Prime Care Tech Office of Compliance


Recent posts by Prime Care Tech Office of Compliance

4 min read

[Security Tip] Recent Threats Summarized for Aug to Oct 2022

By Prime Care Tech Office of Compliance on Fri, Nov 04, 2022 @ 04:49 PM

Each week our security team tracks threats, vulnerabilities, and patches announced by leading IT experts and vendors to ensure we prioritize, address, and communicate them to our managed IT services clients.

Below you'll find our recap of events they addressed in the last few months. To check previous reports, see 2022 Security Threats.

If you're not a client, make sure your team knows about these security events, as well as future ones. Just click below to sign up. 

KEEP ME UPDATED

High Impact

Company/Source Product Type
Microsoft Multiple Security updates (Aug, Sep, Oct 2022)
Microsoft Microsoft Exchange Server 2013, 2016, and 2019 Mitigations for zero-day vulnerabilities exploited in the wild
VMware vSphere Guidance for VirtualPITA, VirtualPIE, and VirtualGATE Malware Targeting

 

Medium Impact

Company/Source Product Type
Adobe Acrobat and Reader Security updates (Aug & Sep 2022
Meta Platforms WhatsApp PuTTY SSH Client used to deploy backdoors and establish communication
Fortinet Multiple Urgent patch for critical auth bypass bug
VMware Multiple Security updates (Aug 2022)

 

Low Impact

Company/Source Product Type
Apple Multiple Security updates (Sep 2022)
Mozilla Firefox, Firefox ESR, and Thunderbird Security updates (Aug & Sep 2022)

 

No Impact on Our Clients/FYI

Company/Source Product Type
Cisco Secure Web Appliance Security updates
Cisco Multiple Security updates (Oct 2022)
Microsoft Endpoint Configuration Managers Out-of-band security update
Mozilla Thunderbird Security updates (Sep & Oct 2022)

 

As part of our primeCLOUD services suite, we partner with leading IT vendors to offer security services like ransomware protection, phishing training, multi-factor authorization (MFA), data backup/recovery, and more.

If you're not confident your organization is on top of security threats, vulnerabilities, and patches, it may be time to conduct a cyber security audit.

Conduct Self-Audit Now

Or better, get in touch and let us walk you through critical items for your security checklist.

 

Topics: primeCLOUD cyber security security vulnerabilities security patches security threats
7 min read

[Security Tip] Weekly Threats, Vulnerabilities, and Patches - Sep 27, 2021

By Prime Care Tech Office of Compliance on Mon, Sep 27, 2021 @ 11:50 AM

Does your IT team track reported security threats, vulnerabilities, and patches as often as weekly? We do. In fact, our primeCLOUD customers receive notifications about the impact each week, along with an explanation of how our team is mitigating risk on their behalf. Review last week's summary to understand the potential impacts and interventions. 

Effective Week Ending September 19, 2021

High Impact

Source

Product(s)

Type

Microsoft

NTLM Relay

Mitigation advice for PetitPotam attacks 

AMD Ryzen

Chipset Driver

Patches for security vulnerabilities

 

Medium Impact

Source

Product(s)

Type

Intel

Multiple

Multiple security updates

FBI

n/a

Indicators of compromise associated with Hive ransomware

Google

Chrome

Security updates

Microsoft

Multiple

Mitigation advice and workarounds for zero-day threat CVE-2021-40444

 

Low Impact

Source

Product(s)

Type

ManageEngine

ServiceDesk Plus

Update for remote code execution (RCE) and server-side request forgery (SSRF) vulnerabilities

Pulse Secure

Secure Connect

Security update

 

NOTE: Remediation depends entirely on third-party, sole-source software supplier (Verizon Enterprise Solutions) and new hardware deployment (est. mid-October)

Microsoft

Multiple

Security updates (Aug 2021)

Atlassian

Confluence Server and Data Center

Security updates

Mozilla

Firefox, Firefox ESR, and Thunderbird 

Security updates

Microsoft

Multiple

Security updates (Sep 2021)

 

No Impact

*Prime Care Tech team assessed and determined our clients are not impacted/using product

Source

Product(s)

Type

WordPress

WordPress

Security update

Fortinet

FortiManager
SD-WAN Orchestrator

Patch for improper access control vulnerability

Apple

iOS and iPadOS 14.8

Security updates

SAP

Multiple

Security updates (Sep 2021)

Citrix

ShareFile Storage Zones Controller

Security update

Drupal

n/a

Multiple security updates

Microsoft

Azure Linux Open Mgt Infrastructure

Security update

FBI-CISA-CGCYBER

ManageEngine
ADSelfService Plus

Advisory on advanced persistent threat (APT) exploitation of vulnerability

 

The constantly increasing demands of securing your data against cyber criminals make it challenging to keep up. If you need help staying on top of your game, get in touch.

What's an IT Assessment?

Perhaps someone from your organization could also benefit from these security alerts?

Subscribe a Colleague

Topics: cyber security security vulnerabilities cyber criminals security patches security threats

Featured

Posts by Tag

See all