Prime Care Tech Security Team

Prime Care Tech Security Team


Recent posts by Prime Care Tech Security Team

6 min read

[Security Tip] April Security Threats Summarized

By Prime Care Tech Security Team on Sat, May 07, 2022 @ 06:14 PM

Each week our security team tracks threats, vulnerabilities, and patches announced by leading IT experts and vendors to ensure we prioritize, address, and communicate them to our managed IT services clients.

Below you'll find our monthly recap of all events. To check previous reports, see 2022 Security Threats.

If you're not a client, make sure your team knows about these security events, as well as future ones. Just click below to sign up. 

KEEP ME UPDATED

 

High Impact

Company/Source Product Type
Microsoft Remote Procedure Call Runtime Library Security vulnerability
(CVE-2022-26809)

 

Medium Impact

Company/Source Product Type
Google Chrome Security updates
(April 1 and 8)
Microsoft Multiple Security updates
(April  2022)
Mozilla Firefox and Firefox ESR Security updates
(April 8)

 

Low Impact

Company/Source Product Type
Apple Multiple Security updates

 

No Impact to Our Clients/FYI

Company/Source Product Type
Apache Struts 2 Security advisory
Arctic Wolf Multiple Security updates (Download/run Spring4Shell Deep Scan)
Cisco Multiple Security updates
CISA Multiple Security updates
Citrix SD-WAN Products Security updates
Drupal Multiple Security updates
Juniper Networks Multiple Security updates
Oracle Multiple Critical patch update (April 2022)
Spring Spring4Shell and Spring CLOUD Security update for function vulnerabilities
VMware Cloud Director Security updates

 

As part of our primeCLOUD services suite, we partner with leading IT vendors to offer security services like ransomware protection, phishing training, multi-factor authorization (MFA), data backup/recovery, and more.

If you're not confident your organization is on top of security threats, vulnerabilities, and patches, it may be time to conduct a cyber security audit.

Conduct Self-Audit Now

Or better, get in touch and let us walk you through critical items for your security checklist.

Topics: primeCLOUD cyber security security vulnerabilities cyber criminals security patches security threats
5 min read

[Security Tip] March Security Threats Summarized

By Prime Care Tech Security Team on Thu, Mar 31, 2022 @ 04:36 PM

Each week our security team tracks threats, vulnerabilities, and patches announced by leading IT experts and vendors to ensure we prioritize, address, and communicate them to our managed IT services clients.

Below you'll find our monthly recap of all events. If you're not a client, make sure your team knows about these security events, as well as future ones. Just click below to sign up. 

KEEP ME UPDATED

 

High Impact

Nothing new in the high category was reported in March. To check previous reports, see 2022 Security Threats.


Medium Impact

Company/Source Product Type
Microsoft Multiple Security updates (March 2022)
VMware Multiple (ESXi) Security updates

 

Low Impact

Company/Source Product Type
Apple Multiple Security updates
Google Chrome Security updates
Mozilla Multiple Security updates
Mozilla Firefox, Firefox ESR Security updates
OpenSSL Multiple Security updates

 

No Impact to Our Clients/FYI

Company/Source Product Type
Cisco Multiple Security updates
CRI-O Multiple Security updates for Kubernetes
FBI Multiple Compromise indicators for RagnarLocker ransomware
Linux Multiple Dirty Pipe privilege escalation vulnerability
Mozilla VPN Security update
NSA Network infrastructure Security guidance
SAP Multiple Security updates (March 2022)
VMware Multiple Security updates

 

As part of our primeCLOUD services suite, we partner with leading IT vendors to offer security services like ransomware protection, phishing training, multi-factor authorization (MFA), data backup/recovery, and more.

If you're not confident your organization is on top of security threats, vulnerabilities, and patches, it may be time to conduct a cyber security audit.

Conduct Self-Audit Now

Or better, get in touch and let us walk you through critical items for your security checklist.

Topics: primeCLOUD cyber security security vulnerabilities cyber criminals security patches security threats
4 min read

[Security Tip] February Security Threats Summarized

By Prime Care Tech Security Team on Fri, Mar 04, 2022 @ 09:16 AM

Each week our security team tracks threats, vulnerabilities, and patches announced by leading IT experts and vendors to ensure we prioritize, address, and communicate them to our managed IT services clients.

Below you'll find our monthly recap of all events. If you're not a client, make sure your team knows about these security events, as well as future ones. Just click below to sign up. 

KEEP ME UPDATED

 

High Impact

Nothing new in the high category was reported in February. If you missed last month's report, see the January Security Threats Summary.


Medium Impact

Company/Source Product Type
Microsoft Multiple CVE-2022-21882 Win 32k Privilege Escalation Vulnerability
VMware Multiple Security update 3091
VMware Multiple Security update 3104

 

Low Impact

Company/Source Product Type
Zabbix Multiple Front-end authentication bypass and improper access control vulnerabilities

 

No Impact to Our Clients/FYI

Company/Source Product Type
CISA Multiple Industrial control system advisories (Release 18)
CISA Multiple 15 known exploited vulnerabilities added to the catalog
Drupal Multiple Security updates
FBI/USSS U.S. Critical Infrastructure Security advisory -BlackByte Ransomware
Mitsubishi Mitsubishi Electric Factory Automation Engineering Products Update F

 

As part of our primeCLOUD services suite, we partner with leading IT vendors to offer security services like ransomware protection, phishing training, multi-factor authorization (MFA), data backup/recovery, and more.

