Digital event: Reimagine secure access with Microsoft Entra

Identity is your first line of defense. And with cyberthreats continually growing in volume and sophistication, identity and access must evolve to be more resilient and effective. Hear about the latest innovations and how to strengthen your defenses at Reimagine secure access with Microsoft Entra. Join this digital event to explore ways to: Provide secure access for any identity to any application or resource across your on-premises and multicloud environment. Keep up with a rapidly expanding and evolving cyberthreat landscape by optimizing your tech stack. Reduce your attack surface while improving experiences for all users—no matter where they are.
Reimagine secure access with Microsoft Entra
Tuesday, June 20, 2023
9:00 AM – 10:30 AM Pacific Time (UTC-7)

Please register here

WordPress 6.2.1 Security & Maintenance Release

WordPress 6.2.1 is now available!

This minor release features 20 bug fixes in Core and 10 bug fixes for the block editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.

This release also features several security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 4.1 have also been updated.

WordPress 6.2.1 is a short-cycle release. The next major release will be version 6.3 planned for August 2023.

If you have sites that support automatic background updates, the update process will begin automatically.

You can download WordPress 6.2.1 from, or visit your WordPress Dashboard, click “Updates”, and then click “Update Now”.

For more information on this release, please visit the HelpHub site.

Security updates included in this release

The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release.

  • Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue
  • A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
  • A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit
  • Bypassing of KSES sanitization in block attributes for low privileged users; discovered during a third party security audit.
  • A path traversal issue via translation files; reported independently by Ramuel Gall and during a third party security audit.

Requested on Proposed Updates to NICE Framework Work Role Categories and Work Roles

In our continuing effort to improve the Workforce Framework for Cybersecurity (NICE Framework) as a fundamental reference resource, the National Initiative for Cybersecurity Education (NICE) announced on April 18, 2023 updates to NICE Framework Work Role Categories and Work Roles.  The proposed updates are based on feedback from the community during previous calls for comments, during regular engagement with stakeholders, and through consultations with subject matter experts. The updates focus on improving clarity, consistency, and accuracy to increase the usefulness of this resource.  Updates include: Minor changes to Work Role Category names, descriptions, and ordering.  Updates to Work Role names, minor updates to Work Role descriptions, and new Work Role IDs to reflect category updates and remove reference to deprecated Specialty Areas. An overview of the proposed updates is provided in “NICE Framework Work Role Categories and Work Roles: An Introduction and Summary of Proposed Updates”.

Guidelines for Managing the Security of Mobile Devices in the Enterprise

Guidelines for Managing the Security of Mobile Devices in the Enterprise: NIST Publishes SP 800-124 Revision 2

Today mobile devices are ubiquitous, and they are often used to access enterprise networks and systems to process sensitive data. NIST Special Publication (SP) 800-124 Revision 2, Guidelines for Managing the Security of Mobile Devices in the Enterprise, assists organizations in managing and securing mobile devices against the ever-evolving threats. To address these threats, this publication describes technologies and strategies that can be used as countermeasures and mitigations.

NIST SP 800-124 Rev. 2 also provides recommendations for secure deployment, use, and disposal of mobile devices throughout the mobile device life cycle. The scope of this publication includes mobile devices, centralized device management, and endpoint protection technologies, while including both organization-provided and personally-owned (bring your own device) deployment scenarios.

Read More

Microsoft Security Virtual Training Day: Defend Against Threats and Secure Cloud Environments

Grow your skills at Security Virtual Training Day: Defend Against Threats and Secure Cloud Environments from Microsoft Learn. At this free event, you’ll learn to perform advanced hunting, detections, and investigations, and remediate security alerts with Microsoft Defender and Microsoft Sentinel. Using automated extended detection and response (XDR) in Microsoft Defender and unified cloud-native security information and event management (SIEM) through Microsoft Sentinel, you’ll learn to confidently perform investigations and remediations to help defend against threats. You will have the opportunity to: Learn how to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender. Use Microsoft Defender for Cloud to perform cloud security posture management and to help protect cloud workloads. Understand ways to help protect people and data against cyberthreats with Microsoft technologies. Join us at an upcoming two-part event:
Wednesday, June 14, 2023 | 10:00 AM – 12:45 PM | (GMT-05:00) Eastern Time (US & Canada)
Thursday, June 15, 2023 | 10:00 AM – 12:00 PM | (GMT-05:00) Eastern Time (US & Canada)

