Critical Path Security is excited to announce that our Vice-President, Virginia Kelley, will be speaking in North Georgia!

We are excited to announce Virginia Kelley will be speaking at the Professional Women Of Pickens County's event in March 2020.  The event is sponsored by one of our partners, Renesant Bank. Her presentation will explore the tactics and motivations of hackers and how to protect your organization from some of the world’s savviest cyber criminals. We encourage you to join us with your questions. Register Here!


Critical Windows Vulnerability Discovered by NSA – What you should know!

If you have Window 10 or Windows Server 2016/2019 installed, like most of the planet, you need to patch now!  NSA recently released a notification along with Microsoft that a critical vulnerability exists in how the mentioned platforms validate Elliptic Curve Cryptography (ECC) certificates. It was discovered by security researchers at NSA, before Microsoft learned of the vulnerability.  It is considered to have been in the wild before discovery. A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider. A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and…

Comments Off on Critical Windows Vulnerability Discovered by NSA – What you should know!

Vulnerability in Citrix Application Delivery Controller and Citrix Gateway

As many of you have heard by now a major vulnerability to the Citrix Netscaler platform was announced before the holidays. At that time the vulnerability was not widely known or for that matter understood. Since that time we have seen bad actors using several tools to bypass corporate security mechanisms. From what we’ve seen at Critical Path Security this breach has the potential to affect every Citrix customer with a Citrix Netscaler gateway deployed. The fact that Citrix has been very quiet on this vulnerability considering they were hacked last year and suffered a significant data breach, is very disconcerting to say the least. Even at this moment, we have not heard how this breach at Citrix occurred or if it is somehow related to the Netscaler gateway vulnerability. The vulnerability is a path traversal bug that can be easily exploited over the internet by an attacker. The attacker…

Comments Off on Vulnerability in Citrix Application Delivery Controller and Citrix Gateway