Insights

"We're having upwards of a billion records leaked a year," said Patrick Kelley, CEO of Critical Path Security. "We can pretty much ascertain that every person that has ever been on the internet or created an account on the internet likely has been rolled into a data breach." Kelley said tracking down the source of those breaches can be nearly impossible. "Even though we have state laws that say that we should be disclosing, we haven't really tested those in courts and the companies know that," Kelley said. "Fewer than four out of five actually report that they've had a breach. They will create some pretty interesting ways to make sure that they don't have to disclose, such as telling companies like us that we are not to give them a final report, we're to provide it to the attorneys because there is attorney client privilege." Read More

A compromised and digitally signed version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is allegedly being exploited in an ongoing supply chain attack against the company's customers. 3CX is a major VoIP IPBX software development company with a vast customer base, including high-profile clients from various industries. This wide reach makes it an attractive target for threat actors seeking to compromise a large number of organizations. The 3CX Phone System is utilized by over 600,000 companies globally, with more than 12 million daily users. High-profile clients include American Express, Coca-Cola, McDonald's, BMW, Honda, AirFrance, NHS, Toyota, Mercedes-Benz, IKEA, and Holiday Inn. Security researchers from Critical Path Security, Sophos and CrowdStrike have issued alerts, stating that the attackers are targeting both Windows and macOS users of the compromised 3CX softphone application. Security researchers have raised concerns about attackers targeting both Windows and macOS users of the compromised 3CX…

Critical Path Security is a cybersecurity company based in the United States that provides a range of services to protect businesses and organizations from cyber threats. However, the company's commitment to making a difference goes beyond its core business. For the past few years, Critical Path Security has been actively involved in supporting The Children's Haven, a non-profit organization that provides shelter and support to foster and at-risk kids in the United States. The Children's Haven is a non-profit organization that provides a safe and nurturing environment for children who have experienced abuse, neglect, or abandonment. The organization's mission is to provide a supportive and stable environment for children in need and to help them heal from their past trauma. The organization offers a variety of programs, including emergency shelter, long-term foster care, and adoption services. Critical Path Security has been involved with The Children's Haven for several years, providing…

According to a statement by GoDaddy, a major web hosting company, it has experienced a breach in which unidentified attackers accessed its cPanel shared hosting environment, resulting in the theft of source code and the installation of malware on its servers. The attack spanned multiple years, but GoDaddy only became aware of the breach in early December 2022 after receiving reports from customers that their websites were being redirected to unfamiliar domains. "Based on our investigation, we believe these incidents are part of a multi-year campaign by a sophisticated threat actor group that, among other things, installed malware on our systems and obtained pieces of code related to some services within GoDaddy," the hosting firm said in an SEC filing. According to the company, the recent multi-year campaign responsible for the latest breach is also connected to previous breaches that were disclosed in November 2021 and March 2020. In November 2021,…