CISA Releases Advisory About Multifactor Authentication Bypass with Duo — Duo Responds

TL;DR Russian state-sponsored attackers compromised an NGO by exploiting the weak credentials of an inactive user, default settings in the Duo multifactor authentication service, and PrintNightmare to take over the environment. The way to protect organizations is to implement good cyber hygiene and modifying a couple of default settings in Duo. Overview On Tuesday, March… Continue reading CISA Releases Advisory About Multifactor Authentication Bypass with Duo — Duo Responds

UPDATE: NVIDIA Code Signing Certificates Compromised – Temporarily Halt Updates/Installation of NVIDIA Software

Update March 16, 2022: It’s been twelve days since we posted this Cyber Heads-up and this seems to have dropped out of the news and out of discussion. NVIDIA has been deafeningly silent about this. Our guidance remains the same. Make sure that your environment is set up to monitor for code signed by these… Continue reading UPDATE: NVIDIA Code Signing Certificates Compromised – Temporarily Halt Updates/Installation of NVIDIA Software

Assura Continues to Recommend Operation in a “Shields Up” Defensive Posture

TL;DR Earlier in February, the Cybersecurity and Infrastructure Security Agency (CISA) issued a “Shields Up” warning advising American companies to be extra cautious about potential hacking attempts from Russia as tensions with the country rise, particularly during the Russia-Ukraine crisis. As the situation since the invasion of Ukraine by Russia on Thursday, February 24th continues to evolve, Assura… Continue reading Assura Continues to Recommend Operation in a “Shields Up” Defensive Posture

Cisco Issues Field Notice to Firepower Customers – May Lose Talos Security Intelligence Updates

TL;DR Cisco issued a Field Notice on February 21, 2022 warning customers of its FirePOWER Services Software for ASA, FirePOWER Threat Defense (FTD) Software, and Firepower Management Center Software that the root certificate that signed the TLS certificate for security intelligence updates by its Talos group is being decommissioned and will be replaced on March… Continue reading Cisco Issues Field Notice to Firepower Customers – May Lose Talos Security Intelligence Updates

Highly Effective Russian Phishing Campaigns Against Ukraine May Pivot to U.S. Targets

TL;DR Russian state sponsored threat actors are using malicious Microsoft Office documents with remote macros to compromise Ukrainian targets. With tensions between Russia and Ukraine at a boiling point, we would not be surprised if these attacks to pivot to U.S. targets in critical sectors once sanctions are imposed against Russia by western nations. This… Continue reading Highly Effective Russian Phishing Campaigns Against Ukraine May Pivot to U.S. Targets

Update 2: Severe Zero-Day Vulnerability in Apache Log4j Package Hits the World

December 20, 2021: A new Denial of Service vulnerability was announced over the weekend by The Apache Foundation. They now recommend that software vendors and IT departments use version 2.17.0. This means that systems that were patched as of Friday, December 17, 2021 may need to have another patch applied. Assura continues to recommend following… Continue reading Update 2: Severe Zero-Day Vulnerability in Apache Log4j Package Hits the World

TrojanSource – Why The Threat Is Real But The World Isn’t On Fire

Overview Recently, researchers at the University of Cambridge published a paper detailing how obfuscation techniques can be used to inject malicious code into source code prior to compilation. Depending on the compiler, the malicious source code would be hidden from the user’s view, yet still successfully compiled into the software resulting in a trojan horse… Continue reading TrojanSource – Why The Threat Is Real But The World Isn’t On Fire

I do not like HiveNightmare, SeriousSam. I do not like it here or there. I do not like it anywhere!

TL;DR No, it’s not a new Dr. Seuss story – it’s a recently discovered zero-day exploit (CVE-2021-36934, known as HiveNightmare or SeriousSam) that allows an attacker to read the contents of a Security Account Manager (SAM) file on Windows 10 and 11 systems with non-administrator user privileges. In the Assura’s Take section, we provide two… Continue reading I do not like HiveNightmare, SeriousSam. I do not like it here or there. I do not like it anywhere!

Windows Print Spooler “PrintNightmare” Vulnerability, Exploits

TL;DR There is a Windows vulnerability that uses Print Spooler to gain remote code execution on devices. In the Assura’s Take section, we offer three mitigation options: 1. Disable the print spooler service, 2. Apply an ACL to restrict print driver installation/upgrades. 3. Disable remote connections to the Print Spooler. Overview Recently, the security research… Continue reading Windows Print Spooler “PrintNightmare” Vulnerability, Exploits

Kaseya’s VSA Supply Chain Ransomware

TL;DR A supply chain exploit of Kaseya’s VSA Remote Management service puts customers of managed service providers (MSPs) using this tool at risk of REvil ransomware.  Assura recommends anyone using Kaseya VSA to follow Kaseya guidance on server hardening when available, and also download and run the indicator of compromise (IOC) scanning tool linked below… Continue reading Kaseya’s VSA Supply Chain Ransomware