"A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 750,000 companies around the world that use Zoom to conduct day-to-day business." We highly recommend that Critical Path Security customers work with their Account Manager or IT Provider to implement a solution to protect the organization, as soon as possible! Read more
Critical Path Security researcher Patrick Kelley told BleepingComputer that he was able to quickly find the credentials bad actors would need to infiltrate both the City of Griffin and P.F. Moon's systems with the help of several OSINT tools and techniques such as Shodan, RiskIQ's PassiveTotal, data dumps, and pastes. "I work heavily with small governments. Very similar issues across all municipalities. Small budgets. High expectations. I was VERY happy that the City of Griffin was doing Security Awareness Training. It's quite rare," added Kelley. "The biggest thing we've been pushing that works are phone, text, some sort of additional factor to authorize a payment change." Read more
"We can patch operating systems all day long, but it's a lot harder to patch the human in us," cybersecurity expert Patrick Kelley said. Kelley isn't surprised the city of Griffin got scammed. "It happens every week," he said. What is uncommon is how much money the crooks got. The scheme went through the city's water department. An email came through that looked legitimate from their vendor - P F Moon & Co. The email said they needed to change the banking information for the account, so the city employee sent it over. "We get that these changes need to take place, but an email just isn't good enough," Kelley said. Read More
The Atlanta City digital systems were hijacked by a ransomware attack in 2018. Officials said this attack is much less serious than the one that affected the city. However, Cyber Security Expert Patrick Kelley said it is still a big deal. "To me there's a dramatic impact to this,"Kelley said. Kelley is talking to some of the judges impacted by the hack, and they told him they can't access any of their information. He also believes the judicial council likely doesn't know the full scope of the attack. Read more