Each week our security team tracks threats, vulnerabilities, and patches announced by leading IT experts and vendors to ensure we prioritize and address them for our managed IT services clients. Below you'll find our monthly recap of all events. If you're not a client, make sure your team knows about these security events, as well as future ones.
|Apache||Log4j||New release (v2.15.0) for critical RCE vulnerability under exploitation
Note: While our apps do not use, we continue to review our systems and assist primeCLOUD clients with other/impacted apps.
|Zoho||ManageEngine Desktop Central & Desktop Central MSP||Security advisory|
|Mozilla||Firefox, Firefox ESR, and Thunderbird||Security updates|
No Impact to Our Clients/FYI
|Apache||HTTP Server||Server-side request forgery (SSRF) - CVE-2021-40438|
|CISA||Hillrom Welch Allyn Cardiology Products||Security advisory|
|CISA||WebHMI||Security advisory of vulnerabilities|
|CISA/FBI||Zoho ManagedEngine ServiceDesk Plus||Alert on active exploitation - CVE-2021-44077|
|CISA/NSA||5G Cloud Infrastructures||Guidance on securing|
|ManageEngine||ADSelfService Plus||APT exploitation|
|MikroTik||RouterOS||Directory traversal vulnerability - CVE-2018-14847|
|Mozilla||Network Security Services||Security updates|
|Qualcomm||Multiple Chipsets||Improper input validation vulnerability - CVE-2020-11261|
|SAP||Multiple||Security updates (Dec)|
|SonicWall||SMA 100 Series Appliances||Security advisory|
|Zoho||ManagedEngine ServiceDesk||Authentication bypass vulnerability - CVE-2021-37415|
|Zoho||ManagedEngine ServiceDesk Plus||Remote code execution - CVE-2021-44077|
If you're not confident your organization is on top of weekly security threats, vulnerabilities, and patches, it's time to conduct a cyber security audit. Or better, get in touch so we can walk you through critical items for your security checklist.