Increased risk of phishing scams following CrowdStrike outage

The Australian Signals Directorate has issued a warning about an increased risk of phishing scams following yesterday's CrowdStrike outage.

According to the alert, ASD’s ACSC has identified numerous malicious websites and unofficial code claiming to assist entities in recovering from the widespread outages caused by the CrowdStrike technical incident.

ASD’s ACSC strongly advises all consumers to obtain their technical information and updates directly from official CrowdStrike sources only. [Learn more here]https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/widespread-outages-relating-crowdstrike-software-update?fbclid=IwZXh0bgNhZW0CMTEAAR1veIrKLYJrloZIx7AvqS6Nlqv3UfvENiPg6lVbHUhffjbS_7HBzNQEGdI_aem_TUaGcC36MEN9SJxw0OUTnQ

It appears that threat actors are exploiting the #CrowdStrike situation through #phishing and #spoofing campaigns.

Here is a list of newly created domains https://urlscan.io/search/#crowdstrike*

Before clicking on any links, use tools like Domain Dossier, URLscan.io, and VirusTotal to check their authenticity — because threat actors never miss an opportunity to exploit a disaster.

#threatactors #hackers #CrowdStrike #phishing #urlscan #cybertip #VirusTotal #ASD #ACSC #AISA #Australia

Read More

Crowdstrike Global IT outage affecting computers around the world

A current worldwide #CrowdStrike issue causing #BSOD. Seen reports from  AU, NZ ,Japan, India. And Europe. The global computer outage affecting airports, banks and other businesses.

CrowdStrike’s cybersecurity software — used by numerous Fortune 500 companies, including major global banks, healthcare and energy companies — detects and blocks hacking threats. Like other cybersecurity products, the software requires deep-level access to a computer’s operating system to scan for those threats. In this case, computers running Microsoft Windows appear to be crashing because of the faulty way a software code update issued by CrowdStrike is interacting with the Windows system.

This issue is not impacting Mac- or Linux-based hosts

Some servers on perm and cloud and devices are not resuming correctly and are getting stuck in boot loops that have #Crowdstrike.

Some seen successful reboots which work for about 15 mins and then they stop and then go back into a boot loop.

Technical Breakdown

1. Crowdstrike publishes a content update for their threat feed, which is basically a list of patterns of “bad things” 

2. Software agents get this update and apply the controls to block things that match this pattern 

3. The update has a pattern which matches a critical Windows process but the software blocks it anyway

4. Windows crashes with a Blue Screen of Death (BSOD) and reboots 

5. On reboot, CrowdStrike kills the process again and Windows reboots

6. And it’s now a loop… There are various ways of fixing this but for most systems it will involve physically visiting every affected system, booting into “safe mode” and fixing the problem manually. 

For some cloud systems though, such as AWS, “safe mode” is not even possible so this fix doesn’t work. The virtual servers will need to be shut down, their disks cloned, attached to another server, edited to remove the offending files and then finally reattach to the original server.

BUT, if you’re protecting your data and using encryption at rest, you need to manually decrypt the disk with a BitLocker Recovery Key, which is probably - for most companies

Updated workaround steps:

Boot Windows into Safe Mode or the Windows Recovery Environment

Navigate to the C:\Windows\System32\drivers\CrowdStrike directory

Locate the file matching “C-00000291*.sys”, and delete it.

Boot the host normally.

Crowdstrike published a post with updated details for quering machine and how to fix here

https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/

This is really just a good reminder of how MANY systems are dependent on IT. 

Technology is engrained in every part of our lives. We don’t notice it when it’s working well. We only notice when something goes wrong. No one talks about how many millions of attacks were stopped, or upgrades that went smoothly. Everyone remembers the ones that didn't.

#Crowdstrike #update #BSOD #EDR #outage #ITissue

Read More

Free cyber security course. Delve into essential cybersecurity NIST Risk management frameworks

 🌟 Exciting Announcement Alert! Last week, NIST took a significant step in advancing cybersecurity education by releasing four introductory courses covering their flagship publications for FREE! 🆓

📘 Delve into essential cybersecurity frameworks with courses on:

- NIST SP 800-37, Risk Management Framework (RMF) 

- NIST SP 800-53, Security and Privacy Controls for Information Systems and Organizations

- NIST SP 800-53A, Assessing Security and Privacy Controls in Information Systems and Organizations

- NIST SP 800-53B, Control Baselines for Information Systems and Organizations

🔍 These meticulously curated courses offer unparalleled insights into cybersecurity best practices, delivered in a concise format designed to optimize learning efficiency. With just 60 minutes required for each course, professionals can easily incorporate this valuable knowledge into their busy schedules.

But the excitement doesn't stop there! NIST has also unveiled a comprehensive crosswalk between NIST CSF 2.0 and NIST SP 800-53, providing invaluable guidance for cybersecurity practitioners navigating these frameworks.

Some common question and answer regarding the course

Q: Are these courses self-guided or instructor-led?

A: The courses provided are self-guided online courses.

Q: Is there a fee to access these courses?

A: No. The NIST materials provided on the CSRC website, including the RMF and SP 800-53 series introductory courses, are free to any interested party.

Q: Is registration required?

A: No. Registration is not required to access the courses.

Q: Is there a quiz at the end of each course?

A: No, there are no quizzes at the end of each course. The material in each course is provided for informational purposes only.

Q: Are certificates issued upon completion of the courses?

