Blog

With the increasing number of organizations now seeking penetration testing due to regulatory requirements, more and more companies are claiming to offer a service that checks this box. Assura wanted to help clarify some of the top misconceptions you may encounter when searching for a penetration test. We hope this demystifies the process and helps… Continue reading Assura’s Top 5 Misconceptions about Penetration Testing

TL;DR Russian state-sponsored attackers compromised an NGO by exploiting the weak credentials of an inactive user, default settings in the Duo multifactor authentication service, and PrintNightmare to take over the environment. The way to protect organizations is to implement good cyber hygiene and modifying a couple of default settings in Duo. Overview On Tuesday, March… Continue reading CISA Releases Advisory About Multifactor Authentication Bypass with Duo — Duo Responds

Update March 16, 2022: It’s been twelve days since we posted this Cyber Heads-up and this seems to have dropped out of the news and out of discussion. NVIDIA has been deafeningly silent about this. Our guidance remains the same. Make sure that your environment is set up to monitor for code signed by these… Continue reading UPDATE: NVIDIA Code Signing Certificates Compromised – Temporarily Halt Updates/Installation of NVIDIA Software

TL;DR Earlier in February, the Cybersecurity and Infrastructure Security Agency (CISA) issued a “Shields Up” warning advising American companies to be extra cautious about potential hacking attempts from Russia as tensions with the country rise, particularly during the Russia-Ukraine crisis. As the situation since the invasion of Ukraine by Russia on Thursday, February 24th continues to evolve, Assura… Continue reading Assura Continues to Recommend Operation in a “Shields Up” Defensive Posture

TL;DR Cisco issued a Field Notice on February 21, 2022 warning customers of its FirePOWER Services Software for ASA, FirePOWER Threat Defense (FTD) Software, and Firepower Management Center Software that the root certificate that signed the TLS certificate for security intelligence updates by its Talos group is being decommissioned and will be replaced on March… Continue reading Cisco Issues Field Notice to Firepower Customers – May Lose Talos Security Intelligence Updates

TL;DR Russian state sponsored threat actors are using malicious Microsoft Office documents with remote macros to compromise Ukrainian targets. With tensions between Russia and Ukraine at a boiling point, we would not be surprised if these attacks to pivot to U.S. targets in critical sectors once sanctions are imposed against Russia by western nations. This… Continue reading Highly Effective Russian Phishing Campaigns Against Ukraine May Pivot to U.S. Targets

Challenge:  A university approached Assura with a need to meet all the necessary regulatory requirements, including Commonwealth of Virginia cybersecurity standards, PCI DSS, FERPA, and HIPAA.  In addition, they had a unique challenge that most other organizations don’t have. Because they employ students to help run various aspects of the school, they also needed a… Continue reading Protecting a university’s network against both hackers and a student workforce.

Challenge:  A U.S. government contractor tapped a global company that specialized in workforce mobilization and staffing to create and staff a call center. Typically, this would not have been a significant challenge. However, this happened at the peak of the COVID-19 global pandemic, which meant the data center needed to be 100% remote while still… Continue reading ProDefense™ XDR: Quickly secures a global company’s all-new virtual call center.

Challenge:  The Federal Emergency Management Agency (FEMA) challenged the state of Virginia with helping to secure elections. A part of this challenge was making government localities cyber secure as well. FEMA offered a grant to help small localities achieve the level of security required.  Eleven government localities came to Assura for help meeting the cybersecurity… Continue reading Delivering cybersecurity solutions to 11 Virginia government localities at one time.

