After receiving a question from a client about a recent scam email, we thought it would be appropriate to address the topic of the “Nigerian Prince”, “Spanish Prisoner” or “419” letter and why it is still relevant in 2020. The type of fraud employed in these scams is known as an “advance-fee scam”. The scam… Continue reading Send me money! I’ve been kidnapped!
Author: Assura Team
DHS Releases Alert for Potential Iranian Cyber Attacks in Response to U.S. Military Strike in Baghdad
Overview On Monday, January 6, 2020, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) released Alert AA20-006A, warning about potential cyberattacks on U.S. companies by the nation of Iran. The alert includes an overview of the threat profile of Iranian state-sponsored offensive cyber activities, tactics used by Iranian Advanced Persistent Threats… Continue reading DHS Releases Alert for Potential Iranian Cyber Attacks in Response to U.S. Military Strike in Baghdad
Vulnerability in Linux “sudo” Command Permits Anyone to Run Commands as Root
OVERVIEW Yesterday (October 14, 2019), a vulnerability was disclosed in the Linux Sudo command (CVE-2019-14287) that permits any user to execute commands as root (the Linux superuser). A very good full analysis of the flaw and how to exploit it is located at https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html. Assura’s Take This is an easy one: update Linux systems so that it uses… Continue reading Vulnerability in Linux “sudo” Command Permits Anyone to Run Commands as Root
The recent Capital One breach has everybody wondering if they are next…
The recent Capital One breach has everybody wondering if they are next. The simple answer is most likely – Yes – if you do nothing to protect yourself. Local counties and cities are a top target for cybercrime in the U.S. right now, and even the smallest locality can be a target. Just look at… Continue reading The recent Capital One breach has everybody wondering if they are next…
New Major Flaw Found in Intel and (Possibly) AMD Processors
Good afternoon – Overview Last night US-CERT (the Department of Homeland Security’s Computer Emergency Response Team) announced the public disclosure by researchers at endpoint security protection company Bitdefender of a new CPU-level information compromise vulnerability. Dubbed “SWAPGS”, the vulnerability is used to execute a “side channel” attack similar to the Spectre vulnerability announced (along with… Continue reading New Major Flaw Found in Intel and (Possibly) AMD Processors
Assura Named 2019 Top SIEM Solution Provider
We are very proud to announce that Assura has been named one of the top 10 SIEM solution providers for 2019 by Enterprise Security Magazine! Security information and event management (SIEM) is key to creating a good threat detection and monitoring system for your business. Good SIEM systems can analyze threats, deliver insights, and provide… Continue reading Assura Named 2019 Top SIEM Solution Provider
Cyber Heads-Up: Week of July 29th
Good morning! This week, we’ve got a doozie for you. As usual, the bad guys are busy trying to find their next way into a system they don’t belong in. Read on to find out more about them, and our take on what exactly is going on. Alert 1: Microsoft OneNote Audio Note Phishing Emails … Continue reading Cyber Heads-Up: Week of July 29th
Cyber Heads-up: Week of May 20, 2019
Good morning- Last week was a very active week in the world of cyber threats. Hacked antivirus software vendors, Microsoft’s unusual release of a security patch for Windows XP, Linux Kernel zero-day, WhatsApp being used to deliver spyware, Google issuing a recall on its Titan security keys, and the SHA-1 hash is officially dangerous. We’ll… Continue reading Cyber Heads-up: Week of May 20, 2019
New MegaCortex Ransomware Leverages Existing Malware Infections
Good morning- Overview Sophos is reporting a sudden spike in a ransomware strain that it disclosed back in March of this year. Dubbed “MegaCortex”, the ransomware appears to be injected through the Emotet and Qbot (aka Qakbot) malware. Both of these malware families have the ability to serve as a delivery mechanism for other malware.… Continue reading New MegaCortex Ransomware Leverages Existing Malware Infections
Assura Awarded IT Security Contract with Metropolitan Washington Airports Authority
I am proud to announce that the Metropolitan Washington Airports Authority (MWAA) has awarded contract SC-18-01022 to Assura for IT Security services. The contract provides the Authority, which operates Washington Dulles International Airport (KAID), Reagan National Airport (KDCA), and the Dulles Toll Road with access to Assura’s wide range of expert cyber security services. This contract is also open for use… Continue reading Assura Awarded IT Security Contract with Metropolitan Washington Airports Authority