Delivery Language: English
Closed Captioning Language(s): English

Cyber Defense Education and Training (CDET) Offerings for May – June 2023

 In May and June, U.S. Executive Branch employees and contractors can participate in eleven CDM Dashboard courses, including the new CDM and Federal Mandates- Featuring how to use the CDM Dashboard to enable automated BOD-22-01 Reporting course. This course presents information regarding current federal cybersecurity directives, mandates and policies, and how they can be supported by the CDM Agency Dashboard. Featured prominently will be details on how to use the CDM Dashboard to enable automated BOD-22-01 Reporting.
Incident Response (IR): This free training series includes 100-level webinars for a general audience which are cybersecurity topic overviews that provide core guidance and best practices to make your network more resilient to attacks. It also includes 200-level Cyber Range Training courses for government employees and contractors across Federal, State, Local, Tribal, and Territorial government, educational partners, and critical infrastructure partners. These Cyber Range Trainings provide guided step-action labs to learn and practice investigation, remediation and incident response skills. Additionally, we are in the process of changing the registration period from opening one month before the course date to opening two months before the course date.
IR Training Events through June 2023 Date Course Code Registration Opens Course Hours                     06/06/2023 IR108 05/05/2023
Indicators of Compromise 1 06/15/2023 IR208 05/15/2023
Understanding Indicators of Compromise 4 06/21/2023 IR104 05/19/2023 Defending Internet Accessible Systems 1 06/22/2023 IR210 05/22/2023 Introduction to Log Management 4
To learn more or register visit: Industrial Control Systems (ICS):

We offer free, virtual ICS trainings geared toward Critical Infrastructure owners and operators. The trainings are designed to reduce cybersecurity risks to critical infrastructure and encourage cooperation between CISA and the private sector. Trainings vary in length and run from 8:00 a.m. – 5:00 p.m. MDT (10:00 a.m. – 7:00 p.m. EDT). All trainings are conducted through Online Training or CISA Virtual Learning Portal (VLP), with the exception of the three- or four-day, in-person courses at Idaho National Labs (INL) in Idaho Falls, ID.
ICS Training Events through June 2023 Date Course Code Course Location 05/23/2023-05/25/2023 401L
Industrial Control Systems Evaluation Training –
In-Person 3 Days
IN-PERSON TRAINING (3 days) 06/05/2023-06/23/2023 401v Industrial Control Systems Evaluation (401v) Scheduled Online Training 06/05/2023-06/23/2023 301v
Industrial Control Systems Cybersecurity (301v) Scheduled Online Training 06/05/2023-06/08/2023 301L
Industrial Control Systems Cybersecurity Training –
In-Person 4 Days

IN-PERSON TRAINING (4 days) 06/27/2023-06/29/2023 401L

Industrial Control Systems Evaluation Training –
In-Person 3 Days
IN-PERSON TRAINING (3 days) On Demand 100W