December 20, 2021: A new Denial of Service vulnerability was announced over the weekend by The Apache Foundation. They now recommend that software vendors and IT departments use version 2.17.0. This means that systems that were patched as of Friday, December 17, 2021 may need to have another patch applied. Assura continues to recommend following… Continue reading Update 2: Severe Zero-Day Vulnerability in Apache Log4j Package Hits the World

Overview Recently, researchers at the University of Cambridge published a paper detailing how obfuscation techniques can be used to inject malicious code into source code prior to compilation. Depending on the compiler, the malicious source code would be hidden from the user’s view, yet still successfully compiled into the software resulting in a trojan horse… Continue reading TrojanSource – Why The Threat Is Real But The World Isn’t On Fire

TL;DR No, it’s not a new Dr. Seuss story – it’s a recently discovered zero-day exploit (CVE-2021-36934, known as HiveNightmare or SeriousSam) that allows an attacker to read the contents of a Security Account Manager (SAM) file on Windows 10 and 11 systems with non-administrator user privileges. In the Assura’s Take section, we provide two… Continue reading I do not like HiveNightmare, SeriousSam. I do not like it here or there. I do not like it anywhere!

TL;DR There is a Windows vulnerability that uses Print Spooler to gain remote code execution on devices. In the Assura’s Take section, we offer three mitigation options: 1. Disable the print spooler service, 2. Apply an ACL to restrict print driver installation/upgrades. 3. Disable remote connections to the Print Spooler. Overview Recently, the security research… Continue reading Windows Print Spooler “PrintNightmare” Vulnerability, Exploits

TL;DR A supply chain exploit of Kaseya’s VSA Remote Management service puts customers of managed service providers (MSPs) using this tool at risk of REvil ransomware.  Assura recommends anyone using Kaseya VSA to follow Kaseya guidance on server hardening when available, and also download and run the indicator of compromise (IOC) scanning tool linked below… Continue reading Kaseya’s VSA Supply Chain Ransomware

It’s been quite a few months in the cyber security world, and last week was no exception with two major vulnerabilities concerning Verkada cameras and Windows DNS servers. Both vulnerabilities are unpacked in the below CHU alerts! Alert 1: Verkada Cameras Hacked, Leads to Network Compromise of Cloudflare, Tesla, and more Overview On March 9,… Continue reading Verkada Cameras Hacked and New Microsoft DNS Server Vulnerability

Overview On March 4, 2021 we posted a Cyber Heads-Up article titled, “Chinese State-Sponsored Group HAFNIUM Exploiting Exchange Zero-Day Vulnerabilities – PATCH NOW”. Today, we are revisiting this attack campaign with updates about what Assura and other security firms are seeing during response efforts. If you are just hearing about the HAFNIUM campaign, please refer… Continue reading Update to HAFNIUM/Microsoft Exchange Server zero-day vulnerabilities

Overview Microsoft recently released out-of-band security updates to address four new vulnerabilities in Exchange Server (on-premises). The series of exploits is actively being used by malicious actors to steal emails and compromise internal networks. What Do We Know About This Attack? The Microsoft announcement contains four new vulnerabilities, which when chained, together have glaringly evil results. Let’s… Continue reading Chinese State Sponsored Group HAFNIUM Exploiting Exchange Zero-Day Vulnerabilities – PATCH NOW

To say that selfies have been popular for the last two decades would be an understatement. Everyone from celebrities to grandparents have been posting pictures online.  In the Age of Covid, the posting of your Covid-19 vaccine record is just the latest selfie phenomenon. However, this trend is not without its dangers. You may be… Continue reading Oversharing in the Age of COVID-19

Overview The Cybersecurity and Infrastructure Security Agency (CISA) released an alert regarding the active exploitation of the SolarWinds Orion platform. It was found by FireEye that SolarWinds Orion versions 2019.4 through 2020.2.1, released between March 2020 and June 2020, were compromised in a supply chain attack. What Do We Know About This Attack? On Sunday, December… Continue reading CISA Announces Active Exploitation of SolarWinds Orion Platform – What You Should Know

Overview Major news shocked the cyber security world yesterday (Tuesday, December 8) when FireEye, the parent company of Mandiant, announced they had been breached and their Red Team tools were stolen. Everyone can be breached, and we mean everyone. FireEye’s Mandiant division is the company everyone runs to when they experience a major breach! FireEye has handled… Continue reading Cyber Security Firm FireEye Reports Major Breach, Assura’s response and monitoring plan

Now that Turkey Day is done and we are waiting for a COVID-free Santa to visit our homes (because surviving quarantine should put us all on Santa’s Nice List), it’s time to answer a common question I receive this time of year. As people prepare their 2021 budgets and evaluate their annual contracts, I frequently get asked… Continue reading The Difference Between an MSP and an MSSP: The Extra “S” Really Does Make a Difference!

