CISA Releases Advisory About Multifactor Authentication Bypass with Duo — Duo Responds
TL;DR Russian state-sponsored attackers compromised an NGO by exploiting the weak credentials of an inactive user, default settings in the Duo multifactor authentication service, and PrintNightmare to take over the... The post CISA Releases Advisory About Multifactor Authentication Bypass with Duo — Duo Responds appeared first on Assura, Inc ... Read More
UPDATE: NVIDIA Code Signing Certificates Compromised – Temporarily Halt Updates/Installation of NVIDIA Software
Update March 16, 2022: It’s been twelve days since we posted this Cyber Heads-up and this seems to have dropped out of the news and out of discussion. NVIDIA has been... The post UPDATE: NVIDIA Code Signing Certificates Compromised – Temporarily Halt Updates/Installation of NVIDIA Software appeared first on Assura, Inc ... Read More
Assura Continues to Recommend Operation in a “Shields Up” Defensive Posture
TL;DR Earlier in February, the Cybersecurity and Infrastructure Security Agency (CISA) issued a “Shields Up” warning advising American companies to be extra cautious about potential hacking attempts from Russia as... The post Assura Continues to Recommend Operation in a “Shields Up” Defensive Posture appeared first on Assura, Inc ... Read More
Cisco Issues Field Notice to Firepower Customers – May Lose Talos Security Intelligence Updates
TL;DR Cisco issued a Field Notice on February 21, 2022 warning customers of its FirePOWER Services Software for ASA, FirePOWER Threat Defense (FTD) Software, and Firepower Management Center Software that... The post Cisco Issues Field Notice to Firepower Customers – May Lose Talos Security Intelligence Updates appeared first on Assura, ... Read More
Highly Effective Russian Phishing Campaigns Against Ukraine May Pivot to U.S. Targets
TL;DR Russian state sponsored threat actors are using malicious Microsoft Office documents with remote macros to compromise Ukrainian targets. With tensions between Russia and Ukraine at a boiling point, we... The post Highly Effective Russian Phishing Campaigns Against Ukraine May Pivot to U.S. Targets appeared first on Assura, Inc ... Read More
Update 2: Severe Zero-Day Vulnerability in Apache Log4j Package Hits the World
December 20, 2021: A new Denial of Service vulnerability was announced over the weekend by The Apache Foundation. They now recommend that software vendors and IT departments use version 2.17.0.... The post Update 2: Severe Zero-Day Vulnerability in Apache Log4j Package Hits the World appeared first on Assura, Inc ... Read More
I do not like HiveNightmare, SeriousSam. I do not like it here or there. I do not like it anywhere!
TL;DR No, it’s not a new Dr. Seuss story – it’s a recently discovered zero-day exploit (CVE-2021-36934, known as HiveNightmare or SeriousSam) that allows an attacker to read the contents... The post I do not like HiveNightmare, SeriousSam. I do not like it here or there. I do not like ... Read More
