Insights

11Alive/NBC News reports that the Department of Public Safety computer systems are still offline with no timeline as to when they'll be back up. But it's not the first agency to run into issues with malware in recent weeks. Patrick Kelley goes on record stating: "Officers that are responding are trained very well and are competent to do their duties even when they are hampered, but I can't trivialize the impact that those officers responding and not having immediate access to the information that they need," explained Patrick Kelley.

"A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 750,000 companies around the world that use Zoom to conduct day-to-day business." We highly recommend that Critical Path Security customers work with their Account Manager or IT Provider to implement a solution to protect the organization, as soon as possible! Read more

Critical Path Security researcher Patrick Kelley told BleepingComputer that he was able to quickly find the credentials bad actors would need to infiltrate both the City of Griffin and P.F. Moon's systems with the help of several OSINT tools and techniques such as Shodan, RiskIQ's PassiveTotal, data dumps, and pastes. "I work heavily with small governments. Very similar issues across all municipalities. Small budgets. High expectations. I was VERY happy that the City of Griffin was doing Security Awareness Training. It's quite rare," added Kelley. "The biggest thing we've been pushing that works are phone, text, some sort of additional factor to authorize a payment change." Read more

"We can patch operating systems all day long, but it's a lot harder to patch the human in us," cybersecurity expert Patrick Kelley said. Kelley isn't surprised the city of Griffin got scammed. "It happens every week," he said. What is uncommon is how much money the crooks got. The scheme went through the city's water department. An email came through that looked legitimate from their vendor - P F Moon & Co. The email said they needed to change the banking information for the account, so the city employee sent it over. "We get that these changes need to take place, but an email just isn't good enough," Kelley said. Read More