Category: Cyber Heads-up

TL;DR Cisco issued a Field Notice on February 21, 2022 warning customers of its FirePOWER Services Software for ASA, FirePOWER Threat Defense (FTD) Software, and Firepower Management Center Software that the root certificate that signed the TLS certificate for security intelligence updates by its Talos group is being decommissioned and will be replaced on March… Continue reading Cisco Issues Field Notice to Firepower Customers – May Lose Talos Security Intelligence Updates

TL;DR Russian state sponsored threat actors are using malicious Microsoft Office documents with remote macros to compromise Ukrainian targets. With tensions between Russia and Ukraine at a boiling point, we would not be surprised if these attacks to pivot to U.S. targets in critical sectors once sanctions are imposed against Russia by western nations. This… Continue reading Highly Effective Russian Phishing Campaigns Against Ukraine May Pivot to U.S. Targets

December 20, 2021: A new Denial of Service vulnerability was announced over the weekend by The Apache Foundation. They now recommend that software vendors and IT departments use version 2.17.0. This means that systems that were patched as of Friday, December 17, 2021 may need to have another patch applied. Assura continues to recommend following… Continue reading Update 2: Severe Zero-Day Vulnerability in Apache Log4j Package Hits the World

Overview Recently, researchers at the University of Cambridge published a paper detailing how obfuscation techniques can be used to inject malicious code into source code prior to compilation. Depending on the compiler, the malicious source code would be hidden from the user’s view, yet still successfully compiled into the software resulting in a trojan horse… Continue reading TrojanSource – Why The Threat Is Real But The World Isn’t On Fire

TL;DR No, it’s not a new Dr. Seuss story – it’s a recently discovered zero-day exploit (CVE-2021-36934, known as HiveNightmare or SeriousSam) that allows an attacker to read the contents of a Security Account Manager (SAM) file on Windows 10 and 11 systems with non-administrator user privileges. In the Assura’s Take section, we provide two… Continue reading I do not like HiveNightmare, SeriousSam. I do not like it here or there. I do not like it anywhere!

TL;DR There is a Windows vulnerability that uses Print Spooler to gain remote code execution on devices. In the Assura’s Take section, we offer three mitigation options: 1. Disable the print spooler service, 2. Apply an ACL to restrict print driver installation/upgrades. 3. Disable remote connections to the Print Spooler. Overview Recently, the security research… Continue reading Windows Print Spooler “PrintNightmare” Vulnerability, Exploits

TL;DR A supply chain exploit of Kaseya’s VSA Remote Management service puts customers of managed service providers (MSPs) using this tool at risk of REvil ransomware.  Assura recommends anyone using Kaseya VSA to follow Kaseya guidance on server hardening when available, and also download and run the indicator of compromise (IOC) scanning tool linked below… Continue reading Kaseya’s VSA Supply Chain Ransomware

It’s been quite a few months in the cyber security world, and last week was no exception with two major vulnerabilities concerning Verkada cameras and Windows DNS servers. Both vulnerabilities are unpacked in the below CHU alerts! Alert 1: Verkada Cameras Hacked, Leads to Network Compromise of Cloudflare, Tesla, and more Overview On March 9,… Continue reading Verkada Cameras Hacked and New Microsoft DNS Server Vulnerability

Overview On March 4, 2021 we posted a Cyber Heads-Up article titled, “Chinese State-Sponsored Group HAFNIUM Exploiting Exchange Zero-Day Vulnerabilities – PATCH NOW”. Today, we are revisiting this attack campaign with updates about what Assura and other security firms are seeing during response efforts. If you are just hearing about the HAFNIUM campaign, please refer… Continue reading Update to HAFNIUM/Microsoft Exchange Server zero-day vulnerabilities

Overview Microsoft recently released out-of-band security updates to address four new vulnerabilities in Exchange Server (on-premises). The series of exploits is actively being used by malicious actors to steal emails and compromise internal networks. What Do We Know About This Attack? The Microsoft announcement contains four new vulnerabilities, which when chained, together have glaringly evil results. Let’s… Continue reading Chinese State Sponsored Group HAFNIUM Exploiting Exchange Zero-Day Vulnerabilities – PATCH NOW