Insights

We are excited to announce Virginia Kelley will be speaking at the Professional Women Of Pickens County's event in March 2020.  The event is sponsored by one of our partners, Renesant Bank. Her presentation will explore the tactics and motivations of hackers and how to protect your organization from some of the world’s savviest cyber criminals. We encourage you to join us with your questions. Register Here!

If you have Window 10 or Windows Server 2016/2019 installed, like most of the planet, you need to patch now!  NSA recently released a notification along with Microsoft that a critical vulnerability exists in how the mentioned platforms validate Elliptic Curve Cryptography (ECC) certificates. It was discovered by security researchers at NSA, before Microsoft learned of the vulnerability.  It is considered to have been in the wild before discovery. A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider. A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and…

As many of you have heard by now a major vulnerability to the Citrix Netscaler platform was announced before the holidays. At that time the vulnerability was not widely known or for that matter understood. Since that time we have seen bad actors using several tools to bypass corporate security mechanisms. From what we’ve seen at Critical Path Security this breach has the potential to affect every Citrix customer with a Citrix Netscaler gateway deployed. The fact that Citrix has been very quiet on this vulnerability considering they were hacked last year and suffered a significant data breach, is very disconcerting to say the least. Even at this moment, we have not heard how this breach at Citrix occurred or if it is somehow related to the Netscaler gateway vulnerability. The vulnerability is a path traversal bug that can be easily exploited over the internet by an attacker. The attacker…

Printing Impressions published a recent article in which Patrick Kelley was quoted. Kelley states, “A significant problem with IoT devices, like printers, is that customers are not educated on security risks. Companies and consumers need to understand the risks they are accepting with IoT devices and to ensure that their third-party vendors are advocates for what's best for them. Choose your vendors carefully, making sure that they are trustworthy and that you are the priority.” Read the article