For an update on the recent APT nation state attack that compromised Solarwinds, please see the following INFOSEC article, Cybersecurity Weekly: New SolarWinds backdoor found, affects MicroSoft & VMWare. CISA (The Cybersecurity & Infrastructure Security Agency) has also issued: CISA Insights: What Every Leader Needs to Know About The Ongoing APT Cyber Activity and has […]
In response to the attempts of malicious actors to access/collect protected data via abuse of federated authentication environments, the NSA has issued an advisory entitled “Detecting Abuse in Authentication Mechanisms“. The advisory details two sets of known TTPs (tactics, techniques & procedures) that malicious actors are using to gain access to networks and cloud resources, […]
The Cybersecurity Infrastructure Agency (“CISA”) has issued a report stating that they are aware of compromises of U.S. government agencies, critical infrastructure entities and the private sector organized by an advanced persistent threat (“APT”) nation-state actor dating back to March of this year. Please see the above-referenced report for a list of SolarWinds affected products, […]
As an update to our blog post, SolarWinds Software is Being Actively Exploited, SolarWinds has issued an advisory today in which they ask customers who are using affected products listed in conjunction with: Orion Platform v2020.2 with no hotfix or 2020.2 HF 1 to upgrade to Orion Platform version 2020.2.1 HF 2 and Orion Platform […]
Use Duo Push As you may know, Duo is an app that can be used when authenticating to NYU-NET. Not only is Duo Push the most secure way to use NYU Multi-Factor Authentication (MFA), it’s easy to switch! Here’s how. Learn More and Get Help To learn more about MFA, see these MFA knowledge articles. […]
Active exploitation, possibly dating back to the Spring of this year, in the form of a global intrusion campaign directed at the SolarWinds Orion Platform, software versions 2019.4 HF5 through 2020.2 (with no hotfix installed), and 2020.2 HF1 has been reported by SolarWinds and FireEye. The victims appear to be numerous public and private organizations […]
As an update to our blog post FireEye Red Team Tools Hacked, the NSA has issued a Cybersecurity Advisory stating that state sponsored actors are exploiting a vulnerability in VMWare Access and VMware Manager, which allows malicious actors to access protected data and to abuse federated authentication. This vulnerability, tracked as CVE-2020-4006, has been patched […]
FireEye, a top cybersecurity company, which is involved in the detection and prevention of cyber attacks and cybersecurity related assessments around the world has announced that its Red Team tools have been hacked, and that a nation state actor is responsible. Red Team tools are designed to mimic the tactics of malicious actors and are […]
The Better Business Bureau has issued an alert regarding Zoom related phishing, in which malicious actors seek to deploy malware or steal your credentials via bogus Zoom notifications and invitations. How the scam works: You may receive an email, text or social media update informing you that your Zoom account has been suspended and to […]