In this episode, we dive into the end of July headlines, covering a class action lawsuit against John Hopkins following a major data breach, emphasizing the need for better data handling and security practices. We also explore the complexities of IoT device regulation, questioning the absence of tech giants like Apple and Microsoft in this… Continue reading Podcast Episode 3: Breaches, Scams, and Countdown to DEFCON
Author: Assura Team
Podcast Episode 2: Summer Phishing Season is Hot, but so is DEFCON
Ever wondered how safe your digital life really is? Prepare to open your eyes to the unseen dangers lurking in your inbox and online transactions. Welcome to our latest episode of Unmasked, where the superheroes of cybersecurity provide a clearer understanding of the threats we face in our digital world. About this episode: In this… Continue reading Podcast Episode 2: Summer Phishing Season is Hot, but so is DEFCON
Podcast Episode 1: Decoding the Dark Secrets of Cyberattacks
Assura is excited to release the first episode of our new podcast–Unmasked. Where the superheroes of cybersecurity provide a clearer understanding of the threats we face in our digital world. Unmasked is hosted by our very own in-house cybersecurity experts Paul Blacker and Mark Harvey. About this first episode: Buckle up, as we take you… Continue reading Podcast Episode 1: Decoding the Dark Secrets of Cyberattacks
MOVEit Transfer Software: Critical Zero-day Being Actively Exploited
Overview Assura’s Security Operations Center is seeing active exploitation of a SQL Injection flaw in Progress Software’s MOVEit Transfer product first announced on May 31, 2023. The vulnerability is CVE-2023-34362. Technical Analysis A full technical analysis has been done by our friends at Huntress, who have been on the forefront of analyzing exploitation of the… Continue reading MOVEit Transfer Software: Critical Zero-day Being Actively Exploited
Critical Vulnerability in Zyxel Network Appliances Exploited, PoC Scripts Circulating
Overview A few days after Rapid7 posted their technical analysis of CVE-2023-28771, which included a proof-of-concept exploit, Assura’s Offensive Security Operations team noticed a lot of chatter on social media and hacking forums regarding the exploitation of Zyxel network appliances. CVE-2023-28771 is a pre-authentication remote code execution vulnerability affecting the WAN interfaces of several Zyxel… Continue reading Critical Vulnerability in Zyxel Network Appliances Exploited, PoC Scripts Circulating
An IT team of one quickly takes control of 400 vulnerabilities.
CASE STUDY: Challenge: Organizations are inundated with hundreds of thousands of vulnerabilities every year. After years of experience, we know most organizations can only patch about 1 in 10 (10%) vulnerabilities discovered in their environment based on resource capacity. This is simply insufficient to meet expectations. Traditional vulnerability management approaches that rely on CVSS scoring… Continue reading An IT team of one quickly takes control of 400 vulnerabilities.
Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
Overview Assura’s Offensive Security Operations Team has been looking into MDSec’s Dominic Chell’s research into the recent Microsoft Office Outlook updates where Dominic found that there is a privilege escalation vulnerability within Outlook. Via this vulnerability, a remote attacker can create a malicious Outlook Appointment Reminder which when triggered, will authenticate the victim to a… Continue reading Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
Virginia municipality discovers a dangerous backdoor
Challenge: With attacks on municipalities on the rise, a midsized county in Virginia knew it needed to improve its cybersecurity posture. The problem was they were not sure where to begin. So they enlisted our services to help them determine their strengths and vulnerabilities. Solution: Assura helped the county get started with an assessment of… Continue reading Virginia municipality discovers a dangerous backdoor
Cybersecurity Tips from Assura’s VISO Bunch
Assura’s Virtual Information Security Officers (VISO) deliver a complete solution for both cybersecurity and compliance. Also referred to in the industry as Fractional Chief Information Security Officers (CISO), their expertise is an invaluable asset to our clients. Watch the video below to meet some of the VISO team as they give cybersecurity tips on topics… Continue reading Cybersecurity Tips from Assura’s VISO Bunch
A Humorous LinkedIn “Celebrate an Occasion” Hack for Cybersecurity Awareness Month
For Cybersecurity Awareness Month, Assura wanted to grab the world’s attention and showcase cyber defense in a humorous and disruptive way. Humor is often a very powerful tool for communicating a serious message and we felt it was the way to go for this cybersecurity awareness effort. So very much in the spirit of an… Continue reading A Humorous LinkedIn “Celebrate an Occasion” Hack for Cybersecurity Awareness Month