If you're not confident your organization is on top of security threats, vulnerabilities, and patches, it may be time to conduct a cyber security audit.

Conduct Self-Audit Now

Or better, get in touch and let us walk you through critical items for your security checklist.

Topics: primeCLOUD cyber security security vulnerabilities cyber criminals security patches security threats
2 min read

[Security Tip] Maintain a Strong Security Posture with MFA

By Prime Care Tech Security Team on Tue, Feb 08, 2022 @ 09:52 AM

Introduction

Maintaining a strong security posture means being vigilant and aware of threats and vulnerabilities across the vast Information Technology spectrum. An important security layer to consider is called multi-factor authentication (MFA), also known as two-factor authentication (2FA).

More insurance carriers now require the implementation of MFA before issuing a cyber insurance policy. Depending on the carrier, they may require MFA for just Microsoft 365 Cloud Mail or Exchange OWA mail, or they may extend it to everyone’s login – as well as their devices. 

So, what is MFA?

MFA protects us from hackers by ensuring that digital users are who they say they are. When MFA is enabled, a user must provide two or more pieces of evidence (or factors) to verify their identity and gain access to an app or digital resource.

There are three main types of MFA authentication methods:

  1. Things only you know (knowledge), such as a password or PIN;
  2. Things only you have (possession), such as a badge, fob, or smartphone; or
  3. Things only you are (inherence), such as a biometric like fingerprints, retina scan, or voice recognition.

Why is MFA important?

MFA makes stealing your information much harder for the average criminal. The less enticing or harder to access your data it is, the more likely threat actors will choose someone else to target.

As the name implies, MFA blends at least two separate factors to verify it's actually you requesting access to your data. So even if a hacker has your user ID and password, MFA will require the entry of one more piece of information before granting access. It is a simple but powerful method to add a layer of extra protection so only authorized users access your data.

How do I obtain MFA?

Various vendors offer MFA. A very common and effective MFA is to use an app loaded on your mobile phone or a key fob. Both receive a random number generated at regular intervals, usually 60 seconds, from the MFA vendor’s random number generator.

When entering your user ID and password to access an application or other digital resource, the last step is to enter the number displayed on the MFA app or key fob. Once you enter the correct number, the authentication process is complete and you have access. 

Wrapping Up

One could look at MFA as peace of mind since it makes hacking into user accounts much more arduous. We partner with best-of-kind MFA vendors if you need our help to get started. 

GET HELP WITH MFA

Topics: primeCLOUD MFA multi-factor authentification security tip
6 min read

[Security Tip] January Security Threats Summarized

By Prime Care Tech Security Team on Thu, Feb 03, 2022 @ 11:50 AM

Each week our security team tracks threats, vulnerabilities, and patches announced by leading IT experts and vendors to ensure we prioritize and address them for our managed IT services clients.

Below you'll find our monthly recap of all events. If you're not a client, make sure your team knows about these security events, as well as future ones. Just click below to sign up. 

KEEP ME UPDATED


High Impact

Company/Source Product Type
VMware Workstation, Fusion, ESXi Security update


Medium Impact

Company/Source Product Type
Adobe Multiple Security updates
CNMF Multiple Malware Disclosure - Iranian APT Muddy Water
McAfee McAfee Agent for Windows Security update
Microsoft Multiple Security Updates (Jan 2022)

 

Low Impact

Company/Source Product Type
Apple iOS and iPad OS Security updates

 

No Impact to Our Clients/FYI

Company/Source Product Type
Apache HTTP Server Security Update
CISA Industrial Control System Advisories
CISA Multiple Cataloged 4 Known Vulnerabilities
CISA Network Security Infographic: Layering Network Security Through Segmentation
CISA/FBI/NSA U.S. Critical Infrastructure Security Advisory - Russian Cyber Threats
Citrix Hypervisor Security Updates
Citrix Workspace App for Linux Security Updates
Fresenius Kabi Agilia Connect Infusion System (Update A) Advisory
ICS GE Gas Power ToolBoxST Advisory (ICSA-22-025-01)
ICS Mitsubishi Electric MELSEC and MELIPC Series (Update A) Advisory (ICSA-21-334-02) 
Mozilla Firefox, Firefox EST, Thunderbird Security Updates
Samba Multiple Security Updates
VMware Workspace ONE UEM Console Security advisory

 

If you're not confident your organization is on top of weekly security threats, vulnerabilities, and patches, it's time to conduct a cyber security audit. Or better, get in touch so we can walk you through critical items for your security checklist.

Conduct Self-Audit Now

Topics: primeCLOUD cyber security security vulnerabilities cyber criminals security patches security threats

Featured

Posts by Tag

See all