Each week our security team tracks threats, vulnerabilities, and patches announced by leading IT experts and vendors to ensure we prioritize and address them for our managed IT services clients. Below you'll find our monthly recap of all events. If you're not a client, make sure your team knows about these security events, as well as future ones.
High Impact
Company/Source | Product | Type |
Apache | Log4j | New release (v2.15.0) for critical RCE vulnerability under exploitation Note: While our apps do not use, we continue to review our systems and assist primeCLOUD clients with other/impacted apps. |
Zoho | ManageEngine Desktop Central & Desktop Central MSP | Security advisory |
Medium Impact
Company/Source | Product | Type |
Chrome | Security updates | |
Microsoft | Multiple | Security updates |
VMware | n/a | Security update |
Low Impact
Company/Source | Product | Type |
Apple | Multiple | Security update |
Mozilla | Firefox, Firefox ESR, and Thunderbird | Security updates |
No Impact to Our Clients/FYI
Company/Source | Product | Type |
Adobe | Multiple | Security updates |
Apache | HTTP Server | Server-side request forgery (SSRF) - CVE-2021-40438 |
CISA | Hillrom Welch Allyn Cardiology Products | Security advisory |
CISA | WebHMI | Security advisory of vulnerabilities |
CISA/FBI | Zoho ManagedEngine ServiceDesk Plus | Alert on active exploitation - CVE-2021-44077 |
CISA/NSA | 5G Cloud Infrastructures | Guidance on securing |
ManageEngine | ADSelfService Plus | APT exploitation |
MikroTik | RouterOS | Directory traversal vulnerability - CVE-2018-14847 |
Mozilla | Network Security Services | Security updates |
Qualcomm | Multiple Chipsets | Improper input validation vulnerability - CVE-2020-11261 |
SAP | Multiple | Security updates (Dec) |
SonicWall | SMA 100 Series Appliances | Security advisory |
Zoho | ManagedEngine ServiceDesk | Authentication bypass vulnerability - CVE-2021-37415 |
Zoho | ManagedEngine ServiceDesk Plus | Remote code execution - CVE-2021-44077 |
If you're not confident your organization is on top of weekly security threats, vulnerabilities, and patches, it's time to conduct a cyber security audit. Or better, get in touch so we can walk you through critical items for your security checklist.