A: At the end of each course presented on this NIST website, a certificate of course completion is provided as a courtesy. The certificate only identifies that the course material was viewed and does not attest to any qualifications, knowledge, or skill level resulting from the completion of the course.

Q: How do I print the certificate of completion?

A: Use the browser's print option, generally found in the browser menu, to print or capture a PDF of the course certificate. Please add your name and the date of completion to the certificate.

🔗 Dive into these invaluable resources today! Links to the crosswalk and courses can be found in here https://csrc.nist.gov/Projects/risk-management/rmf-courses

.Let's elevate our cybersecurity expertise together!

 💼 #NIST #Cybersecurity #ProfessionalDevelopment #KnowledgeIsPower

Read More

Securing Your Future: The Bright Outlook for Careers in Cybersecurity

The Bright Future of Careers in Cybersecurity. Explore the thriving job market, competitive salaries, and abundant growth opportunities in cybersecurity careers. Discover why a career in cybersecurity offers both financial rewards and the satisfaction of protecting our digital world

The landscape of cybersecurity careers is experiencing a significant uptrend, fueled by several driving forces:

Rising Cyber Threats:

The frequency, complexity, and cost of cyberattacks are on the rise. This escalating threat landscape is prompting organizations across all sectors to prioritize investments in robust cybersecurity measures.

Advancing Technologies:

The widespread adoption of cloud computing, mobile devices, and the Internet of Things (IoT) is expanding the attack surface for cyber threats. As a result, there is a growing need for skilled professionals to secure these evolving technologies.

Increased Awareness:

With cyberattacks making headlines, both businesses and individuals are increasingly recognizing the critical importance of cybersecurity. This heightened awareness is translating into a greater demand for qualified cybersecurity professionals across industries.

Here are four promising trends to consider when contemplating a career in cybersecurity:

1. Favorable Job Market:

According to recent projections from reputable sources, the global cybersecurity workforce is projected to face a shortage of millions of professionals by 2024. This significant talent gap indicates a thriving job market for individuals with the requisite skills and expertise.

2. Competitive Compensation:

Given the high demand for cybersecurity skills, professionals in this field can anticipate competitive salaries. Many positions offer lucrative earning potential, reflecting the value placed on cybersecurity expertise by organizations worldwide.

3. Abundant Growth Opportunities:

The cybersecurity landscape is dynamic and ever-evolving, presenting numerous avenues for career advancement and skill development. Professionals can specialize in various domains, pursue leadership roles, or explore adjacent fields such as cybercrime investigation.

4. Fulfilling Career Trajectory:

Beyond financial incentives, a career in cybersecurity offers the gratification of safeguarding sensitive information and critical infrastructure. It is a profession where individuals can actively contribute to protecting the digital realm and making a tangible difference in securing our interconnected world.

In conclusion, the outlook for cybersecurity careers is exceptionally promising, with abundant opportunities for growth, competitive compensation, and the chance to make a meaningful impact. For those considering a career in cybersecurity, the future is indeed bright and brimming with potential.

Read More

Navigating the Path to a Cybersecurity Career in Australia or anywhere : Roles, Opportunities, and Guidance

Embarking on a career in cybersecurity is an exciting journey filled with opportunities for growth and learning. With the ever-evolving digital landscape, the demand for skilled cybersecurity professionals continues to rise, making it an ideal time to explore this dynamic field. 

In this post, we will delve into the various roles available in cybersecurity, including specialized positions, and provide guidance on how to pursue them effectively in the Australian market

1. Blue Team Roles

   Security Analyst: Responsible for monitoring and analyzing security events, investigating incidents, and implementing defensive measures to protect an organization's systems and data.

   Security Operations Center (SOC) Analyst: Works in a SOC environment, monitoring security alerts, triaging incidents, and responding to threats in real-time.

   Incident Responder: Focuses on incident detection, containment, and recovery, coordinating response efforts during security breaches or incidents.

 Getting Started: Entry-level positions often require foundational knowledge of cybersecurity principles and tools. Pursue certifications like CompTIA Security+ and gain experience through internships, entry-level roles, or hands-on projects.

2. Red Team Roles:

   Penetration Tester (Pen Tester): Conducts authorized simulated attacks on systems and networks to identify vulnerabilities and assess security posture.

   Ethical Hacker: Utilizes hacking techniques and methodologies to identify and address security weaknesses in systems and applications.

   Security Consultant: Provides expertise in assessing and improving security controls, conducting security assessments, and recommending remediation measures.

   Getting Started: Develop technical skills in penetration testing, network security, and ethical hacking through hands-on labs, capture-the-flag (CTF) competitions, and certifications like Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP).

3. Compliance and Governance Roles:

   Governance, Risk, and Compliance (GRC) Analyst: Ensures adherence to regulatory requirements, industry standards, and internal policies, conducting risk assessments and developing compliance strategies.

   Security Auditor: Conducts audits of systems, processes, and controls to assess compliance with regulatory frameworks and industry standards.

   Getting Started: Gain knowledge of relevant regulations and standards such as GDPR, HIPAA, ISO 27001, and NIST Cybersecurity Framework. Pursue certifications like Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM).

4. Specialized Roles:

   Cloud Security Specialist: Focuses on securing cloud environments, ensuring the confidentiality, integrity, and availability of cloud-based assets and services.