Key Takeaways It’s been a busy several days in cybersecurity. Below is an overview of the key events, followed by Assura’s take on these matters. Google announced the discovery of a zero-day privilege escalation flaw in Microsoft Windows, possibly dating back to Windows 7. The U.S. Department of Homeland Security, U.S. Cyber Command, and FBI… Continue reading A Busy Week in Cyber Threats

Overview: On October 13, US-CERT and US Cyber Command issued a Tweet urging organizations and users to install updates released as part of Microsoft’s “Patch Tuesday” security and feature updates. This round of patches closes a particularly nasty vulnerability where a specially crafted IPv6 packet can induce a computer to crash and reveal the dreaded… Continue reading Don’t You Be My Neighbor – Specially Crafted IPv6 Packet Causes Blue Screen of Death

When you talk to your team about cyber security, do you get that not-so-fresh feeling? When you have a date with your executives or stakeholders, are you afraid of things going too far and that they might find out that your business isn’t clean? If so, it’s time to clean up the cyber funk in… Continue reading Cyber Hygiene: Is there funk up all in your business?

Recently, Check Point researcher Sagi Tzadik published a blog post announcing a new attack against Windows DNS Servers which can allow an attacker to create Denial-of-Service conditions and possibly gain Domain Administrator access. What makes this specific vulnerability unique is that it isn’t really new it has been around for 17 years it is just that no one has discovered it… Continue reading A vulnerability called “SIGRed” (CVE-2020-1350), exploits a buffer overflow within the way that Windows DNS Servers process SIG resource record types.

The pandemic has changed the way that we will operate our companies forever.  In a Gallup Poll taken in the week of March 30 – April 2 of this year, sixty-two percent of employed Americans currently say they have worked from home during the crisis. That number was double what it was just two weeks prior. “As… Continue reading The top 3 things you should make sure you are doing to protect your company today!

New PPP Loan Forgiveness Guidelines Broken Down There are many businesses out there that have either received Paycheck Protection Program (PPP) loans during the first round of funding for the CARES Act or are slated to receive it during the second round. As mentioned in my previous post about the PPP loans, a recipient can apply for… Continue reading To Pay, or Not to Pay, That is the Question.

Overview Staying with the recent theme of attacks on the work from home model, we’re back with another warning about Zoom. It’s not that we have anything against Zoom, but the platform rapidly became part of the cultural lexicon over the last couple of months due to the COVID-19 pandemic. With the move to work-from-home,… Continue reading Dark Web Intelligence Firm Reports New Attacks Against Zoom Users

Overview Recently, Varonis researcher Eric Saraga published a blog post announcing a new attack against Azure Active Directory (Azure AD) which can allow an attacker to log in as any synchronized user. The attack method exploits a flaw in the Pass-Through Authentication (PTA) password verification method of allowing users to use their on-premises Active Directory credentials to… Continue reading Attack Against Azure AD Pass-Through Authentication Agent can Compromise Azure/Office 365 Tenants

If you haven’t read Part 1, click here. Believe it or not, there is one blessing out of the disaster that is COVID-19. It provides business leaders with the opportunity to take a moment, step back, look at the long term viability of our business, and take stock of its strengths and weaknesses. It allows us… Continue reading Part 2 of “Is your baby ugly?” Getting lean without cutting bone!

