Overview On Monday, January 6, 2020, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) released Alert AA20-006A, warning about potential cyberattacks on U.S. companies by the nation of Iran. The alert includes an overview of the threat profile of Iranian state-sponsored offensive cyber activities, tactics used by Iranian Advanced Persistent Threats… Continue reading DHS Releases Alert for Potential Iranian Cyber Attacks in Response to U.S. Military Strike in Baghdad
Tag: Cyber Heads Up
Vulnerability in Linux “sudo” Command Permits Anyone to Run Commands as Root
OVERVIEW Yesterday (October 14, 2019), a vulnerability was disclosed in the Linux Sudo command (CVE-2019-14287) that permits any user to execute commands as root (the Linux superuser). A very good full analysis of the flaw and how to exploit it is located at https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html. Assura’s Take This is an easy one: update Linux systems so that it uses… Continue reading Vulnerability in Linux “sudo” Command Permits Anyone to Run Commands as Root
New Major Flaw Found in Intel and (Possibly) AMD Processors
Good afternoon – Overview Last night US-CERT (the Department of Homeland Security’s Computer Emergency Response Team) announced the public disclosure by researchers at endpoint security protection company Bitdefender of a new CPU-level information compromise vulnerability. Dubbed “SWAPGS”, the vulnerability is used to execute a “side channel” attack similar to the Spectre vulnerability announced (along with… Continue reading New Major Flaw Found in Intel and (Possibly) AMD Processors
Cyber Heads-Up: Week of July 29th
Good morning! This week, we’ve got a doozie for you. As usual, the bad guys are busy trying to find their next way into a system they don’t belong in. Read on to find out more about them, and our take on what exactly is going on. Alert 1: Microsoft OneNote Audio Note Phishing Emails … Continue reading Cyber Heads-Up: Week of July 29th
Beware Amazon Prime Day Scams
Good morning- Overview Today (Monday, July 15, 2019) marks the start of Amazon Prime Day. Prime Day, which runs through tomorrow is a once-a-year event where Amazon.com places numerous items on sale at steep discounts. It is also a “prime” opportunity for scammers to send phishing emails and perpetrate other scams that can put your… Continue reading Beware Amazon Prime Day Scams
Cyber Heads-up: Week of May 20, 2019
Good morning- Last week was a very active week in the world of cyber threats. Hacked antivirus software vendors, Microsoft’s unusual release of a security patch for Windows XP, Linux Kernel zero-day, WhatsApp being used to deliver spyware, Google issuing a recall on its Titan security keys, and the SHA-1 hash is officially dangerous. We’ll… Continue reading Cyber Heads-up: Week of May 20, 2019
New MegaCortex Ransomware Leverages Existing Malware Infections
Good morning- Overview Sophos is reporting a sudden spike in a ransomware strain that it disclosed back in March of this year. Dubbed “MegaCortex”, the ransomware appears to be injected through the Emotet and Qbot (aka Qakbot) malware. Both of these malware families have the ability to serve as a delivery mechanism for other malware.… Continue reading New MegaCortex Ransomware Leverages Existing Malware Infections
Assura Awarded IT Security Contract with Metropolitan Washington Airports Authority
I am proud to announce that the Metropolitan Washington Airports Authority (MWAA) has awarded contract SC-18-01022 to Assura for IT Security services. The contract provides the Authority, which operates Washington Dulles International Airport (KAID), Reagan National Airport (KDCA), and the Dulles Toll Road with access to Assura’s wide range of expert cyber security services. This contract is also open for use… Continue reading Assura Awarded IT Security Contract with Metropolitan Washington Airports Authority