macOS Configuration Guidance from the mSCP: Draft NIST SP 800-219r1 Available for Comment

 macOS Configuration Guidance from the mSCP: Draft NIST SP
800-219r1 Available for Comment

NIST requests comments on the initial public draft of Special
Publication (SP) 800-219r1, Automated Secure Configuration
Guidance from the macOS Security Compliance Project (mSCP)
. It
provides resources that system administrators, security professionals, security
policy authors, information security officers, and auditors can leverage to
secure and assess macOS desktop and laptop system security in an automated way.

This publication introduces the mSCP, describes use cases for
leveraging the mSCP content, and introduces a new feature of the mSCP that
allows organizations to customize security rules more easily. The draft also
gives an overview of the resources available on the project’s GitHub site,
which provides practical, actionable recommendations in the form of secure baselines
and associated rules and is continuously updated to support each new release of
macOS.

The public comment period is open
through April 27, 2023.
 See the publication
details
for a copy of the draft and instructions for submitting
comments.


NOTE:
A call for patent claims is included on page ii of this draft.
 For
additional information, see the 
Information Technology Laboratory
(ITL) Patent Policy–Inclusion of Patents in ITL Publications
.

Read More

Decision to Revise FIPS 180-4, Secure Hash Standard

In June 2022, NIST’s Crypto Publication Review Board initiated a review process for Federal Information Processing Standard (FIPS) 180-4, Secure Hash Standard (SHS), and received public comments. In December 2022, the board proposed revising FIPS 180-4 and received no additional comments on that proposed decision.
NIST has decided to revise FIPS 180-4 and will revise the text to: 

1. Remove the SHA-1 specification; 
2. Add any guidance from NIST Special Publication (SP) 800-107, Recommendation for Applications Using Approved Hash Algorithms, that belongs in this document; 
3. Improve the standard’s editorial quality; and
4. Update its references.
See the SHA-1 transition announcement.
The effort to develop the revised standard has not yet begun but will follow the typical process of releasing an initial draft for public comment. Monitor progress on CSRC News and CSRC Publications and by subscribing to email updates. 

 To read more go Here

E-book: Making Hybrid Work Work with Microsoft 365

 

Limited
resources can make it difficult to prioritize solutions that help
dispersed teams work and collaborate effectively. But streamlining your
organization’s digital landscape with fewer, more efficient
applications helps make a successful hybrid workplace
possible—improving productivity, collaboration, security, and IT
management.

In
this e-book, discover what leaders are saying about the challenges of
hybrid work and get tangible ways to overcome them. Learn why:

·       
Cloud applications are helping teams boost efficiency—and
why too many apps may have a negative impact on productivity.

·       
Relationship building from a digital-first perspective
helps foster a culture of collaboration.

·       
Adopting a Zero Trust strategy establishes a strong
foundation for security while reducing overall costs.

·       
The right digital tools help simplify IT management and
optimize your team’s time and resources.

To get the book go here

 

 

Adding IPv6 support to Azure Active Directory – March 7

Adding IPv6 support to Azure Active
Directory

 

We’re excited to bring IPv6 support
to Azure Active Directory (Azure AD) to support customers with increased
mobility and help reduce spending on fast-depleting expensive IPv4 addresses.
The meeting is targeted to all IT Professionals.

 Agenda:

  • Why
    are we introducing IPv6?
  • Rollout
    plan
  • What
    is the impact?
  • Steps
    to take before the enablement.

 Speakers:

Kunal Ghosh, Senior Product Manager, Identity
CxP

Lisa Huang-North, Senior Product Manager, Identity
CxP

Gautam Anand, Senior Product Manager, Identity
CxP

 

Go here to register 

Protecting your small business with Microsoft Free Session

 

Small
businesses are known for their agility and adaptability. Just as small
businesses must evolve with changing technology, it is important to
recognize changing landscape in cybersecurity.
Cyberattacks are increasingly targeting small businesses because they
typically do not have the same infrastructure as a large organization. But
what if your business could have a more comprehensive cybersecurity
strategy to combat the sophistication of evolving cyberthreats?
Join the experts at Maureen Data Systems and Microsoft for a live session
to learn how to protect your business with a more secure and cost-efficient
solution. Our experts will discuss:

  • How to promote secure collaboration and efficiency
    in hybrid work
  • How to enable a Zero-Trust strategy that can reduce
    the total cost of ownership across devices
  • How to protect customer and user data

Event
Details:

March 7, 2023
11:00 AM Pacific
Time / 2:00 PM Eastern Time


To register go here

2022 in review: DDoS attack trends and insights a Microsoft article

As organizations
strengthen their defenses and take a more proactive approach to
protection, attackers are adapting their techniques
and increasing the sophistication of their operations. Cybercrime continues to
rise with the industrialization of the cybercrime economy providing
cybercriminals with greater access to tools and infrastructure.

In the first half of
2022, the cyberthreat landscape was focused around the war in Ukraine and the
rise of nation state attacks and hacktivism across the world. In February,
Ukraine was hit with the largest distributed denial of service (DDoS) attack ever
in the country’s history, impacting government websites and banking web
services. As the conflict continued, there was a ripple effect to western
countries, including the UK, US, and Germany. UK financial services firms
experienced a significant increase in DDoS attacks as
they were heavily targeted by nation state attackers and hacktivists looking to
disrupt Ukraine’s allies.