Years ago, when I started out with my first company, one of the best pieces of advice I received was to always make sure you could tell if your baby was ugly. Now, that doesn’t mean our human or fur babies (because those babies are cute and to call one ugly means that person is… Continue reading Is Your Baby Ugly? Staying Agile During a Disaster

Question to the DL: I found that users that have a dedicated space and get dressed as though they are going to work and have set work times are most productive and have the right mindset compared to someone trying to work in their PJs in bed. Do you worry about tracking their time or… Continue reading Tracking Time and Work Productivity

Question to the DL: Strategies to access the new SBA loans for a startup during a disaster? Disaster Lady Answer: Ah, our old friends at the SBA (Small Business Administration). For many of us, we wouldn’t have a business unless we occasionally used SBA backed loans. However, the SBA Disaster Loan is a whole different… Continue reading About the SBA’s Economic Injury Disaster Loan Program

Question to the DL: Do you have a DR template we can use? Disaster Lady Answer: I do have different templates, but there is a reason that you do not see planners that just post templates out there. It is because there are different types of IT DR Plans. Is it for a large or… Continue reading IT Disaster Recovery Plans On The Fly

Overview With most employers shifting to a work from home (WFH) model attackers are chomping at the bit to exploit the introduction of video-teleconferencing (VTC) into your environment. VTC programs such as Zoom, GoToMeeting, or Microsoft Teams are not anything new and neither are their exploitation but with much of the workforce becoming dependent on… Continue reading Hackers Exploiting the Introduction of Video-Teleconferencing into Your Environment

Question to the DL: What about my business insurance? Disaster Lady Answer: There are two truths about business insurance and major disasters that you need to know: Truth 1: Insurance companies do not make their money by paying out claims. Do not expect that you will get a lot of money from your insurance company… Continue reading About Business Interruption Insurance

Overview As the world continues to face the COVID-19 pandemic, attackers are preying on our fears more than ever. There is no depth to which cybercriminals will not sink, even in the case of a worldwide crisis. It’s unfortunate, but some people just want to watch the world burn. For instance… A recent phishing campaign… Continue reading New Phishing Attack Tells Recipient They May Have Contracted COVID-19

Hello all.  I have never done something like this before, but we are in unusual times and that calls for unusual approaches to things.  I am writing as a certified disaster recovery planner to help you figure out how to get through these extreme circumstances. Let’s get one thing straight: I am not trying to… Continue reading About The Disaster Lady

Overview Assura does a significant amount of penetration tests for our clients and we like to communicate the trends that we see as we do these. During the last three, we’ve seen a recurring severe configuration vulnerability using the Smart Install feature of devices running Cisco’s IOS and IOS XE operating systems pop up and felt the… Continue reading Cisco Smart Install Feature Still Poses Significant Security Vulnerability

Overview If you haven’t already heard about these in the press, we’re here to tell you about them. On Tuesday of this week (14 January 2020), the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) released advisory number AA20-014A: Critical Vulnerabilities in Microsoft Windows Operating Systems. CryptoAPI spoofing vulnerability – CVE-2020-0601: This vulnerability affects… Continue reading PATCH NOW: Two Severe Vulnerabilities in Microsoft’s First “Patch Tuesday” of 2020

We are very proud to announce that CIO Review magazine named Assura as one of the top 10 most promising cybersecurity consulting/service Companies of 2019! In 2020, cyber attacks are commonplace, sophisticated, and severe and cyber security now has to be a core component of business and government operations. Innovative tools and techniques to protect… Continue reading Assura Named one of the Top 10 Most Promising Cybersecurity Consulting/Service Companies of 2019 by CIO Review Magazine

Overview If you’re in IT (and haven’t been living under a rock), you know that today is the day that Microsoft officially ends extended support for Windows 7, Windows Server 2008, and Windows Server 2008R2. We went through this back in April of 2014 and July of 2015 when the same thing happened with Windows… Continue reading Today is the Day that Windows 7 and Server 2008/r2 Security Updates End

Overview Our friends and partners at Dark Web intelligence firm IntSights have an excellent (and relatively short) threat briefing about Iranian cyber threat actors and the tactics they use for cyber espionage and warfare. The briefing includes recommendations for mitigation of these threats. The briefing can be downloaded at https://wow.intsights.com/rs/071-ZWD-900/images/Threat%20Brief_Iran.pdf A list of Indicators of Compromise (IOCs)… Continue reading Iranian Espionage/Cyber Warfare Threat Briefing

