Advice – Cyber Attacks Increase As Tensions Rise In Ukraine

As the events have been unfolding in Ukraine, there has been an amplification of cyberattacks around the world. These attacks are beginning to impact organizations around the United States. It should be stated that Russia has sophisticated cyber capabilities with a track record of wreaking havoc on organizations around the world. The SVR, Russia's foreign intelligence service, has been linked to a several of espionage campaigns and data breaches, from the widespread SolarWinds breach in 2020 to stealing information related to COVID-19 vaccines. Critical Path Security, along with our trusted partners in the U.S. Intelligence Community, Law Enforcement, and Global Intelligence Allies are continuing to monitor this situation around the clock to isolate legitimate and direct threats against our customers and national interests. CISA recommends that organizations, regardless of size, adopt a cybersecurity program that embraces the following recommendations: Reduce the likelihood of a damaging cyber intrusion Validate that all…

Comments Off on Advice – Cyber Attacks Increase As Tensions Rise In Ukraine

Founder, Patrick Kelley, interviewed for The Ultimate Guide for New CTOs and Tech Executives!

"Get to know your organization" We also received a lot of practical, tried-and-tested advice on how new CTOs can get to know their organization better. "If possible, a new CTO or CISO should interview the predecessor. Most CTO-led programs are tied to long-term goals with relatively long implementation cycles. The predecessor will provide some unique insight that is often left out of the documentation. If possible, have them introduce you to the other department leaders, executives, and your direct report. Their stamp of approval will make your transition much smoother!" "Learn the culture. This requires asking a lot of questions and listening intently. I recommend mapping to the McKinsey 7S Framework, if possible. It will help you find your fit and how to best communicate across the organization." "I recommend performing a high-level assessment of the current IT capabilities and commitments. There won't be enough time to get deep into…

Comments Off on Founder, Patrick Kelley, interviewed for The Ultimate Guide for New CTOs and Tech Executives!

The Log4Shell Vulnerability – How We Are Protecting You

The latest zero day is a big one. Recently announced, CVE-2021-44228 (dubbed Log4Shell) defines the vulnerability identified in Java's logging package "log4j". This CVE is rated the maximum 10 out of 10. The log4j logging package is built into a significant amount of software, including Apple, Apache, iCloud, Steam, Tesla, Minecraft, and many others. TL;DR: Critical Path Security has been working non-stop to stay ahead of this threat. Our Threat Intelligence feeds have been updated and rolled out to include detections for these attacks. We worked hand in hand with our trusted cyber-security partners to combine our Threat Intelligence with vulnerability identification mechanisms to provide overwhelming support to our customers against this attack. Additionally, our world-class researchers, responders, and analysts have been working around the clock since the notification. The team has continually rolled out additional detections and have worked closely with our customers and partners to respond to attacks.…

0 Comments

Vulnerability Announced: Update Your iPhone and iPad Right Now

Apple has just announced a newly discovered zero-day vulnerability affecting many of the company's phones and tablets. The patch comes with the company's most recent updates to its phone and tablet lines, iOS 15.0.2 and iPadOS 15.0.2. An emergency security announcement put out Monday says the vulnerability affects the following devices: "iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)." Apple has shared that, if exploited properly, hackers could use it to execute arbitrary code with kernel privileges on target devices. This means they would basically be able to inject malware, stalkerware, or stealing sensitive data. Apple says the zero-day was discovered by an "anonymous researcher". They have given it the designation CVE-2021-30883. Details around the attacks have been kept quiet, which is generally a sign that this hasn't been fully…

0 Comments