   IoT Security Specialist: Addresses security challenges associated with Internet of Things (IoT) devices, networks, and ecosystems, ensuring the protection of connected devices and data.

   Industrial Control Systems (ICS) Security Analyst: Secures operational technology (OT) environments, including supervisory control and data acquisition (SCADA) systems and industrial control systems, against cyber threats.

   Getting Started: Gain specialized knowledge and skills through training programs, certifications, and hands-on experience in specific domains such as cloud security, IoT security, or industrial cybersecurity.

To pursue these roles, it's essential to continuously expand your knowledge, develop practical skills, and stay updated on emerging technologies and threats. Engage in professional development activities, participate in relevant communities and forums, and leverage networking opportunities to connect with industry professionals and explore career paths in cybersecurity. Additionally, consider pursuing advanced certifications and higher education programs to deepen your expertise and advance your career in the field

Getting Started in Cybersecurity: Your Roadmap to Success

Embarking on a career in cybersecurity can seem daunting, especially for newcomers to the field. However, with the right approach and resources, anyone can start their journey towards becoming a skilled cybersecurity professional.

Here's a comprehensive roadmap to help you get started:

1. Gain Foundational Knowledge: Begin by building a strong foundation in cybersecurity principles, concepts, and technologies. Consider enrolling in formal education programs such as cybersecurity-related courses, diplomas, or degree programs offered by universities or technical colleges. These programs cover essential topics such as network security, cryptography, risk management, and ethical hacking, providing you with a solid understanding of the fundamentals.

2. Explore Different Areas of Cybersecurity: Cybersecurity is a broad field with various specializations and career paths. Take the time to explore different areas of cybersecurity to discover where your interests and strengths lie.

The spectrum of skills required in Cyber is larger than that of most professions.

We need people who understand:

➡️ People Management

➡️ Security Compliance and Regulations

➡️ Governance and Risk Management

➡️ Legal and Ethical Considerations

➡️ Security Awareness, Training and Psychology

➡️ Engineering

➡️ Architecture

➡️ Endpoints & Networks

➡️ Secure DevOps (DevSecOps)

➡️ Threat Intelligence

➡️ Detection & Investigation

➡️ Incident Response

➡️ Security Research and Innovation

➡️ and more…

Truth is, effective Cyber Security is a team sport. One where a diverse group of people are working together, communicating and playing to our strengths.

Research roles such as security analyst, penetration tester, security consultant, or compliance officer to understand their responsibilities, required skills, and career prospects. Engage with online communities, forums, and professional networking platforms to connect with experienced professionals and learn from their experiences.

3. Pursue Certifications and Training: Certifications play a crucial role in validating your knowledge and skills in cybersecurity and are highly valued by employers. Consider obtaining industry-recognized certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or Certified Information Security Manager (CISM). These certifications demonstrate your expertise and commitment to the field, increasing your chances of landing a job in cybersecurity. Additionally, leverage online training platforms and resources such as Cybrary, Coursera, or Udemy to further enhance your skills and knowledge in specific areas of cybersecurity.

4. Gain Practical Experience: Hands-on experience is invaluable in cybersecurity and can significantly enhance your employability. Look for opportunities to gain practical experience through internships, co-op programs, or entry-level positions in cybersecurity-related roles. Many organizations offer internship programs specifically for cybersecurity students or recent graduates, providing valuable exposure to real-world cybersecurity challenges and environments. Additionally, consider participating in capture-the-flag (CTF) competitions, hackathons, or open-source projects to hone your technical skills and problem-solving abilities.

5. Network and Engage with the Cybersecurity Community: Networking is key to success in cybersecurity. Connect with professionals in the field, join online communities and forums, and attend industry events, conferences, and meetups to expand your network and learn from others. 

Join professional organizations like the Australian Information Security Association (AISA) or the Australian Computer Society (ACS) to connect with industry professionals and stay updated on the latest trends and developments. Attend events such as BSides, which offer networking opportunities and valuable insights into the cybersecurity community.

Engage with cybersecurity professionals on platforms like LinkedIn, Twitter, or Reddit, participate in discussions, ask questions, and seek mentorship opportunities. Building relationships with experienced professionals can provide valuable insights, guidance, and career opportunities in cybersecurity.

6. Continuously Learn and Stay Updated: Cybersecurity is a constantly evolving field, with new threats, technologies, and best practices emerging regularly. Stay updated on the latest trends, developments, and news in cybersecurity by following industry blogs, podcasts, and news sources. Subscribe to cybersecurity newsletters, join relevant online forums and communities, and participate in webinars, workshops, and training sessions to stay informed and expand your knowledge. Additionally, consider pursuing advanced certifications, attending conferences, or pursuing higher education programs to further develop your expertise and advance your career in cybersecurity.

By following this roadmap and taking proactive steps to build your skills, gain experience, and network with professionals in the field, you can kickstart your career in cybersecurity and embark on a rewarding and fulfilling journey in this dynamic and high-demand field.

Navigating a cybersecurity career in Australia requires dedication, continuous learning, and perseverance. By exploring different roles, gaining practical experience, and staying updated on industry trends, you can embark on a rewarding career path in cybersecurity and contribute to the protection of organizations against evolving digital threats.

For more guidance and resources on pursuing a cybersecurity career in Australia, stay connected with MaximisIT.net, your trusted partner in cybersecurity.

Read More

MGM Cyber Attack cost 110 Million

In September the hospitality and entertainment company #MGM Resorts was hit by a #ransomware attack that shut down its systems at MGM Hotels and Casinos.

