Urgent Alert for Microsoft Exchange Servers: Critical Vulnerability Exposes Thousands

The cybersecurity landscape has witnessed a significant escalation with the disclosure of a zero-day vulnerability impacting Microsoft Exchange servers. As per the latest report from The Shadowserver Foundation, a non-profit cybersecurity organization, an alarming number of over 28,000 internet-accessible Microsoft Exchange servers are currently at risk. This situation is further exacerbated by an additional 68,000 Exchange instances that are deemed 'possibly vulnerable.' These servers have implemented certain mitigations, yet the risk of exploitation remains. In total, we're looking at approximately 97,000 servers with potential vulnerabilities. The root of this issue lies in a privilege escalation flaw, designated as CVE-2024-21410. This flaw, which carries a severe CVSS score of 9.8, enables pass-the-hash attacks. In such attacks, an intruder can relay a user's Net-NTLMv2 hash against a vulnerable server, thereby authenticating as that user. This vulnerability is particularly concerning because Exchange Server 2019 lacked NTLM credential relay protection, also known as Extended…

0 Comments

Patrick Kelley, founder, interviewed by 11Alive regarding the Fulton County ransomware attack

ATLANTA - In a startling revelation that adds a new dimension to the January-announced cyberattack on Fulton County, cybersecurity expert Patrick Kelley, founder of Critical Path Security, claims to have uncovered evidence of a data breach. This development contradicts the initial assurances from Fulton County officials who, at the time of the attack's announcement, denied any knowledge of data exfiltration. The recent clarification by county officials categorizes the cyber incident as a financially-motivated ransomware attack. However, Kelley's findings suggest a more severe compromise. He warns that iCloud data, alongside sensitive information relating to high-profile court cases, including those involving Former President Donald Trump and rapper Young Thug, may be at risk. Kelley's urgency is palpable as he speaks about the ticking clock, hinting at an impending release of more compromised data. His discoveries, which he says were documented on a hacking website, include a range of sensitive information such as…

0 Comments

Critical Path Security’s Patrick Kelley to Mentor and Present in Exclusive NRECA Cooperative IT Mentoring Program

Critical Path Security is proud to announce that our esteemed team member, Patrick Kelley, has accepted an invitation to join the NRECA Cooperative IT Mentoring Program as a mentor and presenter for the 2024 cohort. This unique opportunity highlights Patrick's renowned expertise in cybersecurity and IT, and his dedication to fostering the growth of professionals in the field. The NRECA Cooperative IT Mentoring Program, skillfully managed by Shawna Ryan, is dedicated to the professional development of IT professionals from member co-ops. It emphasizes the enhancement of soft skills and addresses the contemporary challenges faced in the IT sector. Each year, the program is carefully designed with a specific curriculum, focusing on themes, discussions, and valuable resources. A significant new feature of this year's program is the inclusion of exclusive presentations by industry experts, aimed at enriching the participants' experience. Patrick Kelley will be contributing to this innovative aspect with a…

0 Comments

Join Us at the Alabama Rural Electric Co-Op Annual Accounting Update for an Essential Cybersecurity Talk

We are excited to announce our participation in the upcoming Alabama Rural Electric Co-Op Annual Accounting Update. Our team is committed to empowering organizations with cutting-edge insights into cybersecurity, and this event is a significant opportunity to delve into the latest developments in this vital field. Event Details: Date: February 20, 2024 Time: Full event schedule to be announced (Our talk is a key highlight!) Location: AREA, 340 TechnaCenter Drive, Montgomery, Alabama 36117 What to Expect: Our talk, titled "Strengthening Cyber Resilience in the Energy Sector: A Call to Action for Alabama's Rural Electric Co-ops," will cover a range of crucial topics. Here's a sneak peek: The Current Cybersecurity Landscape: We will explore recent cyber incidents in the energy sector, focusing on their evolution and impacts. Understanding these trends is essential for preparing and strengthening our defenses. Best Practices for Cybersecurity: This segment is tailored specifically for rural electric co-ops.…

0 Comments