Operational Security (OPSEC) for Control Systems CISA Training Virtual Learning Portal (VLP) On Demand 210W-1
Differences in Deployments of ICS CISA Training Virtual Learning Portal (VLP) On Demand 210W-2
Influence of Common IT Components on ICS CISA Training Virtual Learning Portal (VLP) On Demand 210W-3
Common ICS Components CISA Training Virtual Learning Portal (VLP) On Demand 210W-4
Cybersecurity within IT & ICS Domains CISA Training Virtual Learning Portal (VLP) On Demand 210W-5
Cybersecurity Risk CISA Training Virtual Learning Portal (VLP) On Demand 210W-6
Current Trends (Threat) CISA Training Virtual Learning Portal (VLP) On Demand 210W-7
Current Trends (Vulnerabilities) CISA Training Virtual Learning Portal (VLP) On Demand 210W-8
Determining the Impacts of a Cybersecurity Incident CISA Training Virtual Learning Portal (VLP) On Demand 210W-9
Attack Methodologies in IT & ICS  CISA Training Virtual Learning Portal (VLP) On Demand 210W-10
Mapping IT Defense-in-Depth Security Solutions to ICS –
Part 1 
CISA Training Virtual Learning Portal (VLP) On Demand 210W-11
Mapping IT Defense-in-Depth Security Solutions to ICS –
Part 2 
CISA Training Virtual Learning Portal (VLP) On Demand FRE2115 Industrial Control Systems Cybersecurity Landscape for Managers CISA Training Virtual Learning Portal (VLP) To learn more or sign up, visit:
*The following virtual courses are prerequisites to attending in-person 301 and 401 trainings hosted by CISA at the Idaho National Laboratory: ICS 301v: Focuses on understanding, protecting and securing ICS from cyberattacks. ICS 401v: Focuses on analyzing and evaluating an ICS network to determine its defense status and what changes need to be made.
CISA’s Cybersecurity Workforce Training for Underserved Communities and CyberWarrior: CISA’s non-traditional training program grantee, CyberWarrior, increases opportunity and economic mobility for people of all backgrounds through training, mentorship and technology. Through its CyberWarrior Academy, it delivers hands-on, intensive, lab-driven technical training in cybersecurity methods and procedures.
CyberWarrior Training Events Date Audience Course 05/18/2023  General Public 
May Master Class – Ransomware  May Master Class |  06/15/2023 General Public
June Master Class – Social Engineering June Master Class | 07/13/2023 General Public
July Master Class – DeepFakes July Master Class | 08/17/2023 General Public
August Master Class – Open Source Intelligence August Master Class | 09/14/2023 General Public
September Master Class – Incident Response September Master Class |
To learn more or sign up, visit:  

Federal Cyber Defense Skilling Academy: The Federal Cyber Defense Skilling Academy helps civilian federal employees develop their cyber defense skills through training in the baseline knowledge, skills and abilities of a Cyber Defense Analyst (CDA). Students will have the opportunity to temporarily step away from their current role while they participate in the intense, full-time, three-month accelerated training program. The course provides valuable opportunities to practice new CDA skills in a lab environment. As an added incentive, students will receive CompTIA Security+ training during the last two weeks of the Skilling Academy and a voucher to take the certification exam. Please note, applications for each cohort are due approximately one month before the program begins. Visit our website for details on how to apply.
Skilling Academy Cohorts 2023 Date  Audience  Event  05/22/2023 DHS Employees Second May 2023 Program Begins
To learn more or register, visit: 

CISA’s K – 12 Cybersecurity Education Training Assistance Program (CETAP): Through CISA’s CETAP grantee, CYBER.ORG, we offer K-12 teachers with cybersecurity curricula and education tools. CYBER.ORG develops and distributes free cybersecurity, STEM and computer science curricula to K-12 educators across the country. Below are upcoming training events through CYBER.ORG.
CYBER.ORG Training Events through June 2023 Date Audience Course 06/20/2023-06/22/2023 K-12 Educators

CYBER.ORG EdCon: CYBER.ORG’s national conference designed to inspire and empower novice and expert cybersecurity K-12 educators alike. EdCon | 06/26/2023-06/30/2023 High School Teachers

Cybersecurity Bootcamp for 9-12 Teachers: This bootcamp is a weeklong event that prepares teachers to teach CYBER.ORG’s High School Cybersecurity course. Cybersecurity Bootcamp |