The incident affected #hotel reservation systems in the United States and other IT systems that run the casino floors.

The company now revealed that the costs from the #ransomware attack have exceeded $110 million. The company paid third-party experts $10 million to clean up its systems.

Allegedly, a criminal gang made up of U.S. and U.K.-based individuals that cybersecurity experts call #Scattered Spider (aka Roasted 0ktapus, UNC3944 or Storm-0875) initiated a social engineering attack that led to the near shutdown of #MGM Resorts International.

Scattered Spider #encrypted several hundred of their #ESXi servers, which hosted thousands of VMs supporting hundreds of systems widely used in the hospitality industry. This caused cascading chaos. As the #ESXi hosts became encrypted one after another, the applications running on them crashed … one after another … after another. Hotel room keys no longer worked. Dinner reservation systems were down. Point-of-sale systems were unable to take payments. Guests were unable to check in or out. Slot machines were completely unavailable. At this point, MGM was hemorrhaging money – and potentially its credibility.

A nice deep technical Analysis by cyber #security company #CyberArk whic details the #attack based on the information currently available, analyze its root causes and discuss key takeaways to help organizations strengthen their security posture.

#cyber #databreach #socialengineering #ransomware #okta #security 

https://www.cyberark.com/resources/blog/the-mgm-resorts-attack-initial-anaysis

Read More

Developing and implementing security controls for Azure Active Directory (Azure AD)

Today we will share the list of things you need to consider for Developing and implementing security controls for Azure Active Directory (Azure AD):

1. Identify Azure AD Assets:

   - Create an inventory of all Azure AD assets, including user accounts, groups, applications, service principals, and Azure AD resources.

   - Document the purpose and sensitivity level of each asset.

   - Classify assets based on their importance and criticality to the organization, considering factors such as the data they provide access to or the applications they authenticate.

2. Perform a Risk Assessment:

   - Identify potential threats to your Azure AD environment, such as unauthorized access, identity theft, insider threats, or data breaches.

   - Assess vulnerabilities that could be exploited by conducting a comprehensive assessment of your Azure AD configuration and associated resources.

   - Evaluate the potential impact of each threat and vulnerability on the confidentiality, integrity, and availability of your Azure AD assets.

   - Determine the likelihood of each risk occurring based on historical data, industry trends, and the organization's threat landscape.

   - Prioritize risks based on their potential impact and likelihood, focusing on those with the highest potential risk to your Azure AD environment.

3. Define Security Objectives:

   - Review your organization's overall security strategy and compliance requirements, including any specific Azure AD security requirements.

   - Identify specific security objectives that align with these requirements and the risk assessment findings. Ensure these objectives are measurable and relevant to your organization's needs.

   - Examples of security objectives for Azure AD may include enforcing strong authentication policies, implementing conditional access controls, and protecting privileged accounts.

4. Select Security Controls:

   - Research and review Azure AD security best practices, Azure Security Center recommendations, and Azure AD-specific security frameworks.

   - Identify security controls available in Azure AD that address the identified risks and align with your security objectives.

   - Examples of security controls for Azure AD include enabling multi-factor authentication (MFA), implementing conditional access policies, using Azure AD Privileged Identity Management (PIM), and leveraging Azure AD Identity Protection.

   - Consider using Azure AD security features such as Azure AD Conditional Access, Azure AD Identity Governance, and Azure AD Privileged Identity Management to enhance your security posture.

5. Design Azure AD Security Architecture:

   - Plan the structure of your Azure AD tenant, considering factors such as the number of Azure AD directories, users, groups, and applications required.

   - Define the authentication and access models to be used, such as cloud-only identities, hybrid identities with Azure AD Connect, or federation with external identity providers.

   - Determine the appropriate Azure AD license level and edition based on your organization's needs for advanced security features.

   - Design RBAC roles and assignments for Azure AD resources, ensuring least privilege principles are followed.

   - Establish Azure AD security policies, including password policies, sign-in risk policies, and device compliance policies.

6. Implement Security Controls:

   - Enable multi-factor authentication (MFA) for Azure AD accounts, especially for privileged accounts and accounts with access to sensitive resources.

   - Implement conditional access policies to enforce granular access controls based on user, device, location, and risk factors.

   - Utilize Azure AD Identity Protection to detect and respond to suspicious sign-in activities and risky user behaviors.

   - Leverage Azure AD Privileged Identity Management (PIM) to manage and monitor privileged access to Azure AD and other Azure resources.

   - Regularly review and remediate risky sign-in events, risky users, and vulnerable configurations identified by Azure AD security features.

7. Provide User Training and Awareness:

   - Develop training materials and conduct sessions to educate users about Azure AD security best practices.

   - Train users on the importance of strong passwords, avoiding password reuse, and using MFA for enhanced security.

   - Educate users about recognizing and reporting phishing attempts, suspicious sign-in activities, and other potential security risks.

   - Raise awareness about the importance of safeguarding Azure AD credentials, avoiding sharing of accounts, and promptly reporting any unusual activities or potential security breaches.

8. Establish Incident Response Procedures:

   - Develop an incident response plan specifically for Azure AD security incidents.

   - Define roles and responsibilities for incident response team members, including those responsible for handling Azure AD security incidents.

   - Establish communication protocols and reporting mechanisms to ensure prompt detection, response, and resolution of Azure AD security incidents.

