Author: Assura Team

UPDATE: Take Immediate Action: Two New Microsoft Exchange Zero-Day Vulnerability confirmed by Microsoft

Overview This Cyber Heads-up has been updated to include a PowerShell command to determine whether an Exchange server has already been compromised. Assura’s Defensive Security Operations Center (SOC) is monitoring recently reported zero-day vulnerabilities in Microsoft Exchange 2013, 2016, and 2019 being exploited in the wild. “The first vulnerability, identified as CVE-2022-41040, is a Server-Side… Continue reading UPDATE: Take Immediate Action: Two New Microsoft Exchange Zero-Day Vulnerability confirmed by Microsoft

Apple announces an ‘actively exploited’ vulnerability that allows hackers to fully control devices

Overview On August 17, 2022, Apple announced a zero-day vulnerability that exploits a software weakness that affects both the kernel (CVE-2022-32894) and the WebKit on Apple devices (CVE-2022-32893). The kernel is a layer of the operating system common on all Apple devices, and the WebKit is part of the default Apple web browser, Safari. Apple… Continue reading Apple announces an ‘actively exploited’ vulnerability that allows hackers to fully control devices

Cybercrime Victim Resources for Individuals

At Assura, we protect businesses and government organizations but know that anyone can be a cyberattack victim. Below are resources that we recommend in the unfortunate situation of a personal cyberattack (links known to work as of the date of publication): Federal Trade Commission ReportFraud Federal Trade Commission Identity Theft and Online Security Federal Trade… Continue reading Cybercrime Victim Resources for Individuals

  |    |  
Categorized as Blog

Assura’s Top 5 Misconceptions about Penetration Testing

With the increasing number of organizations now seeking penetration testing due to regulatory requirements, more and more companies are claiming to offer a service that checks this box. Assura wanted to help clarify some of the top misconceptions you may encounter when searching for a penetration test. We hope this demystifies the process and helps… Continue reading Assura’s Top 5 Misconceptions about Penetration Testing

  |    |  
Categorized as Blog

Follina Zero-day Exploit Permits Attackers Complete Takeover of Victim Systems Through Malicious Microsoft Office Documents

Overview of Follina On Friday, May 27th, 2022, @nao_sec announced on Twitter that they had discovered a novel attack technique utilized in a malicious document (maldoc) submitted from a Belarus IP address to VirusTotal. The new technique uses Microsoft’s Microsoft Support Diagnostic Tool (MSDT) to retrieve and execute malicious code from a remote URL. Microsoft… Continue reading Follina Zero-day Exploit Permits Attackers Complete Takeover of Victim Systems Through Malicious Microsoft Office Documents

CISA Releases Advisory About Multifactor Authentication Bypass with Duo — Duo Responds

TL;DR Russian state-sponsored attackers compromised an NGO by exploiting the weak credentials of an inactive user, default settings in the Duo multifactor authentication service, and PrintNightmare to take over the environment. The way to protect organizations is to implement good cyber hygiene and modifying a couple of default settings in Duo. Overview On Tuesday, March… Continue reading CISA Releases Advisory About Multifactor Authentication Bypass with Duo — Duo Responds

UPDATE: NVIDIA Code Signing Certificates Compromised – Temporarily Halt Updates/Installation of NVIDIA Software

Update March 16, 2022: It’s been twelve days since we posted this Cyber Heads-up and this seems to have dropped out of the news and out of discussion. NVIDIA has been deafeningly silent about this. Our guidance remains the same. Make sure that your environment is set up to monitor for code signed by these… Continue reading UPDATE: NVIDIA Code Signing Certificates Compromised – Temporarily Halt Updates/Installation of NVIDIA Software

Assura Continues to Recommend Operation in a “Shields Up” Defensive Posture

TL;DR Earlier in February, the Cybersecurity and Infrastructure Security Agency (CISA) issued a “Shields Up” warning advising American companies to be extra cautious about potential hacking attempts from Russia as tensions with the country rise, particularly during the Russia-Ukraine crisis. As the situation since the invasion of Ukraine by Russia on Thursday, February 24th continues to evolve, Assura… Continue reading Assura Continues to Recommend Operation in a “Shields Up” Defensive Posture

Cisco Issues Field Notice to Firepower Customers – May Lose Talos Security Intelligence Updates

TL;DR Cisco issued a Field Notice on February 21, 2022 warning customers of its FirePOWER Services Software for ASA, FirePOWER Threat Defense (FTD) Software, and Firepower Management Center Software that the root certificate that signed the TLS certificate for security intelligence updates by its Talos group is being decommissioned and will be replaced on March… Continue reading Cisco Issues Field Notice to Firepower Customers – May Lose Talos Security Intelligence Updates

Highly Effective Russian Phishing Campaigns Against Ukraine May Pivot to U.S. Targets

TL;DR Russian state sponsored threat actors are using malicious Microsoft Office documents with remote macros to compromise Ukrainian targets. With tensions between Russia and Ukraine at a boiling point, we would not be surprised if these attacks to pivot to U.S. targets in critical sectors once sanctions are imposed against Russia by western nations. This… Continue reading Highly Effective Russian Phishing Campaigns Against Ukraine May Pivot to U.S. Targets