Critical Path Security guidelines for defending against the increasingly common SIM swap attack.

So what is a SIM swap attack?  A SIM swap attack is when a criminal tricks a customer service representative at a cellular service provider into reassigning the victim’s phone number to a phone that the criminal has.  After they successfully get the SIM swapped to their phone they are able to receive the text messages used as a second form of verification to reset passwords for many online services and apps.  Then they can login to your bank accounts, email and social media. Who should be concerned? Everyone.  Recently, Jack Dorsey the CEO of Twitter was a victim so it can happen to anyone! What can I do to protect myself? The first thing you should do is contact your service provider and add a PIN to your account, this is to prevent a criminal from masquerading as you and changing devices or even who can access your account. …


CMMC: Why Boeing’s Poor Security Posture Affects Subcontractors

On September 4 of this year, the Office of the Assistant Secretary of Defense for Acquisition released its draft of the Cybersecurity Maturity Model Certification (CMMC) for public comment. The CMMC was created in response to growing concerns by Congress and the Department of Defense (DoD) over the increased presence of cyber threats and intrusions aimed at the Defense Industrial Base (DIB) and its supply chains. The increase of successful Cybersecurity attacks against Defense Contractors and Subcontractors has been on a steady climb over the past years, leading to direct intervention and the creation of the CMMC. It is the duty of the manufacturer to monitor their environment, implement effective security controls, and ensure that critical systems are protected from malicious activities, such as ransomware, malware, etc. The protection of intellectual property associated with government projects is of most importance. Unfortunately, a recent investigation into Boeing's infrastructure has illuminated vulnerabilities…

Comments Off on CMMC: Why Boeing’s Poor Security Posture Affects Subcontractors

If you are using Google Chrome, update it now!

Researchers found two vulnerabilities in Google Chrome that could allow a remote attacker to execute arbitrary code (e.g., run malware) on an affected machine. Google has confirmed that at least one of the vulnerabilities is already being exploited in the wild. "Google says it is aware that one of the flaws has an exploit in the wild. This bug received the tracking number CVE-2019-13720 and is in the audio component of the web browser." - Bleeping Computer Google has released an update to address these vulnerabilities that should be installed as soon as possible. Critical Path Security recommends issuing the following in a Chrome tab, "chrome://settings/help".  If the browser isn't up-to-date, a prompt will be provided to update and relaunch the browser.  Follow that prompt.


Critical Path Security is excited to announce that our CTO, Patrick Kelley, will be speaking at Milner’s Tech Fest in Raleigh, NC!

Featured Solutions & Services include: Physical Security Systems – Learn how solutions such as Access Controls & Video Surveillance can simplify your operations and enhance situational awareness. Managed IT & Security – Is your business' network secure and operating at optimal efficiency? Copiers & MFPs – Discover ways to increase efficiency and lower document output costs. Business Phone Systems – See how Unified Communications is changing the way we communicate. Document Management – Capture paper documents smarter and faster – put your information to work. Special Guest Speaker Patrick Kelley, CISSP, C|EH, ITIL We are excited to announce Patrick Kelley as the day’s Keynote Speaker. With more than 20 years of experience in the Information Management and Security field, Patrick has spoken on panels with members from the FBI, CIA, NSA, and is a reoccurring guest on 11 Alive and NBC News. His presentation, Cyberzoology: Protecting Your Organization From New Breeds Of…

Close Menu