   - Document step-by-step procedures for isolating affected accounts, investigating potential breaches, resetting compromised credentials, and implementing necessary security measures to prevent future incidents.

   - Conduct regular drills and exercises to test the effectiveness of the incident response procedures and identify areas for improvement.

9. Implement Monitoring and Auditing:

   - Enable Azure AD auditing to track and monitor activities such as user sign-ins, application registrations, role assignments, and directory changes.

   - Utilize Azure AD logs and Azure Monitor to collect and analyze security-related events and alerts.

   - Configure alerts and notifications for suspicious activities, such as multiple failed sign-in attempts or privilege escalations.

   - Integrate Azure AD with a Security Information and Event Management (SIEM) system for centralized log management, analysis, and correlation.

   - Regularly review and analyze Azure AD logs and security reports to identify anomalies, detect security incidents, and take appropriate actions to mitigate risks.

10. Regular Assessment and Improvement:

   - Continuously assess the effectiveness of your Azure AD security controls.

   - Stay informed about Azure AD security updates, new security features, and best practices provided by Microsoft.

   - Conduct periodic security assessments and penetration testing to identify vulnerabilities and weaknesses in your Azure AD environment.

   - Monitor Azure Security Center recommendations and implement necessary security improvements.

   - Regularly review and update your Azure AD security controls, policies, and procedures to adapt to emerging threats, industry standards, and regulatory requirements.

Certainly! Here's an expanded and elaborated checklist for developing and implementing security controls in Azure AD and AWS:

Checklist for Azure AD Security:

------------------------------------

| Step                                      | Status 

1 Identify Azure AD Assets                  

  - List all Azure AD resources and services being used, such as users, groups, applications, and roles.      

2 Perform a Risk Assessment                

   - Identify potential threats and vulnerabilities specific to Azure AD.                                     

   - Assess the impact and likelihood of each risk.                                                        

3 Define Security Objectives               

  - Clearly define and document the desired security objectives for Azure AD.                             

  - Ensure objectives align with organizational requirements and compliance standards.                      

4 Select Security Controls                  

   - Research and identify Azure AD-specific security controls provided by Microsoft.                        

  - Choose controls that address identified risks and align with security objectives.                        

5 Design Azure AD Security Architecture    

   - Plan the structure of Azure AD, including directory structure and role assignments.                    

   - Define secure connectivity options and network configurations.                                          

  - Establish data encryption strategies for Azure AD.                                                     

6 Implement Security Controls               

   - Enable multi-factor authentication (MFA) for Azure AD users.                                          

   - Configure strong password policies and password rotation requirements.                                

   - Implement Azure AD Privileged Identity Management (PIM) for access management.                        

   - Enable auditing and logging for Azure AD activities.                                                          

7 Provide User Training and Awareness              

   - Educate users about Azure AD security best practices and potential threats.                            

   - Train users on recognizing and reporting security incidents or suspicious activities.                          

7 Establish Incident Response Procedures    

  - Develop an incident response plan specific to Azure AD security incidents.                                    

  - Define roles and responsibilities for incident response team members.                                          

  - Establish communication protocols and reporting mechanisms for incidents.                                    

9 Implement Monitoring and Auditing                  

  - Enable Azure AD auditing and configure logs for monitoring and analysis.                                       

   - Set up alerts and notifications for suspicious activities or policy violations.                                

   - Integrate Azure AD logs with a centralized logging and monitoring system.                                     

10 Regular Assessment and Improvement             

   - Conduct regular security assessments and vulnerability scans for Azure AD.                                    

  - Stay informed about Azure AD security updates and best practices.                                            

  - Continuously review and update Azure AD security controls and policies.                                     

Remember that security is an ongoing process, and it's important to regularly evaluate and improve the security posture of your Azure AD environment to stay ahead of potential threats and ensure the protection of your organization's identity and access management infrastructure.

Finally here is an excellent blogpost by Mandiant for cloud platform compromise with multiple components that would require investigation

https://www.mandiant.com/resources/blog/cloud-bad-log-configurations

Read More

Explore Microsoft Bing Chat

 

Explore Microsoft Bing Chat is a new feature that allows business users to interact with Microsoft Bing in a conversational way. You can ask Microsoft Bing questions, get insights, create content, and more in natural language. Microsoft Bing responds with informative, intuitive, logical, and actionable responses to help you get things done faster and easier.   In this blog post, we'll show you how to use Discover chat on Microsoft Bing and how it can benefit your work.

 

 Here are some steps to get started: 

• Go to https://www.bing.com and click  the chat icon in the lower right corner of the screen. 

•  Select your preferred language and mode from the options.You can switch between Balanced, Creative, and Precision modes according to your needs and preferences. 

• Type or speak your request or message to Microsoft Bing. 

• You can use voice input by clicking  the microphone icon next to the text box. 

• Microsoft Bing will respond with  relevant and engaging feedback, which can include web results, images, tables, lists, code blocks, LaTex expressions, and more. You can also see suggestions for the next user  at the bottom of the chat box.  

• You can continue the conversation by following the suggestions or by typing or speaking your own request or message. You can also click on the link or reference in the Microsoft Bing response to explore more information.
  

 

 

 

 

 

Chat on Microsoft Bing is a feature that allows you to interact with Bing in a conversational way. You can ask questions, get information, and even generate content using natural language. Chat on Microsoft Bing has three main components:

- Chat: This is where you can type your messages and see Bing's responses. You can also switch between different modes, such as Balanced, Creative, and Precise, to get different types of responses from Bing.

