Unleashing Innovation: Navigating the Future of Cybersecurity, DevOps, and Digital Identity

Are you ready to stay ahead in a world where innovation is the key to security and success?

This edition takes you through the latest breakthroughs and challenges in digital identity, cybersecurity, and AI. We explore how IAM professionals are becoming pivotal in the fight against cyber threats, delve into the tools revolutionizing DevOps, and discuss new standards setting the stage for a more secure future. Discover how embracing innovation can help you navigate and thrive in this rapidly evolving digital landscape.

Identity:

You're Just A IAM Professional In A Cybersecurity World... Time to Read: 4 - The author reflects on the end of the intern season and the hopes and dreams of young professionals entering the workforce. They discuss their own experience in education and working with students in various fields. The author believes that identity and access management (IAM) is often overlooked in universities and shares their perspective on its importance in the world of cybersecurity. The author also mentions the rise of a new role, the IAM SOC Analyst, and the importance of having fresh faces and skills in the trenches of IAM.?

Implementing Passkeys with Tarek Dawoud - The webpage discusses the concept of passkeys, a form of passwordless access, in a conversation between Richard and Tarek Dawoud from Microsoft. Tarek explains the FIDO alliance and its efforts to create authentication strategies that are less vulnerable to phishing attacks. The use of passkeys is a rebranding of passwordless authentication to make it more user-friendly and highlights the importance of using passkeys over traditional passwords. The conversation also mentions the ongoing development of passkey products and how they can help organizations become more resistant to phishing attempts.?

Security:??

Issues Tips for Better Logging, Threat Detection in LotL Incidents Time to Read: 1 - The NSA, along with other international agencies, has released a publication outlining best practices for event logging and threat detection against cyber threats using living-off-the-land techniques. This document covers various areas such as cloud services, enterprise networks, mobile devices, and critical infrastructure. The guidelines are aimed at senior IT decision-makers, operational technology operators, and network administrators and focus on topics such as logging policy, centralized log access, secure storage, and detection strategies.?

Qilin ransomware now steals credentials from Chrome browsers - Qilin ransomware group has recently been observed using a new tactic where they deploy a custom stealer to steal account credentials from Google Chrome. This has been noted by the Sophos X-Ops team and marks a concerning shift in the ransomware scene. The attack involves gaining access to a network using compromised VPN credentials and then laying dormant for 18 days, possibly to map the network and identify important assets. The attackers then move laterally to a domain controller and use Group Policy Objects (GPOs) to execute a PowerShell script, which collects credentials stored in Chrome. These stolen credentials are then sent to the attackers' command and control server, and the evidence is wiped before deploying the ransomware payload. This approach makes defending against ransomware attacks even more challenging and organizations are advised to implement strict policies against storing secrets in web browsers and using multi-factor authentication.

DevOps:

Software's Iron Triangle: Cheap, Fast and Good - Pick Two Time to Read: 13 - The ongoing debate in the cybersecurity world is whether the issue lies in security or in software quality. CISA's director, Jen Easterly, recently spoke at BlackHat and stated that the real problem is the lack of quality in software. This has been a long-standing issue in the industry, but it has gained renewed attention due to the frequent security incidents and data breaches caused by vulnerable and flawed software. Transparency and rigor in software development processes are also lacking, leading to a market failure in cybersecurity. Attempts to address this issue, such as the push for Software Bill of Materials (SBOM) and self-attestations to the NIST Secure Software Development Framework (SSDF), have been met with mixed reactions.

Hackers now use AppDomain Injection to drop CobaltStrike beacons Time to Read: 3 - In July 2024, a wave of attacks began that utilized a technique called AppDomain Manager Injection, which can weaponize any Microsoft .NET application on Windows. This technique, first seen in 2017, has been used in recent attacks targeting government agencies and military organizations in Asia. It is believed that the Chinese state-sponsored group APT 41 is behind these attacks, but attribution is uncertain. The attackers use a combination of AppDomain Manager Injection and a novel attack technique called GrimResource to evade detection and execute malicious code within legitimate and signed Microsoft executables. The final stage of the attack involves loading a CobaltStrike beacon, which allows the attackers to perform a range of malicious actions. These attacks highlight the technical expertise of the attackers in using lesser-known techniques.

