Canadian Organizations Attacked via Unpatched Devices & Inadequate Authentication, Canadian Centre for Cyber Security Says

Canadian Organizations Attacked via Unpatched Devices & Inadequate Authentication, Canadian Centre for Cyber Security Says

Information Security, IT Support
Canadian Organizations Attacked via Unpatched Devices & Inadequate Authentication, Canadian Centre for Cyber Security Says The Canadian Centre for Cyber Security recently revealed that in recent months several Canadian organizations' computer networks have fallen victim to cyberattackers via unpatched devices and inadequate authentication. "In recent months, the Cyber Centre [Canadian Centre for Cyber Security] has been made aware of several compromises of computer networks in Canada," the Canadian Centre for Cyber Security said. "In each case, a threat actor was able to compromise infrastructure exposed to the internet because it was not properly secured via 2FA and/or because software running on an exposed server was not patched to the latest version." Inadequate Authentication Inadequate authentication refers to the insecure process of accessing a device. According to the Canadian Centre for…
Read More
Cybersecurity Tips in Moving Your Small Business from Physical to Digital

Cybersecurity Tips in Moving Your Small Business from Physical to Digital

IT Support
The past few months have proven that it's possible for businesses to switch operations from physical to digital. The COVID-19 pandemic has prompted governments in different parts of the world to impose home quarantine measures, leaving businesses, regardless of size, no option but to adopt the work from home model. Last May, Jennifer Christie, Vice President for People at Twitter announced that Twitter employees can work from home forever. "The past few months have proven we can make that [work from home] work," Christie said. "So if our employees are in a role and situation that enables them to work from home and they want to continue to do so forever, we will make that happen." Twitter is in a unique position to transition its business operations from physical to…
Read More
How to Safeguard Remote Access to Corporate Networks

How to Safeguard Remote Access to Corporate Networks

IT Support
How to Safeguard Remote Access to Corporate Networks The novel coronavirus, also known as COVID-19, is having a profound effect on the way Canadians work. The intentional shutdown of the economy as a result of the COVID-19 has resulted in an increased number of workers using remote access to work from home. 5 Million Canadians Worked from Home in April 2020 During the second week of April 2020, Statistics Canada reported that out of the 12 million Canadians who were employed and worked more than 50% of their usual hours, an estimated 5 millions of these worked most of their hours from home. In 2000, Statistics Canada only recorded 1.4 million Canadians who worked from home and this number increased to 1.7 million in 2008. Out of the 5 million Canadians who worked…
Read More

Top Most Exploited Vulnerabilities in the COVID-19 Era

Information Security, IT Support
Top Most Exploited Vulnerabilities in the COVID-19 Era Year 2020 is a strange year. As a result of the COVID-19 pandemic, many organizations have hastily made a transition from office work to work from home model with little time to put in place the needed cybersecurity measures. Here are the top most exploited vulnerabilities (in no particular order) based on the alerts issued by the national cybersecurity centers and agencies in multiple countries, including Canada (Canadian Centre for Cyber Security), US (Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation) and UK (National Cyber Security Centre), as well as a report from a computer security company (McAfee Labs): RDP Vulnerabilities RDP, which stands for Remote Desktop Protocol, is a proprietary protocol developed by Microsoft for Windows operating systems,…
Read More
Healthcare & Essential Services Involved in COVID-19 Response Targeted by Threat Groups

Healthcare & Essential Services Involved in COVID-19 Response Targeted by Threat Groups

IT Support, Security
Healthcare & Essential Services Involved in COVID-19 Response Targeted by Threat Groups The national cybersecurity agencies in two countries, the UK and the US, recently issued a joint alert warning that threat actors are targeting healthcare and essential services involved in the response to COVID-19. In a joint alert, the United Kingdom’s National Cyber Security Centre (NCSC) and United State’s Cybersecurity and Infrastructure Security Agency (CISA) warned that advanced persistent threat (APT) groups are targeting organizations involved in both national and international COVID-19 responses, including healthcare bodies, pharmaceutical companies, academia, medical research organizations and local governments. APT groups refer to malicious actors, typically nation-state or state-sponsored, whose sole purpose is to gain access to victims’ computer networks and remain there undetected for an extended period. According to NCSC and CISA,…
Read More
Microsoft Warns Almost All Ransomware Attackers Steal Data