- Compose: This is where you can use Bing's creativity and intelligence to help you write or improve your own content. You can ask Bing to generate poems, stories, code, summaries, lyrics, and more. You can also ask Bing to rewrite, optimize, or enhance your content.

- Insights: This is where you can see additional information and details related to your chat messages. You can see web search results, question answering results, advertisements, and suggestions for the next user turn.

Microsoft Bing chat discovery is designed to help you find answers, create content, and complete tasks naturally and intuitively. Whether you need to research a topic, write a report, create a presentation, or just have  fun, you can use the Explore chat on Microsoft Bing to boost your productivity and creativity. Try it  today and let us know what you think.

Read More

Recommendations for Mitigating BianLian Ransomware Group attack

To enhance your organization's cybersecurity posture and counter the activities of the BianLian Ransomware Group, we advise implementing the following mitigations. These measures align with the Cross-Sector Cybersecurity Performance Goals (CPGs) developed by CISA and NIST (the National Institute of Standards and Technology). The CPGs outline a minimum set of practices and protections recommended for all organizations, based on existing cybersecurity frameworks and guidance that target common and impactful threats and tactics.

1. Reduce the risk of malicious actors using remote access tools by taking the following actions:

   - Conduct an audit of remote access tools on your network to identify authorized and currently used software.

   - Review logs to detect abnormal use of portable executable programs running remote access software.

   - Utilize security software capable of detecting instances where remote access software is loaded only in memory.

   - Allow authorized remote access solutions strictly from within your network, using approved methods like virtual private networks (VPNs) or virtual desktop interfaces (VDIs).

   - Block inbound and outbound connections on common remote access software ports and protocols at the network perimeter.

   - Implement application controls to manage and control the execution of software, including allowing only approved remote access programs.

   - Employ application allowlisting to prevent the installation and execution of unauthorized remote access software, including portable versions that evade traditional antivirus solutions.

For additional guidance, refer to the NSA Cybersecurity Information Sheet on enforcing signed software execution policies.

2. Strictly limit the use of Remote Desktop Protocol (RDP) and other remote desktop services. If RDP is necessary, adhere to best practices such as:

   - Conduct network audits to identify systems using RDP.

   - Close unused RDP ports.

   - Enforce account lockouts after a specified number of failed login attempts.

   - Implement phishing-resistant multifactor authentication (MFA).

   - Log RDP login attempts.

   - Disable command-line and scripting activities and permissions.

   - Restrict the use of PowerShell to specific users who manage the network or Windows operating systems.

   - Keep PowerShell updated to the latest version and uninstall older versions.

   - Enable enhanced PowerShell logging to capture valuable data for monitoring and incident response.

3. Review domain controllers, servers, workstations, and active directories to identify any new or unrecognized accounts. Audit user accounts with administrative privileges and configure access controls based on the principle of least privilege.

4. Reduce the risk of credential compromise by implementing the following measures:

   - Place domain admin accounts in the protected users' group to prevent local caching of password hashes.

   - Implement Credential Guard for Windows 10 and Server 2016, or enable Protected Process Light for Local Security Authority (LSA) on Windows Server 2012R2.

   - Avoid storing plaintext credentials in scripts.

   - Implement time-based access for admin-level accounts using methods like Just-in-Time (JIT) access provisioning.

In addition to the above recommendations, the FBI, CISA, and ACSC suggest the following mitigations to limit the adversarial use of system and network discovery techniques and reduce the impact and risk of ransomware or data extortion:

1. Develop and maintain a recovery plan that includes multiple copies of sensitive data and servers stored in physically separate, segmented, and secure locations. Maintain offline backups of data, following the 3-2-1 backup strategy (three copies, two media types, one off-site).

2. Ensure that all accounts with password logins comply with NIST standards for password policies. Use longer passwords, store passwords in hashed format using recognized password managers, add password user "salts" to shared login credentials, avoid password reuse, implement multiple failed login attempt account lockouts, disable password hints, and limit

Read More

Are you ready to break into the exciting and dynamic world of cybersecurity?

Are you ready to break into the exciting and dynamic world of cybersecurity? It's not just a job, it's a lifestyle that attracts a passionate and innovative community of professionals. If you're eager to join their ranks, follow these 10 steps to cheat your way to success!

1.Build a Strong Foundation - turbocharge your career with a comprehensive education in cybersecurity, available through a variety of programs like bootcamps, online courses, degrees, or certifications.

2. Master Technical Skills - impress potential employers by developing a wide range of technical proficiencies, including hardware, software, Windows/Linux, networking, vulnerability scanners, packet sniffers, Nmap, and other cutting-edge professional tools.

3.Network Like a Pro - build relationships with cybersecurity experts by joining local or online groups, meeting like-minded individuals, finding mentors, and learning from the best.

4.Gain Real-World Experience - demonstrate your value by volunteering your skills to help your community and participating in Capture the Flag events to gain hands-on experience.

5.Choose Your Specialty - customize your career path by specializing in a specific area of cybersecurity, such as offense, defense, GRC, sales, or other specialties.

6.Stay Ahead of the Curve - stay up-to-date with the latest cybersecurity trends, techniques, and tools by attending security conferences, reading blogs, and constantly improving your skillset.

