Check out what's new in Security at Microsoft Ignite

This article is contributed. See the original author and article here.

Microsoft Ignite is back! The event starts November 2nd, 2021, at 8:00 am PT.  


 


If you haven’t already, register now and complete your schedule!  


 


We are excited for you to join us at Microsoft Ignite for a focused exploration of the security market today. Come share and learn with global leaders in cybersecurity and infrastructure, while exploring the most advanced prevention measures and strategies. Learn how to react to increasing threats, prepare for the next frontier in identity proofing, and improve overall productivity. 


 


Let’s take a quick look to see what is in store this year: 


 


Security Focus Area Session  


Join Vasu Jakkal’s keynote: Protect Everything with End-to-End Security 



  • Tuesday, November 2, 10:35 AM – 11:00 PST 

  • Organizations around the world are facing a surge of sophisticated cyber threats. The hybrid work world is creating new opportunities for bad actors, and increased challenges for IT teams. Join us to learn how Microsoft’s integrated, comprehensive approach to security is helping customers become more secure and resilient. Discover new products and innovations that help you protect everything, from the endpoint to the cloud, across security, compliance, identity, device management, and privacy. Se    e how Microsoft Security is helping organizations of all sizes be safe in the face of increased global cyber threats. 



Featured Sessions from Day 1 


Join Rob Lefferts and Eric Doerr’s session: 
Tackling the biggest cybersecurity challenges for 2022 



  • Tuesday, November 2, 11:30 AM -12:00 PM PST 

    Rob Lefferts, CVP of Microsoft 365 Security | Eric Doerr, CVP of Cloud Security 



  • It’s been a year. The security industry has encountered some major challenges. Yet through it all, we’ve made progress on how to keep ahead of adversaries. In this session, we’ll meet with security leaders to discuss the big issues and lessons learned from the past year. We’ll also share key recommendations for security teams to successfully navigate the evolving threat landscape into 2022 and beyond. 


Join Joy Chik’s session: 
Strengthen resilience with identity innovations in Azure Active Directory 



  • Tuesday, November 2, 1:30 PM – 2:00 PM PST 
    Joy Chik, CVP of Identity  



  • Nation-states and criminal syndicates are applying significant resources to orchestrate multi-pronged attacks against critical services and infrastructure. No single organization can withstand these onslaughts alone. In this session, we’ll share investments we’re making in Azure AD to help you stay protected and productive: a resilient platform, teams, and tolls that detect and respond to hard-to-identify attacks, and systems that strengthen the security posture of your expanding digital estate 


 


Join Rudra Mitra’s session: 


Manage risk and compliance with end-to-end security solutions 



  • Tuesday, November 2, 2:30 PM – 3:00 PM PST 
    Rudra Mitra, CVP, Microsoft 365 Compliance, Security and Privacy 

  • Managing risks is critical to ensuring business continuity, protecting brand reputation, and addressing the various internal and external requirements that you may be subject to. We know your data goes beyond the Microsoft cloud, so we are building solutions to help you reduce risk across your entire digital estate, especially in this hybrid work world. Organizations should not have to make the tradeoff between modern collaboration and modern security. Join our session to learn how our newest innovations help you address these challenges.   


 


Join Alym Rayani’s session: 


Build a privacy resilient workplace with Privacy Management for Microsoft 365 



  • Tuesday, November 2nd, 8:30 AM – 9:00 AM PST 
    Alym Rayani, GM of Compliance & Privacy 



  • With increasing complexities and changes in the privacy regulatory landscape, organizations must ensure privacy is central to their business to build customer trust. This means having greater visibility into personal data and associated privacy risks in your environment, automating privacy operations including subject requests fulfillment, and empowering employees to make privacy-compliant decisions without hindering productivity. Learn how Microsoft’s Privacy Management solution can help you build a privacy resilient workplace. 



Security sessions from Day 2 


 


Join us on day 2 for various security topics delivered by industry experts and insiders on major trends facing the industry helping attendees understand the latest threats and risks, how to address workforce challenges, and looking into the near and far future of cybersecurity.  


