Insights

The Government Emergency Response Team of Ukraine (CERT-UA) and Microsoft have issued alerts concerning an advanced spear-phishing campaign conducted by the threat actor Midnight Blizzard. The campaign targets public authorities, critical industries, and military organizations with emails themed around "integration with Amazon and Microsoft services" and "Zero Trust Architecture (ZTA)." The emails contain malicious RDP (Remote Desktop Protocol) configuration files that establish unauthorized RDP connections to attacker-controlled infrastructure. Attack Methodology: The attackers embed .rdp configuration files in their emails, which establish outbound connections to their servers upon execution. Key elements of this approach include: Local Resource Access: These RDP files allow attackers access to local resources such as disks, network resources, printers, COM ports, audio devices, and the clipboard. Potential Code Execution: CERT-UA reports that these files could allow the installation of third-party scripts or programs on the victim's machine, enabling further malware deployment. Impersonation of AWS Domains: Attackers use…

Federal authorities and security researchers have recently identified active exploitation of a critical format string vulnerability affecting four Fortinet products. The Cybersecurity and Infrastructure Security Agency (CISA) has listed this vulnerability (CVE-2024-23113) in its Known Exploited Vulnerabilities catalog. Key Details: Vulnerability ID: CVE-2024-23113 CVSS Score: 9.8 (Critical) Potential Impact: Exploitation could allow remote, unauthenticated attackers to execute arbitrary code or commands. Products Affected: FortiOS Versions: 7.4.0 to 7.4.2, 7.2.0 to 7.2.6, 7.0.0 to 7.0.13 FortProxy Versions: 7.4.0 to 7.4.2, 7.2.0 to 7.2.8, 7.0.0 to 7.0.15 FortiPAM Versions: 1.2, 1.1, 1.0 FortiSwitchManager Versions: 7.2.0 to 7.2.3, 7.0.0 to 7.03 Recent Exploits: According to Fortinet and the research group Shadowserver, more than 87,000 Fortinet IPs may be vulnerable, with over 14,000 potentially impacted in the United States alone. Shadowserver's findings suggest a large portion of U.S. infrastructure may be at risk. What You Need to Know: Fortinet has provided a workaround that…

As an email sender, you're likely familiar with the importance of email authentication in maintaining a healthy reputation. SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) are three complementary technologies that work together to ensure the authenticity and security of your emails. In this article, we'll delve into how these protocols interact with each other and provide best practices for implementing them. Understanding SPF SPF is a simple email authentication protocol that helps prevent spammers from sending emails on behalf of your domain. It works by allowing you to specify which IP addresses are authorized to send emails from your domain. When an email sender claims to be coming from your domain, the receiving mail server checks if the IP address used to send the email is listed in your SPF record. If it's not, the email may be flagged as spam.…

Critical Path Security is proud to announce that we will be partnering with our driver, Ryan Vargas, for the upcoming NASCAR Xfinity Series race at Las Vegas Motor Speedway! Ryan will be piloting the No.74 car for Mike Harmon Racing, his second start of the season with the team. "It's truly an honor to welcome Critical Path Security back into the Xfinity Series," said Vargas. "Our relationship this year has only been strengthened after our successful Top-10 EuroNASCAR campaign and I'm thrilled to see them continue to support my journey in the sport and expand on our partnership!" This weekend's race will mark the second time Critical Path Security has been a primary partner in the NASCAR Xfinity Series with Ryan and the fourth time overall across NASCAR's National Touring Series. Be sure to catch Ryan and the No.74 Critical Path Security Chevrolet Camaro this Saturday at 4PM PST /…