Microsoft Warns Almost All Ransomware Attackers Steal Data

Information Security, IT Support
Microsoft Warns Almost All Ransomware Attackers Steal Data Almost all of ransomware attackers, even those that don’t threaten to leak data, steal data anyway, Microsoft Threat Protection Intelligence Team warned. In the blog post "Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk", Microsoft Threat Protection Intelligence Team said that “while only a few of these groups gained notoriety for selling data, almost all of them were observed viewing and exfiltrating data during these attacks, even if they have not advertised or sold yet.” Ransomware and Data Exfiltration Ransomware is a type of malicious software (malware) that encrypts computer or the files within, locking out legitimate users and demanding from victims ransom payment in exchange for the decryption keys. Many ransomware victims who were forced to…
Read More
Microsoft Warns of Windows Zero-Day Exploitation

Microsoft Warns of Windows Zero-Day Exploitation

Information Security, IT Support
Microsoft Warns of Windows Zero-Day Exploitation Microsoft has revealed that it’s aware of on-going targeted cyberattacks exploiting two zero-day vulnerabilities found in the Windows Adobe Type Manager Library and impacting all supported versions of Windows. What Is Zero-Day? Zero-day is a security vulnerability in a software that’s known to the software vendor but the vendor doesn’t have a security update, also known as a patch, to fix the security vulnerability. If this zero-day vulnerability is known by malicious actors, this vulnerability has the potential to be exploited. According to Microsoft, two zero-day remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. Successful exploitation of this collective vulnerability in Windows Adobe Type Manager…
Read More
4 Cybersecurity Best Practices in Protecting Servers

4 Cybersecurity Best Practices in Protecting Servers

IT Support
4 Cybersecurity Best Practices in Protecting Servers  UK’s Information Commissioner's Office recently fined Cathay Pacific £500,000 for failing to protect the company’s servers leading to customers’ personal details being exposed, 111,578 of whom were from the UK, and nearly 9.4 million more worldwide. The data breach at Cathay Pacific came to light when the company disclosed on October 24, 2018 that it discovered unauthorized access to some of its information systems containing data of 9.4 million customers. In a statement about the fine imposed by the UK’s Information Commissioner's Office, Cathay Pacific said it "would once again like to express its regret, and to sincerely apologize for this incident". According to the UK’s Information Commissioner's Office, the large-scale data breach at Cathay Pacific covered the period of more than 4…
Read More
Dutch University Paid Cybercriminals Ransom; Lessons Learned from This Attack

Dutch University Paid Cybercriminals Ransom; Lessons Learned from This Attack

Information Security, IT Support
Dutch University Paid Cybercriminals Ransom; Lessons Learned from This Attack Maastricht University, a government-funded institution in the Netherlands, recently admitted that it paid ransomware attacker a ransom of 30 Bitcoin, valued nearly 220,000 USD at the time of payment. The University, in a statement, said it fell victim to a ransomware attack on December 23, 2019. While the University’s IT infrastructure consists of 1,647 Linux and Windows servers and 7,307 workstations, the University said, the attacker only hit 267 Windows servers. The University added that backups of these servers were also affected. In ransomware attacks, attackers prevent legitimate users from accessing their computers or files through the process known as encryption. Attackers then demand from their victims ransom in exchange for the decryption keys that would unlock the encrypted files.…
Read More
Canadian Centre for Cyber Security Recommends Disconnecting Vulnerable Citrix Devices from the Internet

Canadian Centre for Cyber Security Recommends Disconnecting Vulnerable Citrix Devices from the Internet

Information Security, IT Support
Canadian Centre for Cyber Security Recommends Disconnecting Vulnerable Citrix Devices from the Internet The Canadian Centre for Cyber Security has issued a security alert, advising Canadian organizations to disconnect their Citrix devices from the internet to prevent cyber-attacks. According to the Canadian Centre for Cyber Security, ongoing exploitation of the security vulnerability in Citrix devices officially designated as CVE-2019-19781 has been observed within Canada. The security vulnerability in Citrix devices allows an attacker to gain direct access to an organization’s local network from the internet. In exploiting this vulnerability, an attacker doesn’t need access to any accounts. As such, exploitation can be performed by any attacker. Citrix, for its part, said that CVE-2019-19781, if exploited, could allow an unauthenticated attacker to perform arbitrary code execution. This vulnerability is rated Critical,…
Read More