Insights

In a recent groundbreaking interview with Grace King from 11Alive/NBC News, Rick Hudson, the Chief Technology Officer of Critical Path Security, offered expert insights into the multi-year disruption campaign against the infamous LockBit ransomware group. This campaign, a testament to international cooperation and cyber resilience, marked a turning point in the ongoing battle against cybercrime. The Scope and Success of the Operation The operation, orchestrated by the FBI in collaboration with international partners, spanned 10 countries and targeted LockBit's infrastructure both in the United States and abroad. According to the FBI Cyber Deputy Assistant Director Brett Leatherman, this operation was meticulously sequenced, crippling both the front- and back-end infrastructure of the notorious group. In the U.S. alone, four servers were seized, highlighting the operation's extensive reach. Victims of LockBit: A Diverse Range The victims of LockBit's malicious activities were diverse, ranging from major corporations like Boeing, Dell - Secureworks, and…

The cybersecurity landscape has witnessed a significant escalation with the disclosure of a zero-day vulnerability impacting Microsoft Exchange servers. As per the latest report from The Shadowserver Foundation, a non-profit cybersecurity organization, an alarming number of over 28,000 internet-accessible Microsoft Exchange servers are currently at risk. This situation is further exacerbated by an additional 68,000 Exchange instances that are deemed 'possibly vulnerable.' These servers have implemented certain mitigations, yet the risk of exploitation remains. In total, we're looking at approximately 97,000 servers with potential vulnerabilities. The root of this issue lies in a privilege escalation flaw, designated as CVE-2024-21410. This flaw, which carries a severe CVSS score of 9.8, enables pass-the-hash attacks. In such attacks, an intruder can relay a user's Net-NTLMv2 hash against a vulnerable server, thereby authenticating as that user. This vulnerability is particularly concerning because Exchange Server 2019 lacked NTLM credential relay protection, also known as Extended…

ATLANTA - In a startling revelation that adds a new dimension to the January-announced cyberattack on Fulton County, cybersecurity expert Patrick Kelley, founder of Critical Path Security, claims to have uncovered evidence of a data breach. This development contradicts the initial assurances from Fulton County officials who, at the time of the attack's announcement, denied any knowledge of data exfiltration. The recent clarification by county officials categorizes the cyber incident as a financially-motivated ransomware attack. However, Kelley's findings suggest a more severe compromise. He warns that iCloud data, alongside sensitive information relating to high-profile court cases, including those involving Former President Donald Trump and rapper Young Thug, may be at risk. Kelley's urgency is palpable as he speaks about the ticking clock, hinting at an impending release of more compromised data. His discoveries, which he says were documented on a hacking website, include a range of sensitive information such as…

Critical Path Security is proud to announce that our esteemed team member, Patrick Kelley, has accepted an invitation to join the NRECA Cooperative IT Mentoring Program as a mentor and presenter for the 2024 cohort. This unique opportunity highlights Patrick's renowned expertise in cybersecurity and IT, and his dedication to fostering the growth of professionals in the field. The NRECA Cooperative IT Mentoring Program, skillfully managed by Shawna Ryan, is dedicated to the professional development of IT professionals from member co-ops. It emphasizes the enhancement of soft skills and addresses the contemporary challenges faced in the IT sector. Each year, the program is carefully designed with a specific curriculum, focusing on themes, discussions, and valuable resources. A significant new feature of this year's program is the inclusion of exclusive presentations by industry experts, aimed at enriching the participants' experience. Patrick Kelley will be contributing to this innovative aspect with a…