Enhancing Cyber Resilience: Canada’s New Cybersecurity Readiness Goals for Critical Infrastructure

The Canadian Centre for Cyber Security released its Cyber Security Readiness Goals (CRGs) on October 29, 2024. This guidance provides Canadian critical infrastructure (CI) operators with 36 actionable goals designed to enhance security, minimize risks, and reinforce Canada's resilience against evolving cyber threats. Aligned with the NIST Cybersecurity Framework 2.0, the CRGs support system owners in protecting vital assets and improving the security posture across various sectors, including energy, finance, healthcare, and telecommunications. Key Threats Addressed Canada's CRGs address the increased cyber risks impacting CI. Key threats include: Nation-State Cyber Actors: CI sectors face persistent targeting from state-sponsored actors in countries like China, Russia, Iran, and North Korea, using cyber operations for espionage, geopolitical leverage, and potential disruption of essential services. Ransomware Attacks: Targeted ransomware (or "big game hunting") poses an immediate threat to CI operators who, facing operational disruptions, are often more willing to pay large ransoms. This tactic…

0 Comments

Midnight Blizzard Strikes Again: New Tactics in Large-Scale Spear-Phishing Campaign Using RDP Files

The Government Emergency Response Team of Ukraine (CERT-UA) and Microsoft have issued alerts concerning an advanced spear-phishing campaign conducted by the threat actor Midnight Blizzard. The campaign targets public authorities, critical industries, and military organizations with emails themed around "integration with Amazon and Microsoft services" and "Zero Trust Architecture (ZTA)." The emails contain malicious RDP (Remote Desktop Protocol) configuration files that establish unauthorized RDP connections to attacker-controlled infrastructure. Attack Methodology: The attackers embed .rdp configuration files in their emails, which establish outbound connections to their servers upon execution. Key elements of this approach include: Local Resource Access: These RDP files allow attackers access to local resources such as disks, network resources, printers, COM ports, audio devices, and the clipboard. Potential Code Execution: CERT-UA reports that these files could allow the installation of third-party scripts or programs on the victim's machine, enabling further malware deployment. Impersonation of AWS Domains: Attackers use…

0 Comments

Critical CVE In 4 Fortinet Products Actively Exploited

Federal authorities and security researchers have recently identified active exploitation of a critical format string vulnerability affecting four Fortinet products. The Cybersecurity and Infrastructure Security Agency (CISA) has listed this vulnerability (CVE-2024-23113) in its Known Exploited Vulnerabilities catalog. Key Details: Vulnerability ID: CVE-2024-23113 CVSS Score: 9.8 (Critical) Potential Impact: Exploitation could allow remote, unauthenticated attackers to execute arbitrary code or commands. Products Affected: FortiOS Versions: 7.4.0 to 7.4.2, 7.2.0 to 7.2.6, 7.0.0 to 7.0.13 FortProxy Versions: 7.4.0 to 7.4.2, 7.2.0 to 7.2.8, 7.0.0 to 7.0.15 FortiPAM Versions: 1.2, 1.1, 1.0 FortiSwitchManager Versions: 7.2.0 to 7.2.3, 7.0.0 to 7.03 Recent Exploits: According to Fortinet and the research group Shadowserver, more than 87,000 Fortinet IPs may be vulnerable, with over 14,000 potentially impacted in the United States alone. Shadowserver's findings suggest a large portion of U.S. infrastructure may be at risk. What You Need to Know: Fortinet has provided a workaround that…

0 Comments

Protecting Your Email Reputation:A Guide to SPF, DKIM, and DMARC

As an email sender, you're likely familiar with the importance of email authentication in maintaining a healthy reputation. SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) are three complementary technologies that work together to ensure the authenticity and security of your emails. In this article, we'll delve into how these protocols interact with each other and provide best practices for implementing them. Understanding SPF SPF is a simple email authentication protocol that helps prevent spammers from sending emails on behalf of your domain. It works by allowing you to specify which IP addresses are authorized to send emails from your domain. When an email sender claims to be coming from your domain, the receiving mail server checks if the IP address used to send the email is listed in your SPF record. If it's not, the email may be flagged as spam.…

0 Comments