Overview On Monday, January 6, 2020, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) released Alert AA20-006A, warning about potential cyberattacks on U.S. companies by the nation of Iran. The alert includes an overview of the threat profile of Iranian state-sponsored offensive cyber activities, tactics used by Iranian Advanced Persistent Threats… Continue reading DHS Releases Alert for Potential Iranian Cyber Attacks in Response to U.S. Military Strike in Baghdad

Overview Yesterday (October 14, 2019), a vulnerability was disclosed in the Linux Sudo command (CVE-2019-14287) that permits any user to execute commands as root (the Linux superuser). A very good full analysis of the flaw and how to exploit it is located at https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html. Assura’s Take This is an easy one: update Linux systems so that it uses… Continue reading Vulnerability in Linux “sudo” Command Permits Anyone to Run Commands as Root

Good afternoon – Overview Last night US-CERT (the Department of Homeland Security’s Computer Emergency Response Team) announced the public disclosure by researchers at endpoint security protection company Bitdefender of a new CPU-level information compromise vulnerability. Dubbed “SWAPGS”, the vulnerability is used to execute a “side channel” attack similar to the Spectre vulnerability announced (along with… Continue reading New Major Flaw Found in Intel and (Possibly) AMD Processors

We are very proud to announce that Assura has been named one of the top 10 SIEM solution providers for 2019 by Enterprise Security Magazine! Security information and event management (SIEM) is key to creating a good threat detection and monitoring system for your business. Good SIEM systems can analyze threats, deliver insights, and provide… Continue reading Assura Named 2019 Top SIEM Solution Provider

Good morning! This week, we’ve got a doozie for you. As usual, the bad guys are busy trying to find their next way into a system they don’t belong in. Read on to find out more about them, and our take on what exactly is going on. Alert 1: Microsoft OneNote Audio Note Phishing Emails … Continue reading Cyber Heads-Up: Week of July 29th

Good morning- Overview Today (Monday, July 15, 2019) marks the start of Amazon Prime Day. Prime Day, which runs through tomorrow is a once-a-year event where Amazon.com places numerous items on sale at steep discounts. It is also a “prime” opportunity for scammers to send phishing emails and perpetrate other scams that can put your… Continue reading Beware Amazon Prime Day Scams

Good morning- Last week was a very active week in the world of cyber threats. Hacked antivirus software vendors, Microsoft’s unusual release of a security patch for Windows XP, Linux Kernel zero-day, WhatsApp being used to deliver spyware, Google issuing a recall on its Titan security keys, and the SHA-1 hash is officially dangerous. We’ll… Continue reading Cyber Heads-up: Week of May 20, 2019

Good morning- Overview Sophos is reporting a sudden spike in a ransomware strain that it disclosed back in March of this year. Dubbed “MegaCortex”, the ransomware appears to be injected through the Emotet and Qbot (aka Qakbot) malware. Both of these malware families have the ability to serve as a delivery mechanism for other malware.… Continue reading New MegaCortex Ransomware Leverages Existing Malware Infections

I am proud to announce that the Metropolitan Washington Airports Authority (MWAA) has awarded contract SC-18-01022 to Assura for IT Security services. The contract provides the Authority, which operates Washington Dulles International Airport (KAID), Reagan National Airport (KDCA), and the Dulles Toll Road with access to Assura’s wide range of expert cyber security services. This contract is also open for use… Continue reading Assura Awarded IT Security Contract with Metropolitan Washington Airports Authority

Hi everyone! We’re delighted to announce that Assura was just awarded a contract for cyber security products and services by the Virginia Association of State College and University Purchasing Professionals (VASCUPP). Contract number UCPJMU5318 allows eligible purchasing activities to procure cyber security-related products and services from Assura at pre-negotiated discounts. All of Assura’s services including Virtual ISO™ are on contract… Continue reading Assura Awarded VASCUPP Contract for Cyber Services