New security vulnerabilities set off a ripple of security problems in millions of devices

Security researchers recently disclosed that they have discovered a handful of game-changing vulnerabilities that spell disaster for multitudes connected devices.  This past week, security company JSOF unveiled 19 CVEs – four of them critical remote code execution flaws – in a low-level networking software library that renders millions of devices vulnerable to exploitation. The researchers have labeled the set of vulnerabilities as Ripple20. The researchers have stated that the bugs will enable attackers to take control of internet-facing devices. Unfortunately, these vulnerabilities could lay dormant for years without bringing awareness to the consumer. As we've experienced with similar vulnerabilities, we expect these bugs to be leveraged in far widespread attacks, such as Mirai Botnet, or used as pivot points into corporate and home networks.  Critical Path Security and Léargas Security have partnered to deliver Suricata and Zeek detections to protect customers. Additionally, all Suricata rules will be updated and made available to…

0 Comments

It’s 9AM, do you know where your data is?

One of the greatest challenges to organizations during the pandemic has been communications. When we send everyone home and the impromptu hallway meetings stop, what paths does information find to rebuild itself? As we've come to find, the resilience of corporate communication is akin to the flowing of a river. It will find the path of least resistance and move forward. Often, this comes in the form of email forwarding from the organization to personal email accounts. What does that mean? You likely have no idea where corporate information is ending up. Before the pandemic, Critical Path Security worked very closely with the Léargas Security team to visualize very specific information from the Azure and Office 365 platforms. In particular, email forwarding. Who's doing it? Why are they doing it? Why should you care? Your users may see this as a convenience. Unfortunately, you have no tracking capabilities of communication(s)…

0 Comments

Critical Path Security provides COVID-19 Threat Intel Feeds

Critical Path Security is a proud participant of the COVID-19 CTI League and a long-standing member of the Zeek community!  The intelligence shared within these groups has been invaluable in preventing successful attacks on organizations around the globe. As Founder Ohad Zaidenberg told SecureWorld: "Since the coronavirus came out, I started to notice more and more hackers use this crisis to gain profit, and it made me so mad. It made me so angry because this is a game-changer. This is not the time to attack. People can lose their life with all this activity. So if someone is crazy enough and sick enough to use this coronavirus crisis to leverage it, to gain some profit, he needs to know that we are here to stop him. We are here to fight back. And I think that most of the people that joined our league, they have that emotion." Aiming…

Comments Off on Critical Path Security provides COVID-19 Threat Intel Feeds

CMMC Update – April 2020

Those that thought we would receive a reprieve due to the Coronavirus were potentially surprised by Arrington's most recent statements. “We are continuing with rolling out the CMMC, we are not slowing down,” Arrington said at an April 1 CDM Workshop. “COVID-19 is a horrible event for the globe. But the sun will rise, and we have to continue to march forward. And gratefully and thankfully, the teams have been working virtually on this.” “We’re doing our absolute best to stay on track because even though we are in horrible times, we have to have continuity of care and the mission is important,” she explained. If anything, Arrington added, the reliance on tech during the COVID-19 crisis has expressed to everyone “how imperative those practices are.” Fortunately, with the release of Version 1.02 of the CMMC Model, no major changes were introduced.  You can expect useful tools, such as tabular…

Comments Off on CMMC Update – April 2020