Blended Threats and Attacks are becoming far more prevalent. Traditional approaches to cyber defense are no longer effective. Patrick Kelley will be discussing using non-traditional controls and processes to secure your business.
We are excited to announce Virginia Kelley will be speaking at the Professional Women Of Pickens County's event in March 2020. The event is sponsored by one of our partners, Renesant Bank. Her presentation will explore the tactics and motivations of hackers and how to protect your organization from some of the world’s savviest cyber criminals. We encourage you to join us with your questions. Register Here!
If you have Window 10 or Windows Server 2016/2019 installed, like most of the planet, you need to patch now! NSA recently released a notification along with Microsoft that a critical vulnerability exists in how the mentioned platforms validate Elliptic Curve Cryptography (ECC) certificates. It was discovered by security researchers at NSA, before Microsoft learned of the vulnerability. It is considered to have been in the wild before discovery. A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider. A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and…
As many of you have heard by now a major vulnerability to the Citrix Netscaler platform was announced before the holidays. At that time the vulnerability was not widely known or for that matter understood. Since that time we have seen bad actors using several tools to bypass corporate security mechanisms. From what we’ve seen at Critical Path Security this breach has the potential to affect every Citrix customer with a Citrix Netscaler gateway deployed. The fact that Citrix has been very quiet on this vulnerability considering they were hacked last year and suffered a significant data breach, is very disconcerting to say the least. Even at this moment, we have not heard how this breach at Citrix occurred or if it is somehow related to the Netscaler gateway vulnerability. The vulnerability is a path traversal bug that can be easily exploited over the internet by an attacker. The attacker…