 


Microsoft Into Focus: Security 



  • Wednesday, November 3rd, 10:30 AM – 12:00 PM PST 
    Ann Johnson, CVP of SCI Business Development at Microsoft, Vasu Jakkal, CVP of SCI at Microsoft, and more industry experts and insiders 

  • Attend the Keynote Microsoft Into Focus: Security with Microsoft Security leaders Vasu Jakkal, Bret Arsenault, Ann Johnson, on a series of insightful discussions as Microsoft hosts industry experts and insiders around current cybercrime trends, the evolution of hybrid work, and a look into the future of cybersecurity trends and solutions.  


 


Grounding Zero Trust in Reality: Best Practices and Emerging Trends 



  • Wednesday, November 3rd, 12:30 PM – 1:00 PM PST 
    Alex Simons, CVP of Identity Security, Steve Turner, Forrester Analyst 

  • The events of the last two years confirm Zero Trust is no longer an option—it’s a business imperative. Implementing a Zero Trust strategy is best understood as a journey on which organizations and governments around the world have embarked to meet the expanded threat landscape of today. Come and listen to Alex Simons talk about what best practices Microsoft customers have applied in their Zero Trust implementations and listen to a discussion on emerging trends with Steve Turner from Forrester.   


 


Skilling for Security: Forging the workforce of the future 



  • Wednesday, November 3rd, 1:30 PM – 2:00 PM PST 
    Naria Santa Lucia – GM, Digital Inclusion, Microsoft Philanthropies, Laramie County Community College, William Amick – Program Director, Information Technology Pathway, Reinier Moquete – Founder & CEO of CyberWarrior.com 

  • There are almost half a million unfilled cybersecurity positions in the United States alone, and the pipeline of new students is not on track to fill the demand. This session will discuss the workforce challenges facing the cybersecurity industry, and what Microsoft and training institutions are doing to address this critical need.    


 


An inside view on detecting and mitigating insider risks 



  • Wednesday, November 3rd, 3:30 PM – 4:00 PM PST 
    Glenn Kaleta, Microsoft Principal Engineering Program Manager,​ Erin Miyake, Microsoft Principal Program Manager, Mod Tejavanija, Microsoft Senior ​Program Manager, Dan Costa, Technical Manager, Carnegie Mellon University​ 

  • There is no denying the fact that insider risks can pose as great of a damage threat as other security threats like ransomware, phishing, and malware. Yet unlike these security threats where you can develop and operationalize globally optimized detections, insider risk detections present unique and complex challenges where understanding context and correlations is critical to ensure you have a successful insider risk management program. Having run the Insider Threat program at Microsoft we will be discussing the five primary principles that we have learned in our journey both internally and from our customers to help organizations understand what is required to build an effective insider risk program. 


 


External Attack Surface Management: Intelligence Defense in the Age of Digital Transformation 



  • Wednesday, November 3rd, 12:30 PM – 1:00 PM PST 
    Steve Ginty – Director, Threat Intelligence, RiskIQ 

  • Today’s digital transformation means a rapidly expanding IT ecosystem and an ever-evolving threat and vulnerability landscape of both nation-state and criminal actors that target a growing list of vulnerabilities to breach victim organizations. Understanding today’s external attack surface is essential to assess and protect critical assets. This session will demonstrate the vital role of combining vulnerability and traditional threat-actor intelligence in external attack surface management.   


 


Understanding Nation-State Threats 



  • Wednesday, November 3rd, 1:30 PM – 2:00 PM PST 
    Cristin Goodwin, Microsoft General Manager & Associate General Counsel, ​​Digital Security Unit​ 

  • The last 12 months have been marked by historic geopolitical events and challenges that have changed the way organizations approach their daily operations. During this time, nation-state actors have created new tactics and techniques to evade detection and increase the scale of their attacks. In this session, Cristin Goodwin, Associate General Counsel and head of Microsoft’s Digital Security Unit, explains the nation-state threat landscape and provides context for security leaders and practitioners who are looking to better understand the relevancy of these new threats.   


