CyberSensei Mike Hamilton comes onto the CyberSensei podcast to discuss how to best prepare cybersecurity students for their jobs.

Results from the survey indicated:

1. Most of communities (66%) reported that elected officials and government executives were engaged and supportive or interested in the program.
2. Five (5) communities providing feedback support communication for law enforcement, while one (1) performs automated traffic management and the other supports water and waste management. Anonymous submissions noted some organization provide support for both communication for law enforcement and election infrastructure. Similarly, one (1) organization reported supporting local city government, while another reported supporting city government that contracts out for services.
3. Two (2) communities reported that alerts received from PISCES are actionable, while the remaining eight (8) communities, in an even split, reported that most or some alerts from PISCES were actionable.
4. Half of the data sharing partners reported that PISCES alerts have resulted in the prevention of serious impacts to your organization, the other reported no large impacts.
5. All but one partner noted that the PISCES monthly reports are useful for themselves as the designated point of contact and staff. On the other spectrum, one community reports distributing the report to selected individuals.
6. Twenty percent (20% ) of data sharing partners noted that utilizing a PISES intern for defined tasks would be helpful to their organization, while sixty percent (60%) shared that it would be helpful dependent on the type of work. The other twenty percent noted that it would not be helpful for their organization.
7. All communities shared their willingness to recommend PISCES to other organizations.
8. One community partner reported its capability and willingness to hire a PISCES graduate. The remaining nine (9) communities have reported not having the capability or willingness to hire a PISCES graduate.
9. Additional highlights & quotes:

• “We really appreciate the service. We have an IT staff of 1 and minimal budget so this service is very valuable.”
• “Great program. If we had a need for PISCES graduate, would definitely consider.”
• “Regarding question 10, we are willing, however, we cannot fund the position right now. We currently have a former PISCES student as an intern.”

The 5th Annual PISCES Academic Workshop will be held on 2 November 2023 in conjunction with the 27th CISSE at Kennesaw State University, Kennesaw, Georgia and on-line.

The deadline is 15 September 2023.

Paper topics may directly address PISCES or may address topics related to PISCES. Example topics may include:

• Tools and Techniques

• Detection Analytics
• Novel Uses of Net Flow Data
• Innovative Approaches Anomaly Detection
• Improvements and Effectiveness of monitoring tools

• Student Engagement and Learning

• Metrics of student engagement and activity
• Research on student outcomes
• Learning with live data and unknown content

• Preparing students for the workforce

• SOC operations and the classroom
• Understanding, defining, and educating for work roles
• Balancing theory and practice

• Public Infrastructure Protection

• Educating on protecting public infrastructure
• Analyzing weakness in public infrastructure

Paper Submission Guidelines
To be considered for presentation at the 5th PISCES Workshop, please submit an original, unpublished paper by 15 September 2023. Parallel submissions are not accepted.

Submit to: papers@piscesintl.wpenginepowered.com.

Student papers will be considered and are encouraged.

Papers will be reviewed by committee.

Papers should present a well-formed and capably written idea, which advances the field of cybersecurity, and which is adequately contextualized and sufficiently supported by the literature. The implications for general application should be clear as well as their advantage and importance to the at-large purposes of the field. Conclusions should be supported by analytic means, either empirical or subjectively derived through commonly accepted methods. Graphic, or tabular support is encouraged.

Please use the IEEE Manuscript Template for your submission.

Word count range of approximately 2,500 to 4,000
Include sufficient references that reflect sufficient consideration of the literature
Include a no-more-than 250-word abstract
Be sure that all photos, graphs and illustrations have a print resolution of no less than 300 dpi
Authors selected to present their papers must register for the 27th CISSE – https://cisse.info/

On 3/14/23 Microsoft released patches to address a critical vulnerability found in Microsoft Outlook for Windows. This vulnerability affects only Microsoft Outlook for Windows. Other versions such as those for Android, iOS, Mac, and Outlook/M365 on the web are not affected.

CVE-2023-23397

Microsoft Outlook Elevation of Privilege (EoP) Vulnerability

CVSSv3.1: 9.8

This vulnerability may be triggered by an attacker that sends a crafted, expired appointment to a user. This will activate the reminder feature within Outlook for overdue appointments with no user interaction required.

The attacker-crafted appointment will exploit the path to the sound file that Outlook plays for a reminder when it is overdue, substituting a UNC (Universal Naming Convention) path within the message that leads to their own server. This will cause the Outlook client to send the user’s login name and their NTLM password hash to the attacker’s remote server.

This exploit does NOT require the recipient to interact with the appointment received from the attacker. The message will be processed behind the scenes, potentially leaving the user unaware that they have been compromised.

Mitigations

• Ensure current patches are applied.
• For those that cannot patch right away, Microsoft provides guidance for DCs using Windows 2012 R2 or newer. Consider adding on-premises accounts to a Protected Users Security Group. This prevents the use of NTLM as an authentication method by group members and continues to allow legacy applications that require NTLM to be excluded from the group and still utilize that authentication method. (Ensure that you review Microsoft documentation for Protected Users Security Groups before implementing: https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group?WT.mc_id=M365-MVP-9501 )

Detection and Response

• Microsoft has made a script available that will review the Exchange environment to see whether a property is populated for a UNC path. The script can also be used to clean up the property for the malicious appointment reminders or even delete the items permanently.
• https://microsoft.github.io/CSS-Exchange/Security/CVE-2023-23397/

Additional Resources

• https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397

Red MSU Denver – MSU Denver, a PISCES partner, writes about their program working with neurodiverse cybersecurity students.