Insights

We at Critical Path Security are thrilled to be at the forefront of this exhilarating venture as we accompany Ryan Vargas in a thrilling exploration of two distinct NASCAR cultures this September. In a remarkable series of events, Ryan Vargas is poised to grace the racing tracks in Germany and the United States, showcasing his versatility and passion for the sport. On the 23rd and 24th of September, the Motorsport Arena Oschersleben in Germany will resonate with the roaring engines of the NASCAR Whelen Euro Series event. It is here that Vargas will masterfully pilot the No. 30 Critical Path Security Chevrolet Camaro, a testament to the groundbreaking collaboration between Team FJ and 3F Racing in the EuroNASCAR PRO division. Following his anticipated Euro Series debut, Vargas will swiftly shift his focus to the exhilarating lanes of the Talladega Superspeedway in the United States. On the 30th of September, witness…

The cybersecurity regulatory landscape is in a constant state of flux. Adhering to these regulations isn't merely about legal compliance; it's a pledge to protect their investors and assets against emerging threats. The Delay and Its Implications In 2023, the Securities and Exchange Commission (SEC) decided to delay the finalization of anticipated cybersecurity rules for investment advisers and funds. Originally forecasted for May 2023, an October release is now expected after an extended public commentary period. Highlighted in these upcoming rules are several pivotal elements, along with additional recommendations: 48-Hour Incident Notification Rule: Enforcing swift communication after security incidents to promote transparency. Disclosures must use Inline XBRL. This new reporting requirement likely will impose an increased burden on companies during what likely is a crisis situation. Documented Cybersecurity Risk Strategies: It's imperative for organizations to have a robust strategy in place. This ensures they proactively tackle and manage emerging cyber…

Microsoft has discovered a clandestine, highly targeted cyberattack aimed at key infrastructure organizations within the United States. This assault is orchestrated by Volt Typhoon, a Chinese state-sponsored entity primarily involved in espionage and intelligence collection. With moderate certainty, Microsoft believes that this campaign by Volt Typhoon is designed to hamper critical communication infrastructure between the US and Asia in potential future crises. Volt Typhoon has been operational since the middle of 2021, launching attacks on key infrastructure organizations within Guam and other parts of the US. The campaign has impacted a range of sectors including communication, manufacturing, utilities, transportation, construction, maritime, government, IT, and education. The observed actions suggest a primary goal of the threat actor is to carry out espionage and maintain undetected access for an extended period. To fulfill their objectives, the attacker places a strong focus on stealth. They rely exclusively on 'living-off-the-land' techniques and direct keyboard…