You are here

Home » Cybersecurity

Cybersecurity

FBI PIN: Cyber Criminals Exploit Email Rule Vulnerability to Increase Likelihood of Successful Business Email Compromise

The FBI has published a Private Industry Notification (PIN) warning that cyber criminals are implementing auto-forwarding on victims’ web-based email clients to conceal their activities. As the PIN explains, the web-based client’s forwarding rules often do not sync with the desktop client, limiting the rules’ visibility to cybersecurity administrators. The cyber criminals then capitalize on this reduced visibility to increase the likelihood of a successful business email compromise (BEC).

Guide to Securing Remote Desktop Protocol

The Center for Internet Security (CIS) has just published the report Exploited Protocols, Remote Desktop Protocol (RDP), which is intended to provide an overview of what RDP is, the attacks associated with this protocol, and how an organization can best protect itself against an RDP-based attack. The information provided in this report is very timely given the increased usage of RDPs as organizations stood up remote environments for employees to utilize when the COVID-19 pandemic struck.

CISA Safe Holiday Online Shopping Campaign

With more Americans expected to shop online this holiday season due to the COVID-19 pandemic, the Cybersecurity and Infrastructure Security Agency (CISA) has launched a public awareness initiative to inform consumers of common risks and encourage basic cybersecurity practices. Over the course of the next month, it plans to share safety information for consumers to keep in mind as they navigate the world-wide web. As part of this, CISA’s “Holiday Online Shopping” website includes easy-to-follow safety tips for online shopping, and additional resources to promote healthy shopping practices.

New Cybersecurity Assessment Tool Designed to Measure Maturity, Resiliency, and Strength

The Ford Foundation has released a Cybersecurity Assessment Tool (CAT), which is designed to measure the maturity, resiliency, and strength of an organization’s cybersecurity efforts. While the CAT appears intended primarily for non-technical groups, its creators note that it can be used by any organization undertaking a cybersecurity journey. The tool is designed to be taken as a survey in one 30-minute sitting.

FBI FLASH: Indicators of Compromise Associated with Ragnar Locker Ransomware

The FBI has published a TLP:WHITE FLASH message containing indicators of compromise associated with the Ragnar Locker ransomware, which the FBI notes has been deployed against an increasing number of victims. This product also contains a list of recommended mitigation measures and encourages recipients to report information concerning suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 Cyber Watch (CyWatch) at (855)-292-3937 or [email protected].

Cybersecurity Accountability – Food for Thought, as CEO’s may be Personally on the Hook by 2024 for Cyber-Physical Attacks

Nothing screams cybersecurity is serious like personally being on the hook for an entire organization. Personal liability of executives for cyber incidents isn’t new. But when safety of the cyber-physical systems (CPS) that operate within industrial environments is on the line, executives and boards need to be acutely aware of these systems and their vulnerabilities and intentionally pursue a sound risk management strategy for securing these assets.

State-sponsored Actors and Ransomware Threaten Canadian Critical Infrastructure, according to Annual Cyber Threat Assessment

The Canadian Centre for Cyber Security has released the National Cyber Threat Assessment 2020, which begins by noting increased vulnerability of Canadian individuals and organizations to cyber threat actors given their greater reliance on the internet in the COVID-19 environment. One of the key judgements presented in the document is state-sponsored actors are very likely attempting to develop cyber capabilities to disrupt Canadian critical infrastructure, such as the supply of electricity, to further their goals.

Pages

Subscribe to Cybersecurity