Insights

Holidays are fast approaching, which means online shopping and scams are going to be on the rise. Here are a few ways to stay as safe as possible. 1.  Know the red flags. The most common types of scams will target you through fake emails (a technique known as phishing), text messages (SMSishing or smishing) voice calls (vishing), letters or even someone who shows up at your front door unexpectedly. No matter which technique the criminal uses these are the common things they try: Pressure you to send money Threaten you with law enforcement action Tell you to purchase gift cards and provide codes as a form of payment Ask you to cash a check for them or send money via wire transfer Ask you to deposit a check that overpays for something you're selling, and then send the difference elsewhere 2. Don’t provide account or personal information via email…

So what is a SIM swap attack?  A SIM swap attack is when a criminal tricks a customer service representative at a cellular service provider into reassigning the victim’s phone number to a phone that the criminal has.  After they successfully get the SIM swapped to their phone they are able to receive the text messages used as a second form of verification to reset passwords for many online services and apps.  Then they can login to your bank accounts, email and social media. Who should be concerned? Everyone.  Recently, Jack Dorsey the CEO of Twitter was a victim so it can happen to anyone! What can I do to protect myself? The first thing you should do is contact your service provider and add a PIN to your account, this is to prevent a criminal from masquerading as you and changing devices or even who can access your account. …

On September 4 of this year, the Office of the Assistant Secretary of Defense for Acquisition released its draft of the Cybersecurity Maturity Model Certification (CMMC) for public comment. The CMMC was created in response to growing concerns by Congress and the Department of Defense (DoD) over the increased presence of cyber threats and intrusions aimed at the Defense Industrial Base (DIB) and its supply chains. The increase of successful Cybersecurity attacks against Defense Contractors and Subcontractors has been on a steady climb over the past years, leading to direct intervention and the creation of the CMMC. It is the duty of the manufacturer to monitor their environment, implement effective security controls, and ensure that critical systems are protected from malicious activities, such as ransomware, malware, etc. The protection of intellectual property associated with government projects is of most importance. Unfortunately, a recent investigation into Boeing's infrastructure has illuminated vulnerabilities…

Researchers found two vulnerabilities in Google Chrome that could allow a remote attacker to execute arbitrary code (e.g., run malware) on an affected machine. Google has confirmed that at least one of the vulnerabilities is already being exploited in the wild. "Google says it is aware that one of the flaws has an exploit in the wild. This bug received the tracking number CVE-2019-13720 and is in the audio component of the web browser." - Bleeping Computer Google has released an update to address these vulnerabilities that should be installed as soon as possible. Critical Path Security recommends issuing the following in a Chrome tab, "chrome://settings/help".  If the browser isn't up-to-date, a prompt will be provided to update and relaunch the browser.  Follow that prompt.