Insights

Recent findings from Cisco's Talos security team have unveiled a significant threat to network security through a sophisticated credential compromise campaign. As reported by ARS Technica, this extensive campaign is currently making waves across various organizational networks, focusing on VPNs, SSH, and web applications. Details of the Attack: The attackers are using a combination of generic and organization-specific usernames in their login attempts, along with nearly a hundred passwords. Over 2,000 usernames and approximately 4,000 IP addresses have been identified as part of this assault. The origins of these IP addresses trace back to TOR exit nodes and other services designed to mask user identities, such as VPN Gate and IPIDEA Proxy. Impact and Scope: According to Talos researchers, the impacts of these attacks can vary dramatically from unauthorized network access and account lockouts to potential denial-of-service conditions. This indicates an indiscriminate approach, targeting a broad spectrum of networks without…

As cybersecurity threats continue to pose significant risks to businesses and organizations, staying updated with regulatory changes is crucial. On November 1, 2023, the New York State Department of Financial Services (NYDFS) introduced amendments to its cybersecurity regulation, 23 NYCRR 500, also known as Part 500. These updates come with a structured timeline for compliance, affecting a broad spectrum of entities, including Small Businesses, Class A Companies, and Covered Entities. Here's what you need to know about the changes and how to stay compliant. Key Compliance Dates and Requirements Immediate Changes and Reporting Duties As of December 1, 2023, all entities covered by the regulation are mandated to report cyber incidents, such as ransomware attacks, to NYDFS. This new requirement underscores the need for enhanced incident response strategies and transparent communication with regulatory bodies. Upcoming Compliance Deadlines Looking ahead, a significant deadline looms on April 15, 2024. By this date,…

Critical Path Security is thrilled to announce the launch of our comprehensive Office/Microsoft 365 Hardening Audits. By integrating multiple advanced security frameworks and tools, we are dedicated to bolstering your organization's cloud environment against emerging threats, ensuring compliance, and enhancing overall security posture. Our Enhanced Audit Approach: Our innovative approach to security audits combines several leading technologies and methodologies to provide an in-depth examination of your Microsoft 365 ecosystem. Here's what sets our service apart: Comprehensive Automated Security Tests: Leveraging a combination of advanced testing tools, we perform extensive automated checks across your Microsoft 365 setup. This approach allows us to identify vulnerabilities swiftly and efficiently, ensuring your setup adheres to the latest security best practices. Tailored Security Assessments: Recognizing the uniqueness of each organization, we offer customizable testing options. This flexibility allows us to tailor our audits to match your specific security policies and requirements, providing a more targeted…

As the NASCAR Whelen Euro Series roared into action this 2024 season, the opening races at Circuit Ricardo Tormo were nothing short of dramatic, filled with the thrill and spills that racing fans adore. Amidst the adrenaline-pumping action, our very own Ryan Vargas, proudly sponsored by Critical Path Security, showcased resilience and skill, navigating through a chaotic event marked by a significant incident that disrupted the race proceedings. The race weekend was a rollercoaster for all drivers, with Sunday concluding in a spectacular fashion as Liam Hezemans clinched a victory, his first in nearly a year. However, the standout story from the weekend was the resilience shown by drivers like Ryan Vargas, who found themselves amidst an early race melee. The Big One Strikes Dubbed "the Big One," a ten-car pile-up on the track resembled scenes typically associated with the high-intensity Talladega races. Ryan, caught in the thick of it,…