Overview: Akamai researchers have identified a significant privilege escalation vulnerability in Windows Server 2025, termed “BadSuccessor.” This flaw exploits the newly introduced delegated Managed Service Accounts (dMSAs) feature, allowing attackers to impersonate any Active Directory (AD) user, including domain administrators, without altering existing accounts or group memberships. Key Details: Impact: Exploitation of BadSuccessor can lead… Continue reading Cyber Heads Up: “BadSuccessor”—A Critical Active Directory Privilege Escalation Vulnerability in Windows Server 2025
Author: Assura Team
Global IT Services Company Reaches Compliance
A publicly traded IT services company faced mounting pressure from its enterprise clients to obtain high-level cybersecurity certifications. Without these certifications, the company risked losing hundreds of millions in existing business and missing out on pivotal growth opportunities. Despite its strong expertise in technology strategy, operations, and staffing, the company’s ability to address cybersecurity Governance,… Continue reading Global IT Services Company Reaches Compliance
Safeguarding Student and Faculty Data: Cybersecurity in Higher Education
Higher education institutions store vast amounts of sensitive information, including student and personnel records, financial details, and proprietary faculty research. This accumulated data makes schools an ideal target for bad actors in the modern cyberscape, yet such dangers are further heightened by colleges’ and universities’ unique technology requirements. Therefore, implementing reliable security compliance solutions is… Continue reading Safeguarding Student and Faculty Data: Cybersecurity in Higher Education
SLED Cybersecurity Threats in 2025: What You Need to Know to Stay Ahead
While digital transformations have given state, local, and education (SLED) organizations unprecedented operational flexibility, threat actors are looking to exploit their new vulnerabilities. A virtual frontline has formed, and cybersecurity measures must defend against a rising tide of cyber threats. Ransomware attacks, phishing schemes, IoT vulnerabilities, and more make it imperative that SLED organizations’ leadership… Continue reading SLED Cybersecurity Threats in 2025: What You Need to Know to Stay Ahead
A resilient and compliant digital infrastructure is the gateway to smooth airport operations.
After a compliance audit revealed that an international airport on the East Coast had no cybersecurity policies or measures in place, the organization chose Assura to address the situation. Our team developed suitable protocols and then built out the cybersecurity program using our fractional CISO service. Following the project’s completion, we maintained our relationship with… Continue reading A resilient and compliant digital infrastructure is the gateway to smooth airport operations.
Cyber Heads Up: Tenable Plugin Update Causes Agents to Disconnect from Cloud Console (Read for Fix)
Overview: We hope you had a fantastic holiday! Unfortunately, the Grinch might have left one last surprise for us – Tenable has identified a critical issue affecting Nessus Agent versions 10.8.0 and 10.8.1, causing some headaches for vulnerability management teams. A recent plugin update has rendered these agents offline and unresponsive, halting vulnerability scans on… Continue reading Cyber Heads Up: Tenable Plugin Update Causes Agents to Disconnect from Cloud Console (Read for Fix)
Top Cybersecurity Compliance Issues Businesses Face Today
As organizations increasingly rely on digital infrastructure, the stakes have never been higher. Cybersecurity compliance is necessary to safeguard sensitive data, maintain customer trust, and avoid costly fines. With a constantly shifting threat landscape, evolving regulations, and the rise of new technologies, businesses must prioritize cybersecurity posture improvement to stay ahead of the curve. Assura… Continue reading Top Cybersecurity Compliance Issues Businesses Face Today
How SLED Organizations Can Enhance Cybersecurity Compliance Before Year-End
As the year comes to a close, State, Local, and Education (SLED) organizations must resharpen their focus on strengthening their cybersecurity defenses. With the growing complexity of cyber threats and the need to safeguard valuable data, it’s vital for SLED organizations to stay ahead of risks. Cybersecurity compliance consulting services offer guidance in navigating state… Continue reading How SLED Organizations Can Enhance Cybersecurity Compliance Before Year-End
Podcast Episode 21: Interview with the University of Richmond’s CTF Winning Team
What happens when passion, talent, and opportunity collide in the university’s tech scene? Meet David Nathanson and Daniel Garay, the freshmen duo who took the University of Richmond’s Capture the Flag (CTF) competition by storm. With Daniel bringing his coding journey from Nicaragua and David harnessing his self-taught skills in AI and machine learning, they crafted… Continue reading Podcast Episode 21: Interview with the University of Richmond’s CTF Winning Team
Phishing Campaign Installs Backdoor-Loaded VM to Evade Antivirus and Harvest Credentials
Overview Assura, Inc. has been made aware of this attack pattern, has taken steps to detect it in our managed services, and is following the attack in the blogs of security researchers who found this campaign. A recent phishing attack campaign has attackers installing a virtual machine (VM) on your Windows system, prebuilt with backdoors… Continue reading Phishing Campaign Installs Backdoor-Loaded VM to Evade Antivirus and Harvest Credentials