7.Build Your Reputation - establish your professional presence online through social media, websites, blogs, podcasts, and other outlets. Give back to the cybersecurity community by sharing your knowledge and expertise.

8.Get Involved - gain exposure by participating in cybersecurity events and workshops, and volunteering to speak or teach whenever possible.

9.Stay Ethical - maintain a sterling reputation by always adhering to industry standards and best practices, and never attempting to breach security systems without permission.

10.Hone Your Soft Skills - sharpen your communication, problem-solving, and teamwork skills, which are essential to your success in the fast-paced world of cybersecurity.

By following these 10 steps, you'll be well on your way to building a successful and rewarding career in cybersecurity. Don't just dream about it – cheat your way to the top with these powerful tips and tricks!

Read More

Ransomware Response Plan

Here are the key steps for an effective response plan: 

 1. Don't Panic: 

- Stay calm and act purposefully when targeted by ransomware. 

- Seek help from security vendors or report the incident to your insurance company. 

 2. Isolate Your Systems and Stop the Spread:

 - Identify the range of the attack and implement network-level blocks or device-level isolation.

 - Utilize endpoint detection and response (EDR) technology to block the attack at the process level.

 3. Identify the Ransomware Variant: 

- Determine the specific strain of ransomware to understand its behavior and possible decryption options. 

 4. Identify Initial Access:

 - Determine the entry point of the attack to close security holes

. - Consult digital forensics teams and incident response experts if needed.

 5. Identify All Infected Systems and Accounts (Scope): - 

Identify active malware and persistent elements in systems communicating with the command-and-control server.

 6. Determine if Data Was Exfiltrated: 

- Look for signs of data exfiltration, such as large data transfers or unusual communications. 

 7. Locate Your Backups and Determine Integrity: -

 Ensure backup technology was not affected and scan backups for integrity.

 8. Sanitize Systems or Create New Builds: 

- Remove malware and incidents of persistence, or consider creating new, clean systems

. - Implement appropriate security controls to prevent reinfection.

 9. Report the Incident: 

- Report the incident and determine if law enforcement should be involved. Consider legal obligations regarding regulated data.

 10. Paying the Ransom? 

- Law enforcement advises against paying the ransom

. 11. Conduct a Post-Incident Review: 

- Evaluate the ransomware response and identify areas for improvement. 

- Simulate attack scenarios and consider proactive playbook building. 

- Consider external services if IT or security team staffing is limited.

Read More

Chat GPT Alternatives

OpenAI’s Chat GPT offers the reality of high-performing AI chatbots. The purpose of these chatbots is to communicate with users in a conversational manner. And being open source, users can suggest any improvements. 

As a result, this technology has taken the internet by storm. Millions of users are using it, but there have been some issues with this chatbot. Particularly when Chat GPT is at capacity and users cannot access it.

Therefore it’s good to know about some quality Chat GPT alternatives. Here are some options that can help you to level up with AI more easily if Chat GPT is not working for you. Some are more complex, and others far more accessible, while some are free and others have pricing structures too.

Chat GPT Alternatives – examples

Bloom

Blo Bloom om is an open-source multi-language model. This Chat GPT alternative added 384 graphic cards with a total of 80 GB of memory to 176 billion parameters to train – 1 billion more than the GPT 3 model.

Chinchilla

DeepMind researchers developed a project named Chinchilla, which is more intimately known as the GPT3 killer.

It’s an optimal computing model that has 70 billion protocols. It has four times more data than Gopher, also developed by DeepMind. Chinchilla is reportedly one of the best options for downstream evaluation tasks (also known as the task a user wants to solve).

It’s a top-notch AI-based writing tool and has educational data on history. Therefore, it can create articles with proper style and structure minus grammatical errors. Without human help, it can produce a useful and readable article in less than an hour.

Megatron-Turing Natural Language Generation

Microsoft and Nvidia made a language model with 530 billion parameters, making it bigger and better than others available. Called Megatron-Turing Natural Language Generation, it is one of the best English language models – trained on SuperPOD by the Selene supercomputer.

Jasper

Jasper AI is a writing model previously known as Jarvis. Jasper has bought other writing tools, such as Shortly AI and Headline, and these will be integrated into Jasper in the coming years.

You can select a topic and fill out the relevant form, and Jasper will create the article for you according to the instructions you have entered. Jasper has a 5-day free trial, with its ‘starter’ plan starting at $24 per month.

Replika

Replika is pretty close to Chat GPT in conversational uses, and you can have similar conversations here, too. It can talk and give text replies at any time without delay. It is primarily an AI chatbot you can use to discuss general topics like love and life, just like you do with friends.

ELSA

ELSA stands for English Language Speech Assistant, a language learning app. It is available on Android and iOS platforms to download. The app analyzes users’ speech and helps them learn and understand the language.

There are more Chat GPT alternatives too, some with more specific applications than others. Here’s a list of a few, including those mentioned above.

ELSA has free and Pro options and Pro costs $11.99 for one month, $8.66p/m for three months, and $6.25p/m for one-year access.

Final thoughts

We have discussed some of the top alternatives of Chat GPT above. You can perform a wide range of functions using these alternatives, and there are others too – including Rytr, Socratic and Faceapp – which uses AI modeling on imagery.

So, when Chat GPT is not working, you’re not sure about the price or if you require another specific application that is more easily served by an alternative, you can use one of these instead.

