You are here

Home » Cybersecurity

Cybersecurity

Canada’s First Drone Strategy Prioritizes Understanding and Addressing Security Risks, including to Critical Infrastructure

Transport Canada has published Drone Strategy to 2025,the first document of its kind for the country that provides the government’s initial strategic vision for drones. It emphasizes that while drones are part of the future of transportation it is necessary to gain public trust and social acceptance for the technology to be a success. To earn these, the strategy acknowledges the importance of continuing to mitigate risks, including those posed by drones at critical infrastructure.

ODNI Group Guidance for U.S. Critical Infrastructure to Address Growing Insider Threats

The National Counterintelligence and Security Center (NCSC), a group within the Office of the Director of National Intelligence (ODNI), has issued Insider Threat Mitigation for U.S. Critical Infrastructure Entities: Guidelines from an Intelligence Perspective, a new publication aimed at helping U.S. critical infrastructure organizations understand and address the growing problem of insider threats. As the publication observes, concerns over insider threats have been exacerbated by geopolitical tensions – foreign adversaries have demonstrated their interest in U.S.

Claroty Research on Ovarro TBox RTUs and TWinSoft Engineering Software (products used in water/wastewater systems)

Industrial cybersecurity firm Claroty released its research regarding findings of vulnerabilities affecting Ovarro’s TBox remote terminal units (RTUs) and TWinSoft engineering software. ICS-CERT has published ICS Advisory ICSA-21-054-04. Claroty’s research highlights findings in implementations of Ovarro’s proprietary version of the Modbus protocol which allows for malicious code to be injected through the modification of an update package.

FBI Tech Tuesday on Building a Digital Defense against Ransomware

As part of the FBI’s Tech Tuesday series, the Phoenix, Arizona office has published an article warning about ransomware attacks. The FBI notes scammers often send ransomware through email phishing campaigns. Victims can unknowingly download ransomware onto a computer by opening an email attachment, clicking an ad, following a link, or even visiting a website that’s embedded with malware. The article includes a list of tips to protect oneself and one’s organization, which include disabling unused remote access/RDP ports and monitoring remote access/RDP logs.

CISA and FBI Joint Advisory on TrickBot Malware

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have released a Joint Cybersecurity Advisory (CSA) on TrickBot malware. They note that a sophisticated group of cyber criminals are using phishing emails claiming to contain proof of traffic violations to lure victims into downloading TrickBot. TrickBot is a highly modular, multi-stage malware that provides its operators a full suite of tools to conduct a myriad of illegal cyber activities.

FBI PIN: Business Email Compromise Actors Targeting Governments, Straining Resources

The FBI has published a Private Industry Notification (PIN) advising that it observed increased in business email compromise (BEC) actors targeting state, local, tribal, and territorial government entities for financial gain due to vulnerability exploitation and transparency requirements. It adds that the COVID-19 pandemic has exacerbated these challenges as many government entities shifted a significant portion of their workforce to remote work.

Pages

Subscribe to Cybersecurity