Insights

Operational Technology (OT) systems-such as SCADA, DCS, PLCs, and IIoT-are the backbone of critical infrastructure. These systems, designed for stability and uptime, are increasingly in the crosshairs of threat actors. NIST SP 800‑82r3 provides practical, risk-based guidance for protecting these environments while maintaining safety, reliability, and operational continuity. Below are several critical controls that organizations should prioritise: 1. Network Segmentation and Isolation One of the most effective defences for OT environments is strict separation from IT networks. Implement multi-layered network architectures where critical OT communications occur on the most secure layers. Enforce separation using DMZs, stateful firewalls, and unidirectional gateways to prevent direct IT-OT traffic. Avoid shared authentication-corporate credentials should not grant OT access. 2. Physical Security Controls Physical compromise of OT equipment can be as damaging as a cyber intrusion. Protect sites with layered physical barriers: perimeter fencing, secure doors, locks, and guards. Keep PLCs, safety controllers, and cabinets…

Enterprise security provider SonicWall has issued an urgent advisory urging users of its Gen 7 firewall devices to disable SSL‑VPN services immediately, following a sharp rise in Akira ransomware attacks targeting these appliances. What's Happening In the past 72 hours, SonicWall has observed a "notable increase" in security incidents involving Gen 7 devices with SSL‑VPN enabled. While SonicWall investigates whether the root cause is a known issue or a zero‑day vulnerability, third-party researchers strongly suspect the latter. Why This Is Critical The attack vector begins with SSL‑VPN providing initial access, then attackers rapidly escalate to domain controllers, exfiltrate credentials, disable defences, and encrypt systems. The speed and success-especially in MFA-protected environments-indicate a likely zero‑day exploit in firmware versions 7.2.0‑7015 and earlier, particularly affecting TZ and NSa‑series devices with SSL‑VPN enabled. Recommended Immediate Actions Until SonicWall confirms and patches any vulnerability, Critical Path clients should immediately: Disable SSL‑VPN services where feasible. If disabling…

This weekend's Bud Light 250 at Autodrome Chaudière served up everything you'd expect from short-track racing in the NASCAR Canada Series-tight battles, hard charges, heartbreak, and a few storylines that will keep fans buzzing until Trois-Rivières. Ryan Vargas rolled off in 7th and immediately showed the kind of pace the Léargas Security team has been building toward all season. He worked his way into the top five, only to have his run interrupted by a blown right rear. After restarting at the back, Vargas clawed his way to 8th before getting caught up in contact with no caution thrown. Damaged but undeterred, he muscled the car from the rear of the field back up to a hard-earned P7 finish. "Damn good speed & incredible work by this team," Vargas said after the race. "If we didn't have bad luck, we'd have none. Let's change it next week." At the front…

Overview Since mid‑July 2025, there has been a marked increase in Akira ransomware attacks exploiting SonicWall SSL VPN connections. Multiple security research teams, including Arctic Wolf Labs, have observed active exploitation, with incidents frequently tied to devices running unpatched versions of SonicOS. What's Happening Initial vector: Many intrusions begin through unauthorized access to SonicWall SSL VPN accounts, often using locally stored credentials rather than centralized authentication. In nearly every case observed, Multi‑Factor Authentication (MFA) was disabled. Rapid escalation: Once connected, threat actors often move quickly from VPN access to system encryption and data exfiltration within hours. Potential root cause: Evidence suggests exploitation of a SonicWall zero‑day vulnerability (CVE‑2024‑40766), an improper access control flaw in SonicOS affecting Gen 5, Gen 6, and early Gen 7 devices (up to version 7.0.1‑5035). Credential‑based attacks such as brute force have also been noted as possible vectors. Vendor response: SonicWall released patches for CVE‑2024‑40766 in August 2024, later…