Author: Leila Sharma

CISA Alert on Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments

Leila Sharma

CISA (Cybersecurity & Infrastructure Security Agency) has issued a companion alert to AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical  Infrastructure and Private Sector Organizations. This alert focuses on activity that CISA attributes to attack vectors other than SolarWinds Orion.    What CISA Has Seen: An APT (advanced persistent threat) actor using compromised applications in […]

Update: SolarWinds & More

Leila Sharma

For an update on the recent APT nation state attack that compromised Solarwinds, please see the following INFOSEC article, Cybersecurity Weekly: New SolarWinds backdoor found, affects MicroSoft & VMWare.   CISA (The Cybersecurity & Infrastructure Security Agency) has also issued: CISA Insights: What Every Leader Needs to Know About The Ongoing APT Cyber Activity and has […]

NSA Releases Advisory on Detecting Abuse in Authentication Mechanisms

Leila Sharma

In response to the attempts of malicious actors to access/collect protected data via abuse of federated authentication environments, the NSA has issued an advisory entitled “Detecting Abuse in Authentication Mechanisms“. The advisory details two sets of known TTPs (tactics, techniques & procedures) that malicious actors are using to gain access to networks and cloud resources, […]

CISA Reports APT Compromise of Government Agencies, Critical Infrastructure & Private Sector Organizations

Leila Sharma

The Cybersecurity Infrastructure Agency (“CISA”) has issued a report stating that they are aware of compromises of U.S. government agencies, critical infrastructure entities and the private sector organized by an advanced persistent threat (“APT”) nation-state actor dating back to March of this year. Please see the above-referenced report for a list of SolarWinds affected products, […]

Update: SolarWinds Exploit

Leila Sharma

As an update to our blog post, SolarWinds Software is Being Actively Exploited, SolarWinds has issued an advisory today in which they ask customers who are using affected products listed in conjunction with: Orion Platform v2020.2 with no hotfix or 2020.2 HF 1 to upgrade to Orion Platform version 2020.2.1 HF 2 and Orion Platform […]

NYU Multi-Factor Authentication – Use Duo Push!

Leila Sharma

Use Duo Push As you may know, Duo is an app that can be used when authenticating to NYU-NET. Not only is Duo Push the most secure way to use NYU Multi-Factor Authentication (MFA), it’s easy to switch!  Here’s how. Learn More and Get Help To learn more about MFA, see these MFA knowledge articles. […]

SolarWinds Software is Being Actively Exploited

Leila Sharma

Active exploitation, possibly dating back to the Spring of this year, in the form of a global intrusion campaign directed at the SolarWinds Orion Platform, software versions 2019.4 HF5 through 2020.2 (with no hotfix installed), and 2020.2 HF1 has been reported by SolarWinds and FireEye.   The victims appear to be numerous public and private organizations […]

VMWare Vulnerabilities Are Being Actively Exploited

Leila Sharma

As an update to our blog post FireEye Red Team Tools Hacked, the NSA has issued a Cybersecurity Advisory stating that state sponsored actors are exploiting a vulnerability in VMWare Access and VMware Manager, which allows malicious actors to access protected data and to abuse federated authentication. This vulnerability, tracked as CVE-2020-4006, has been patched […]

FireEye Red Team Tools Hacked

Leila Sharma

FireEye, a top cybersecurity company, which is involved in the detection and prevention of cyber attacks and cybersecurity related assessments around the world has announced that its Red Team tools have been hacked, and that a nation state actor is responsible.   Red Team tools are designed to mimic the tactics of malicious actors and are […]

Zoom Phishing Alert

Leila Sharma

The Better Business Bureau has issued an alert regarding Zoom related phishing, in which malicious actors seek to deploy malware or steal your credentials via bogus Zoom notifications and invitations.  How the scam works:  You may receive an email, text or social media update informing you that your Zoom account has been suspended and to […]