Critical Path Security Weighs In on Cobb County Ransomware Breach

In March 2025, Cobb County, Georgia, became the target of a significant ransomware attack orchestrated by the Russian-speaking cybercriminal group known as Qilin. This breach resulted in the compromise of approximately 150 gigabytes of sensitive data, encompassing over 400,000 files. The stolen information reportedly includes autopsy photographs, Social Security numbers, driver's license images, and internal government documents. FOX 5 Atlanta The Attack and Its Implications The cyberattack led to noticeable disruptions in county services, prompting officials to take systems offline temporarily. Qilin, operating under a ransomware-as-a-service model, demanded a ransom to prevent the public release of the stolen data. To demonstrate the severity of the breach, the group released 16 sample images on the dark web, which included sensitive personal information. FOX 5 Atlanta Cobb County officials have confirmed the breach but have opted not to engage with the attackers' demands. In a public statement, the county emphasized its stance…

0 Comments

Critical Vulnerability in Esri ArcGIS Enterprise: Immediate Action Required

A critical security vulnerability, identified as CVE-2025-2538, has been discovered in specific deployments of Esri's ArcGIS Enterprise. This flaw resides in the Password Recovery feature of the Portal component and could allow unauthorized attackers to reset the password of the built-in admin account, leading to potential unauthorized access and data compromise.​ Vulnerability Details The vulnerability affects the following versions of Portal for ArcGIS on Windows: 10.9.1​ 11.1​ 11.2 This issue has been assigned a CVSS v3.1 score of 9.8 (Critical), indicating its high severity. The vulnerability stems from the use of hard-coded credentials (CWE-798), which can be exploited over a network without requiring authentication. Recommended Actions Esri has released the "Portal for ArcGIS Security 2025 Update 1 Patch" to address this vulnerability. It is imperative for organizations utilizing the affected versions to apply this patch immediately to mitigate potential risks. Additional Recommendations Review Access Logs: Examine system logs for any…

0 Comments

Critical Path Security Announces Sponsorship of Ryan Vargas for the 2025 NASCAR Canada Series

Critical Path Security, a leader in cutting-edge cybersecurity solutions, proudly announces its continued support and sponsorship of NASCAR driver Ryan Vargas as he competes in the prestigious NASCAR Canada Series for the 2025 season. After an exhilarating partnership in the NASCAR Whelen Euro Series in 2024, Critical Path Security is expanding its commitment, accompanying Vargas as he returns to North America to race in Canada's premier stock car racing series. This season-long sponsorship underscores the shared values of innovation, perseverance, and the relentless pursuit of excellence that define both Critical Path Security and Ryan Vargas. Patrick Kelley, CEO of Critical Path Security, expressed enthusiasm for the expanded relationship: "Our journey with Ryan Vargas in Europe was nothing short of extraordinary, and we're excited to continue this partnership closer to home. Ryan embodies resilience, skill, and the competitive spirit that aligns perfectly with our company's mission and values. Sponsoring him in…

0 Comments

Critical Path Security Partners With Mental Health Hackers

We're thrilled to announce our continued commitment to the information security community by sponsoring Mental Health Hackers as our first official partnership for 2025! Mental Health Hackers is an incredible organization dedicated to promoting mental wellness, resilience, and support within the cybersecurity community. Their impactful initiatives directly align with our core values at Critical Path Security, reinforcing our dedication not only to digital safety but to the well-being of those who tirelessly protect our digital infrastructures. Patrick Kelley, CEO of Critical Path Security, shares his enthusiasm for this partnership: "Partnering with Mental Health Hackers is more than just sponsorship-it's a statement about who we are and what we stand for at Critical Path Security. Mental wellness is foundational to resilience in cybersecurity. We're proud to support an organization making a real difference, empowering professionals to prioritize their mental health and build stronger, healthier communities." We look forward to a remarkable…

0 Comments