Compliance:?

FAA Proposes New Cybersecurity Standards For Aircraft - The Federal Aviation Administration has proposed new cybersecurity standards for aircraft and equipment in order to address the increasing threat of cyber attacks. The rules aim to standardize criteria and reduce certification costs while maintaining safety levels. Aircraft with more than 19 passenger seats or a takeoff weight exceeding 19,000 pounds will be required to undergo a cybersecurity risk assessment. Manufacturers must address any vulnerabilities identified. These changes come as flight equipment becomes more connected to data networks and services. Comments and feedback on the proposed rules are being accepted until October 21st.

NIST Releases Second Public Draft of Digital Identity Guidelines for Final Review Time to Read: 4 - NIST has updated its draft digital identity guidance, which includes the Digital Identity Guidelines (NIST SP 800-63 Revision 4) and its companion publications. The updates reflect feedback from a four-month-long comment period and aim to balance security with accessibility for all individuals, regardless of their chosen method of identification. The updated guidance includes details on using digital credentials stored on smartphones, as well as traditional forms of identification. NIST also received input from face recognition and analysis experts to refine guidance on using biometrics. The public is invited to comment on the updated draft until October 7, 2024, and a webinar is planned for August 28 to discuss the updates.

AI:

Knowledge Graphs: The Secret Weapon for Superior RAG Applications Time to Read: 7 - This webpage discusses a knowledge graph used to store information about NFL players and their skills. The graph contains information about players such as Patrick Mahomes, Derrick Henry, Davante Adams, Tom Brady, and Alvin Kamara. A function is provided to retrieve the most relevant player based on a query, and another function generates a recommendation based on the retrieved player. An example query and recommendation are provided.

The Anatomy and Breaking Points of an AI System within Public Sector Time to Read: 9 - The Anatomy of an AI System discusses the challenges and complexities involved in building, deploying, and maintaining AI systems. The article explains how each phase, from data collection to application deployment, can present significant breaking points and explore potential solutions for addressing them. It emphasizes the importance of understanding the entire system as a whole and investing in scalable, cloud-native resources to foster innovation and democratize access to tools.?

Tools/Projects:

pushsecurity/saas-attacks Time to Read: 3 - This webpage is a repository of SaaS-specific attack techniques. It is a resource for security researchers, red/blue teams, and penetration testers to learn and share these techniques. The repository is a work in progress and welcomes contributions. The webpage also references a blog post and presentations for more information on the project. The techniques are inspired by the MITRE ATT&CK framework but focus on SaaS-first techniques that do not involve endpoints or customer networks. The webpage also explains the decision to remove certain columns from the framework and broaden the definition of certain phases. The techniques in this repository aim to avoid expensive controls and zero-days and instead focus on long-term abuse of features in lesser-known SaaS apps.?

Open source tools to boost your productivity Time to Read: 5 - In recent years, the concept of "openness" in technology has gained attention, with people seeking alternatives to proprietary software. This has been driven by various factors, such as concerns over security and privacy, the desire for customization and collaboration, and the need to avoid vendor lock-in. In response, open-source alternatives have emerged for popular productivity apps, including design tools like Penpot and whiteboarding tools like Excalidraw. Other options include the scheduling platform Cal.com, video conferencing tool Jitsi, and file storage solution Nextcloud. For publishing and content creation, there are open-source options like Ghost and TabbyML. In the customer engagement space, Chatwoot offers a self-hosted alternative to Zendesk.

In Conclusion?

As we wrap up this edition, remember that the future belongs to those who innovate and adapt. Whether you're redefining security practices, exploring the frontiers of AI, or fine-tuning your DevOps strategies, your commitment to staying informed and ahead of the curve will set you apart. Keep pushing boundaries, embracing change, and driving the digital revolution forward.

About UberEther?

UberEther is a leading technology integrator dedicated to innovating solutions for government clients. Based in Sterling, VA, we specialize in transforming security and access control needs into strategic advantages. Our accolades include numerous awards and recognitions, and we have achieved FedRAMP High + DoD IL5 Authority to Operate (ATO) for our Integrated Managed Identity Platform. Learn more about our cutting-edge solutions at uberether.com.