Insights

At Critical Path Security, we've always believed that compliance shouldn't be a guessing game-and security shouldn't rely on a checklist. Starting this month, every Managed SOC subscription now includes monthly SCuBA (Secure Cloud Business Applications) scans as part of our standard service. No upsells. No hidden fees. Just better visibility. The SCuBA framework, developed by CISA, is designed to assess Microsoft 365, Google Workspace, and related cloud environments against rigorous, government-grade baselines. By integrating it into our Managed SOC platform, we're bringing the same federal-level scrutiny directly to your organization-automatically, every month. What this means for you: Continuous validation of your cloud security posture Evidence-based alignment with NIST and CMMC controls Immediate remediation guidance for misconfigurations and risky settings Monthly executive summaries delivered alongside your SOC reporting Our analysts already monitor your endpoints, logs, and networks for threats in real time. Now, we're adding a new layer-continuous cloud configuration assurance-so…

When cyber criminals go after routers and switches, it's not noise. It's control.This week, reports confirmed that threat actors are exploiting a critical vulnerability in Cisco's SNMP implementation (CVE 2025 20352) to deploy a rootkit on network switches. It's another reminder that the infrastructure we rely on to see and defend our networks can also be turned against us. At Critical Path Security, we've seen how these attacks evolve. A simple SNMP exposure turns into silent persistence, lateral movement, and data manipulation inside critical environments. This one is especially dangerous. What Happened Cisco IOS and IOS XE systems running certain builds are vulnerable to remote code execution through their SNMP stack. Once cyber criminals reach the SNMP interface, often left open for device management, they can execute code as root. The exploit, active in the wild before Cisco's advisory, targets several popular switch families: 9400, 9300, and the legacy 3750G.…

Why OT Operators Must Maintain a Continuously Updated System Inventory In August 2025, regulatory and cybersecurity agencies from the United States, Canada, Australia, New Zealand, the Netherlands, and Germany jointly released new guidance urging OT owners and operators to create and sustain a definitive, continually updated record of their OT architecture. A follow-on document, joined by the United Kingdom, expands upon how organizations can leverage asset inventories, software bills of materials (SBOMs), and other data sources to build this "definitive record." Why is this so urgent? In short: without a living, accurate map of what's in your environment, security teams can't reliably assess risk, detect vulnerabilities, or respond confidently to incidents. As the guidance notes: "Establishing a definitive record … allows you to effectively assess risks and implement the proportionate security controls. Rather than focusing solely on individual assets, a holistic approach enables you to consider the broader context …"…

Simple Network Management Protocol (SNMP) is a widely used protocol for managing network devices and monitoring system performance. While SNMP provides a convenient way to configure and manage networks, its legacy protocols - SNMPv1 and SNMPv2c - have significant security vulnerabilities that can put your network at risk. In this article, we'll explore the importance of using SNMPv3 and why it's essential for protecting your network from unauthorized access. The Risks of Legacy SNMP Protocols SNMPv1 and SNMPv2c are vulnerable to several types of attacks, including: Community string exposure: In these protocols, community strings are used to authenticate users. If these strings are not properly secured, they can be accessed by unauthorized users, either directly or through phishing attacks. Weak encryption: SNMPv1 and SNMPv2c use weak encryption algorithms, making it easy for attackers to intercept and manipulate data. Lack of authentication: These protocols do not provide robust authentication mechanisms, allowing…