Read More

What is Phishing and key points to remember

What is phishing

Phishing is a type of online scam in which attackers send fraudulent emails or create fake websites with the intention of tricking individuals into divulging sensitive information such as login credentials, credit card numbers, and other financial information. The attackers often pose as trusted organizations or individuals and use various tactics to persuade the victim to click on a link or download an attachment. The link or attachment may contain malware that can infect the victim's device or redirect the victim to a fake website where they are prompted to enter their personal information.

Phishing attacks can be difficult to recognize because the attackers go to great lengths to make their emails and websites look legitimate. To protect against phishing attacks, it is important to be cautious when clicking on links or downloading attachments in emails, and to verify the authenticity of the sender and the website before entering any personal information. It is also a good idea to use a secure web browser and to keep your antivirus software up to date.

What is smishing

Smishing is a type of social engineering attack that involves the use of SMS text messages to trick individuals into divulging sensitive information or clicking on malicious links. Smishing attacks often target mobile phone users and can be used to steal personal information such as login credentials, credit card numbers, and other financial information. Smishers use a variety of tactics to lure victims into falling for their scams, including posing as trusted organizations or individuals, creating a sense of urgency or fear, and offering incentives or rewards. To protect against smishing attacks, it is important to be cautious when receiving text messages from unknown numbers and to verify the authenticity of the message before clicking on any links or providing personal information.

Different type of phishing and their defination

There are several different types of phishing attacks, including:

Spear phishing: This type of phishing attack is targeted at a specific individual or organization and often involves the attacker posing as someone the victim knows or trusts.

Whaling: Similar to spear phishing, but the target is a high-level executive or someone with significant influence within an organization.

Clone phishing: This type of attack involves the attacker sending a legitimate email or creating a fake website that is a copy of a legitimate one, but with a malicious link or attachment.

Vishing: This type of attack involves the use of voice calls or voicemails to trick victims into divulging sensitive information.

Impersonation attacks: These attacks involve the attacker pretending to be someone else, such as a colleague or a customer service representative, in order to obtain sensitive information.

CEO fraud: Also known as "business email compromise," this type of attack involves the attacker pretending to be the CEO or another high-level executive and requesting sensitive information or money from an employee.

Some key points to remember about phishing:

1. Be wary of unexpected or suspicious emails, especially those that contain links or attachments.
2. Do not click on links or download attachments from unfamiliar or untrusted sources.
3. Be cautious when providing personal or financial information online, especially in response to an email or unsolicited request.
4. Pay attention to the website's address, or URL, before entering sensitive information. Make sure it begins with "https" and has a lock icon, indicating that it is a secure site.
5. Use anti-virus and anti-malware software and keep it up-to-date.
6. Use strong and unique passwords for all of your accounts, and enable two-factor authentication if it is available.
7. Keep your operating system and other software up-to-date with the latest security patches.
8. Be aware of phishing attacks that use phone calls or text messages as well as email. Do not provide personal or financial information in response to unsolicited phone calls or text messages.

Remember, if something seems too good to be true or seems suspicious, it is always better to err on the side of caution and not click on links or download attachments from unfamiliar or untrusted sources.

Read More

How to become a successfull cyber security engineer from cyber security analyst

Here are some steps you can take to become a successful cyber security engineer from a cyber security analyst:

Build your technical skills: As a cyber security analyst, you may already have a strong foundation in cyber security technologies and practices. However, to become a cyber security engineer, you should aim to expand your technical skillset and knowledge in areas such as network security, security architecture, and system design.

Gain practical experience: Hands-on experience is crucial in the field of cyber security. Consider volunteering for security-related projects or internships to gain practical experience and build your portfolio.

Pursue additional certifications: Earning industry-recognized certifications such as the Certified Information Systems Security Professional (CISSP) can demonstrate your expertise and commitment to the field.

Develop your leadership skills: Cyber security engineering roles often involve leading and managing teams of analysts. To prepare for these responsibilities, consider taking courses or seeking opportunities to develop your leadership and management skills.

Stay up-to-date: The field of cyber security is constantly evolving, so it's important to stay current with the latest technologies, trends, and best practices. Consider joining professional organizations or attending conferences to stay informed and connected to the industry.

Read More

What are the key tools to know for cyber security engineering role

Here are some key tools that are commonly used in cyber security engineering roles:

Network monitoring tools: These tools allow security engineers to monitor network traffic and identify unusual activity or potential threats. Examples include Wireshark, Splunk, and SolarWinds.

Vulnerability scanners: These tools scan systems and networks for known vulnerabilities and provide recommendations for remediation. Examples include Nessus, Qualys, and Rapid7.

Security information and event management (SIEM) systems: These systems collect and analyze security-related data from various sources to identify potential threats and provide alerts. Examples include Splunk, LogRhythm, and IBM QRadar.

Password managers: These tools help security engineers store and manage complex passwords securely. Examples include LastPass and 1Password.

Encryption tools: These tools are used to protect data by encoding it in a way that can only be accessed by those with the correct decryption key. Examples include BitLocker (for Windows) and FileVault (for Mac).

Firewalls: These tools act as a barrier between a network and the Internet, blocking unauthorized access and protecting against cyber threats. Examples include Palo Alto Networks and Check Point.

Risk assessment and management tools: These tools help security engineers identify and prioritize risks, and develop strategies for mitigating them. Examples include GRC platforms such as RSA Archer and MetricStream.

Read More