 


Cloud Security: A guide for developing a comprehensive multi-cloud security strategy 



  • Wednesday, November 3rd, 2:30 PM – 3:00 PM PST 
    Andras Cser – Vice President, Principal Analyst, Forrester – Serving security and risk professionals 

  • The era of cloud transformation is driving customers to strengthen the security of their complex environment. Join us for an insightful discussion with a leading industry analyst on how to best approach an end-to-end cloud security strategy. We’ll explore top trends, emerging risks, and potential obstacles – along with practical guidance on how to better protect your IaaS, PaaS, and SaaS services. 


 


How to Develop a Security Vision and Strategy for Cyber-Physical and IoT/OT Systems 



  • Wednesday, November 3rd, 2:30 PM – 3:00 PM PST
    Phil Neray, Microsoft Director of IoT & ​Industrial Cybersecurity, Katell Thielemann, VP Analyst, Gartner 

  • Recent ransomware attacks that halted production for a gas pipeline operator and food processor have raised board-level awareness about IoT and Operational Technology (OT) risk. Security leaders are now responsible for new threats from cyber-physical systems (CPS) and parts of the organization they never traditionally worried about. Join Katell Thielemann from Gartner® to discuss how to develop a CPS risk strategy using the “language of the business” to show security as a strategic business enabler. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.   



Engage with our security experts 


 


Join in on the Connection Zone sessions with security experts for further engagement. The line-up for Ask the Experts this year has something for everyone! 


 


Ask the Experts: 





 


 


Explore the full session catalog to find sessions most interesting for your role and interests. Hear from security experts, attend workshops, watch new product demos, and more. To begin your journey, log into Security at Microsoft Ignite and make sure to register to access all the event has to offer. 


 

Google Releases Security Updates for Chrome

This article is contributed. See the original author and article here.

Google has released Chrome version 95.0.4638.69 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Some of these vulnerabilities have been detected in exploits in the wild.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update as soon as possible.

GoCD Authentication Vulnerability

This article is contributed. See the original author and article here.

GoCD has released a security update to address a critical authentication vulnerability in GoCD versions 20.6.0 through 21.2.0. GoCD is an open-source Continuous Integration and Continuous Delivery system. A remote attacker could exploit this vulnerability to obtain sensitive information.

CISA encourages users and administrators to update to GoCD 21.3.0 or apply the necessary workarounds.

For more information, see Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD.

Nasal spray’s unsupported COVID-19 treatment claims are not up to snuff

Nasal spray’s unsupported COVID-19 treatment claims are not up to snuff

This article was originally posted by the FTC. See the original article here.

Many of us would like to believe a marketer’s claims that an over-the-counter nasal spray can prevent or treat COVID-19. Luckily, the law sets a high standard of proof before a marketer can say its product can prevent, treat, or cure a serious disease. The law requires competent scientific evidence. In its latest case targeting fake COVID-19 cure claims, the FTC says that nasal spray maker Xlear, Inc., broke the law by promoting its saline sprays as effective treatments for COVID-19 without scientific proof.

The FTC says that since at least March 2020, Xlear and its president used deceptive or unsubstantiated claims to promote their nasal sprays on their websites and in YouTube videos, social media posts, and magazine advertorials. For example, the defendants said the sprays would protect against the virus “for up to four hours, helping keep you and others around you safe.” The FTC staff warned the defendants in July 2020 that they were unlawfully advertising their products. According to the complaint, the defendants told the staff they would remove the claims from their websites and other platforms, but continued using them.

The complaint, filed by the Department of Justice on behalf of the FTC, seeks substantial financial penalties and asks the court to bar the defendants from making similar false and unsupported health claims in the future.

Protect yourself — and your wallet — from bogus health products:

  • Talk with your doctor or healthcare professional before you try any product claiming to treat, prevent, or cure COVID-19 or any other serious illness.
  • Visit CDC.gov and FDA.gov for the most up-to-date information about COVID-19.
  • Remember, when there’s a medical breakthrough to treat, prevent, or cure a disease, you’re not going to hear about it first through an ad or sales pitch.
  • Know that bad actors post fake reviews and testimonials about their own products. Read How to Evaluate Online Reviews to learn more.

If you spot a bogus health product, please tell us at ReportFraud.ftc.gov.

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.