Hacktivism continued
to be rampant throughout the year, including Taiwanese websites experiencing outages
in August 2022 due to DDoS attacks ahead of House Speaker Nancy Pelosi’s arrival
in Taiwan. Beyond attacks with political motives, DDoS attacks also impacted a
wide range of industries. In particular, the gaming industry continued to be
highly targeted. In March 2022, a DDoS attack brought down the game servers
of Among Us, preventing players from accessing the popular multiplayer game for
a few days. A new version of RapperBot (heavily
inspired by the Mirai botnet) was used in the second half of 2022 to target
game servers running Grand Theft Auto: San Andreas.

In this blog, we
share trends and insights into DDoS attacks we observed and mitigated
throughout 2022.

2022 DDoS attack
trends

Large volume of
attacks during the holiday season

In 2022, Microsoft
mitigated an average of 1,435 attacks per day. The maximum number of attacks in
a day recorded was 2,215 attacks on September 22, 2022. The minimum number of
attacks in a day was 680 on August 22, 2022. In total, we mitigated upwards of
520,000 unique attacks against our global infrastructure during 2022.


Figure 1. Attack
volume

This year, we saw a
lower volume of attacks in June through August and a high volume of attacks
during the holiday season until the last week of December. This is in line with
attacks trends we have seen in the last few years, except for 2021 where there
were fewer attacks during the holiday season. In
May, we mitigated a 3.25 terabits per second (TBps) attack in Azure, the
largest attack in 2022.

DDoS protection tip: Make sure to
avoid having a single virtual machine backend so it is less likely to get
overwhelmed. 
Azure DDoS Protection covers
scaled out costs incurred for all resources during an attack, so configure
autoscaling to absorb the initial burst of attack traffic while mitigation
kicks in.

TCP attacks remain
the most common attack vector

TCP attacks were the
most frequent form of DDoS attack encountered in 2022, comprising 63% of all
attack traffic, which includes all TCP attack vectors: TCP SYN, TCP ACK, TCP
floods, etc. Since TCP remains the most common networking protocol, we expect
TCP-based attacks to continue to make up most DDoS attacks. UDP attacks were
significant as well with 22% of all attacks (combined for UDP flood and UDP
amplification attacks), while Packet anomaly attacks made up 15% of attacks.

Figure 2. Attack type

Out of UDP flood
attacks, spoofed floods consumed most of the attack volume with 53%. The
remaining attack vectors were reflected amplification attacks, with the main
types being CLDAP, NTP, and DNS.

We observed TCP reflected amplification attacks becoming
more prevalent, with attacks on Azure resources using diverse types of
reflectors and attack vectors. This new attack vector is taking advantage of
improper TCK stack implementation in middleboxes, such as firewalls and deep
packet inspection devices, to elicit amplified responses that can reach
infinite amplification in some cases. As an example, in April 2022, we
monitored a reflected amplified SYN+ACK attack on an Azure resource in Asia.
The attack reached 30 million packets per second (pps) and lasted 15 seconds.
Attack throughput was not very high, however there were 900 reflectors
involved, each with retransmissions, resulting in high pps rate that can bring
down the host and other network infrastructure.

DDoS protection
tip: 
To
protect against UDP and TCP attacks, we recommend using Azure DDoS Protection.
For gaming customers, consider using 
A10 virtual appliances and Azure
Gateway Load Balancers to help with volume-based attacks.

Shorter attacks
continue to be 
popular.

Figure 3. Attack duration

Shorter duration
attacks were more commonly observed this past year, with 89% of attacks lasting
less than one hour. Attacks spanning one to two minutes made up 26% of the
attacks seen this year. This is not a new trend as attacks that are shorter
require less resources and are more challenging to mitigate for legacy DDoS
defenses. Attackers often use multiple short attacks over the span of multiple
hours to make the most impact while using the fewest number of resources.

Short attacks take
advantage of the time it takes systems to detect the attack and for mitigation
to kick in. While time to mitigation may only take one or two minutes, the
information from those short attacks can make it into the backend of services,
impacting legitimate usage. If a short attack can cause a reboot of the
systems, this can then trigger multiple internal attacks as every legitimate
user tries to reconnect at the same time.

To read the full article go here

 

You are invited! Microsoft Entra Identity Governance – Streamline Identity Lifecycle & Entitlements

 

Microsoft Entra Identity Governance –
Streamline Identity Lifecycle & Entitlements

 Please join us for this event,
Microsoft and Invoke would like to partner on a customer-facing webinar on
the topic of Identity Governance.

 Description:

Join Invoke and the
Microsoft Entra product group for an overview of Identity Governance and how
this Microsoft Cloud solution can help solve business challenges by
streamlining processes, reducing costs, and improving compliance. In this
session, we will align real-world use cases to specific Identity Governance
features including Lifecycle workflows, Entitlement management, Access
reviews, and Privileged identity management. Whether you’re a decision maker
or a technical influencer, this webinar is a must-attend event for anyone
looking to improve their organization’s security and compliance posture.

  March 8, 2023 9:00 -10:00 PST

      REGISTER HERE   

 

The 2022 Microsoft Digital Defense Report

Increase your cyber resiliency by acting on new threat intelligence insights from a diverse team of Microsoft security researchers.

As a company with billions of customers around the world, Microsoft has a unique vantage point to understand the scope and scale of digital threats around the globe.

The 2022 Microsoft Digital Defense Report is the culmination of threat intelligence data and insights gathered by a diverse group of Microsoft security professionals over the past year. Download the latest report to:

Learn about the state of cybercrime and the evolving threat landscape.

Explore the latest intel on hacking trends and attack methods that are growing in popularity.

Get data-backed advice on how to improve cyber resiliency and bolster your organization’s security posture.

Download
the 2022 Microsoft Digital Defense Report