Insights

While many organizations rely on Managed Service Providers (MSPs) for IT management, there's a crucial distinction to be made: MSPs keep systems running, but Managed Security Service Providers (MSSPs) keep them secure. MSPs: Primarily focused on Uptime, Not Security MSPs are invaluable for maintaining IT infrastructure, ensuring uptime, and optimizing performance. They play a vital role in keeping businesses operational, but their security measures often fall short. Common security gaps with MSPs include: Reactive Solutions - Many MSPs rely on basic security tools like firewalls and antivirus software. While these are important, they are no match for today's advanced cyber threats. Weak Threat Detection - MSPs often lack the expertise and threat intelligence required to detect sophisticated attacks before they cause damage. Inadequate Incident Response - When a security breach occurs, MSPs may not have the resources or experience to effectively contain and mitigate the threat in real-time. MSSPs: The…

We are thrilled to announce that Patrick Kelley, CEO of Critical Path Security and a passionate advocate for mental health in cybersecurity, will be presenting at the upcoming RSAC™ 2025 Conference in San Francisco. His session, titled "Mental Health in Cybersecurity: Balancing the Scales," will take place on April 29, 2025, from 1:15 PM to 2:05 PM Pacific Time at the Moscone Center. This session is part of the Inclusive Culture & Workforce Development track, highlighting the growing importance of mental well-being in our fast-paced and high-pressure industry. Patrick's talk will delve into the unique mental health challenges faced by cybersecurity professionals, from combating burnout and imposter syndrome to fostering resilience in the face of unrelenting demands. Patrick's session will offer practical strategies and actionable takeaways for attendees to address these challenges head-on, enabling them to prioritize mental health without compromising on success. Whether you're grappling with stress or seeking…

Severity: Critical - CVSS Score: 9.8/10 Date Released: 2025-01-23 Overview SonicWall has issued a security advisory regarding a critical vulnerability (CVE-2025-23006) in its Secure Mobile Access (SMA) 1000 Series appliances. The vulnerability has been identified as a zero-day exploit that has likely been actively exploited in the wild. Customers are urged to take immediate action to mitigate the risk. This flaw does not affect SonicWall's Firewall or SMA 100 Series products. Instead, it specifically impacts the Appliance Management Console (AMC) and Central Management Console (CMC) components of the SMA 1000 Series. Vulnerability Details CVE ID: CVE-2025-23006 Impact: Remote Code Execution (RCE) Description: A pre-authentication deserialization of untrusted data vulnerability exists in the AMC and CMC of the SMA 1000 Series appliances. Under specific conditions, an unauthenticated remote attacker could exploit this flaw to execute arbitrary OS commands, potentially compromising the affected device and broader network. CVSS Score: 9.8 (Critical) Affected Products SMA 1000 Series Appliances: - Appliance Management Console (AMC) - Central Management Console (CMC)…

The U.S. Department of Defense's recent decision to designate Tencent, CATL, and other Chinese firms as Chinese military companies has sent ripples across industries, from technology to automotive manufacturing. While the designation under Section 1260H doesn't immediately ban transactions with these entities, it raises critical questions for American organizations-including local and state governments-about cybersecurity, supply chain risks, and international relations. What This Means for Governments and Businesses The Pentagon's move highlights the growing scrutiny over Chinese firms' alleged ties to Beijing's military initiatives. For local and state governments, this announcement underscores the importance of due diligence in vendor relationships and highlights potential risks when engaging with companies linked to China's strategic goals. Even if no immediate sanctions follow, the designation acts as a red flag for organizations considering partnerships or relying on technology and infrastructure supplied by these firms. Why It Matters to Local and State Governments Data Privacy and…