option with social IDP, customized the UX, and more)
  4. Troubleshooting

Register here

 

Session 4 – May 14th- Extend
B2C capability through ISV partner ecosystem

Learn how to extend B2C
capabilities through ISV partner ecosystem. Enable bot detection, fraud
protection, device fingerprinting and provide secure hybrid access to
on-premise/legacy applications with ISV partners.

Scenario:

  • Prevent
    fraudulent accounts from being created
  • Understand if
    user is logging in with a new or known device
  • Enable Azure AD
    B2C for on-premise  applications

Register here

 

We
look forward to you joining us!

Microsoft Warns of Windows Win32k Privilege Escalation

Original
release date: February 9, 2021

Microsoft has released a security advisory to address an escalation of
privileges vulnerability, CVE-2021-1732,
in Microsoft Win32k. A local attacker can exploit this vulnerability to take
control of an affected system. This vulnerability was detected in exploits in
the wild.

CISA encourages users and administrators to review Microsoft Advisory for
CVE-2021-1732 and apply the necessary patch to Windows 10 and Windows 2019
servers.

This product is provided subject to this Notification
and this Privacy
& Use policy.

Modernize Your Network Security Strategy free session

 

Microsoft Azure

 

Modernize Your Network Security Strategy

 

 

 

Take
a Zero Trust approach to secure your networks

You’re
not going to want to miss this great event. This is your chance to learn
how a Zero Trust approach can secure your cloud and hybrid networks.
You’ll be hearing firsthand from industry leaders how Azure network
security can help your organization. Sign up today.

 

Modernize Your Network Security Strategy
Thursday, February 18, 2021
10:00 AM–11:00 AM Pacific Time

Note: Registering with the button below will sign you up for this event
using the email address where you received this mail as well as the full
name, contact information, company, and country you previously provided.

To Register
here.

 

 

 

 

Ann Johnson
Corporate Vice President Business Development, Microsoft

 

 

Sinead
O’Donovan

Director of
Product Management for Azure Network Security, Microsoft

 

 

 

 

Privacy
Statement | Unsubscribe

 

Microsoft
Corporation
One Microsoft Way
Redmond, WA 98052

 

Microsoft