To learn more or sign up, visit:  
Continuous Diagnostics and Mitigation (CDM): We offer instructor led, hands-on CDM Agency Dashboard training for U.S. Executive Branch employees and contractors in our cyber range virtual training environment. These courses are intended for those at agencies participating in the CDM program who monitor, manage and/or oversee controls on their information systems (e.g., ISSOs, CDM POCs, ISSMs and those who report metrics and measures). All courses will be taught using the latest version of the CDM Dashboard (ES-5) using a virtual training range.
The newest offering is the CDM220 Federal Mandates and BOD 22-01 & 23-01 Reporting course, which will focus on the newest version ES-6 of the CDM Dashboard.
CDM Training Events through June 2023 Date Course Code Registration Opens Course Hours                     05/24/2023 CDM210 04/24/2023
Introduction to CDM Enabled Threat Hunting (CETH) 4 06/01/2023 CDM220 05/01/2023
CDM and Federal Directives 4 06/07/2023 CDM111 05/08/2023
Analyzing Cyber Risk (In-Person) 7 06/08/2023 CDM111 05/08/2023
Analyzing Cyber Risk (In-Person) 7 06/13/2023 CDM142 05/12/2023
Asset Management with the CDM Agency Dashboard 4 06/27/2023 CDM201 05/26/2023
Identity and Access Management with the CDM Dashboard 4

To learn more or register visit:  
CDET MissionCDET Vision
Address today’s cyber workforce challenges through innovative education and training opportunitiesLead and influence national cyber training and education to promote and enable the cyber-ready workforce of tomorrow
Contact Us:
Learn More Here

New Free Open-Source Hunt and Incident Response Tool

CISA, in coordination with Sandia National Laboratories, released a free, open-source hunt and incident response tool, known as Untitled Goose to the CISA GitHub Repository in March. Untitled Goose Tool adds novel authentication and data gathering methods to help network defenders analyze Microsoft cloud services and detect potentially malicious activity in Microsoft Azure, Active Directory (AAD), and Microsoft 365 (M365) environments. Users can run Untitled Goose Tool once, as a snapshot in time, or routinely. For certain log types, the tool will pick up from the last time it was executed.

CISA advises users to employ Untitled Goose Tool to:

  • Export and review AAD sign-in and audit logs, M365 unified audit log (UAL), Azure activity logs, Microsoft Defender for IoT (internet of things) alerts, and Microsoft Defender for Endpoint (MDE) data for suspicious activity.
  • Query, export, and investigate AAD, M365, and Azure configurations.

The repository has already garnered over 23,000 unique visitors and received 668 stars from the community. CISA welcomes user contributions to add new features or further build out the tool via the Untitled Goose Tool GitHub Repository.

Learn More Here

StopRansomware: BianLian Ransomware Group

This Joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and Australian Cyber Security Centre (ACSC) are releasing this Joint Cybersecurity Advisory to disseminate known BianLian ransomware and data extortion group IOCs and TTPs identified through FBI and ACSC investigations as of March 2023.
BianLian is a ransomware developer, deployer, and data extortion cybercriminal group who has targeted organizations in multiple U.S. critical infrastructure sectors since June 2022. They have also targeted Australian critical infrastructure sectors in addition to professional services and property development. The group gains access to victim systems through valid Remote Desktop Protocol (RDP) credentials, use open-source tools and command-line scripting for discovery and credential harvesting, and exfiltrate victim data via File Transfer Protocol (FTP), Rclone, or Mega. BianLian group actors then extort money by threatening to release data if payment is not made. BianLian group originally employed a double-extortion model in which they encrypted victims’ systems after exfiltrating the data; however, around January 2023, they shifted to primarily exfiltration-based extortion.
The FBI, CISA, and ACSC encourage critical infrastructure organizations and small and medium-sized organizations to implement the recommendations in the mitigations section of this Joint Cybersecurity Advisory to reduce the likelihood and impact of BianLian and other ransomware incidents.

Reduce hybrid work vulnerabilities with identity-driven security

  Read the e-book   
  As more companies embrace remote and hybrid work, they face greater vulnerabilities and inefficiencies with employees having multiple sign-ons. The e-book A Modern Workforce Requires Integrated, Identity-Driven Security unpacks these vulnerabilities and discusses how: Managing different point solutions to improve security or using separate sign-ons for cloud productivity tools creates unnecessary security gaps and unknown risks.An integrated approach streamlines security across on-premises and multicloud environments, spanning all endpoints, apps, and workloads.Machine learning and connected intelligence in Azure Active Directory (AD) monitor for suspicious activity and offer real-time assistance against breaches from lost or stolen identities.