Authority Magazine interviews Jeff Barron: Repelling A Ransomware Attack

"Don't expose RDP to the Internet. This is the front door for many ransomware incidents. Bots brute force attack this service and record the wins. This information is sold or shared with ransomware affiliates who infiltrate companies and deploy the ransomware." Ransomware attacks have sadly become commonplace and increasingly more brazen. Huge enterprise businesses, gas pipelines, universities, and even cities have been crippled by ransomware and forced to pay huge ransoms. What can an individual or a business do to prevent and repel a ransomware attack? In this interview series, we are talking to cybersecurity experts who can share insights from their experience and expertise about the "5 Things You Need To Do To Protect Yourself Or Your Business From A Ransomware Attack." As a part of this series, I had the pleasure of interviewing Jeff Barron. Jeff works as the Director of Professional Services - Offensive Security for Critical…

0 Comments

The Log4Shell Vulnerability – How We Are Protecting You

The latest zero day is a big one. Recently announced, CVE-2021-44228 (dubbed Log4Shell) defines the vulnerability identified in Java's logging package "log4j". This CVE is rated the maximum 10 out of 10. The log4j logging package is built into a significant amount of software, including Apple, Apache, iCloud, Steam, Tesla, Minecraft, and many others. TL;DR: Critical Path Security has been working non-stop to stay ahead of this threat. Our Threat Intelligence feeds have been updated and rolled out to include detections for these attacks. We worked hand in hand with our trusted cyber-security partners to combine our Threat Intelligence with vulnerability identification mechanisms to provide overwhelming support to our customers against this attack. Additionally, our world-class researchers, responders, and analysts have been working around the clock since the notification. The team has continually rolled out additional detections and have worked closely with our customers and partners to respond to attacks.…

0 Comments

Vulnerability Announced: Update Your iPhone and iPad Right Now

Apple has just announced a newly discovered zero-day vulnerability affecting many of the company's phones and tablets. The patch comes with the company's most recent updates to its phone and tablet lines, iOS 15.0.2 and iPadOS 15.0.2. An emergency security announcement put out Monday says the vulnerability affects the following devices: "iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)." Apple has shared that, if exploited properly, hackers could use it to execute arbitrary code with kernel privileges on target devices. This means they would basically be able to inject malware, stalkerware, or stealing sensitive data. Apple says the zero-day was discovered by an "anonymous researcher". They have given it the designation CVE-2021-30883. Details around the attacks have been kept quiet, which is generally a sign that this hasn't been fully…

0 Comments

E-ISAC’s CRISP Fall Workshop 2021

Critical Path Security Founder and CTO, Patrick Kelley will be presenting at the Virtual Cybersecurity Risk Information Sharing Program (CRISP) Fall Workshop October 14 - 15, 2021. Patrick will be filling the Friday, October 15, 1p.m. - 2p.m. time slot and covering "How to Leverage Zeek and Traditional Forensic Tools and Tactics for Successful Investigations." This event has a Limited Disclosure, it is restricted to participants organizations; invitations previously sent. A link to Patrick's presentation will be provided at a later date.

0 Comments