4 min read

[Security Tip] February Security Threats Summarized

By Prime Care Tech Security Team on Fri, Mar 04, 2022 @ 09:16 AM

Each week our security team tracks threats, vulnerabilities, and patches announced by leading IT experts and vendors to ensure we prioritize, address, and communicate them to our managed IT services clients.

Below you'll find our monthly recap of all events. If you're not a client, make sure your team knows about these security events, as well as future ones. Just click below to sign up. 

KEEP ME UPDATED

 

High Impact

Nothing new in the high category was reported in February. If you missed last month's report, see the January Security Threats Summary.


Medium Impact

Company/Source Product Type
Microsoft Multiple CVE-2022-21882 Win 32k Privilege Escalation Vulnerability
VMware Multiple Security update 3091
VMware Multiple Security update 3104

 

Low Impact

Company/Source Product Type
Zabbix Multiple Front-end authentication bypass and improper access control vulnerabilities

 

No Impact to Our Clients/FYI

Company/Source Product Type
CISA Multiple Industrial control system advisories (Release 18)
CISA Multiple 15 known exploited vulnerabilities added to the catalog
Drupal Multiple Security updates
FBI/USSS U.S. Critical Infrastructure Security advisory -BlackByte Ransomware
Mitsubishi Mitsubishi Electric Factory Automation Engineering Products Update F

 

As part of our primeCLOUD services suite, we partner with leading IT vendors to offer security services like ransomware protection, phishing training, multi-factor authorization (MFA), data backup/recovery, and more.

If you're not confident your organization is on top of security threats, vulnerabilities, and patches, it may be time to conduct a cyber security audit.

Conduct Self-Audit Now

Or better, get in touch and let us walk you through critical items for your security checklist.

Topics: primeCLOUD cyber security security vulnerabilities cyber criminals security patches security threats
6 min read

[Security Tip] January Security Threats Summarized

By Prime Care Tech Security Team on Thu, Feb 03, 2022 @ 11:50 AM

Each week our security team tracks threats, vulnerabilities, and patches announced by leading IT experts and vendors to ensure we prioritize and address them for our managed IT services clients.

Below you'll find our monthly recap of all events. If you're not a client, make sure your team knows about these security events, as well as future ones. Just click below to sign up. 

KEEP ME UPDATED


High Impact

Company/Source Product Type
VMware Workstation, Fusion, ESXi Security update


Medium Impact

Company/Source Product Type
Adobe Multiple Security updates
CNMF Multiple Malware Disclosure - Iranian APT Muddy Water
McAfee McAfee Agent for Windows Security update
Microsoft Multiple Security Updates (Jan 2022)

 

Low Impact

Company/Source Product Type
Apple iOS and iPad OS Security updates

 

No Impact to Our Clients/FYI

Company/Source Product Type
Apache HTTP Server Security Update
CISA Industrial Control System Advisories
CISA Multiple Cataloged 4 Known Vulnerabilities
CISA Network Security Infographic: Layering Network Security Through Segmentation
CISA/FBI/NSA U.S. Critical Infrastructure Security Advisory - Russian Cyber Threats
Citrix Hypervisor Security Updates
Citrix Workspace App for Linux Security Updates
Fresenius Kabi Agilia Connect Infusion System (Update A) Advisory
ICS GE Gas Power ToolBoxST Advisory (ICSA-22-025-01)
ICS Mitsubishi Electric MELSEC and MELIPC Series (Update A) Advisory (ICSA-21-334-02) 
Mozilla Firefox, Firefox EST, Thunderbird Security Updates
Samba Multiple Security Updates
VMware Workspace ONE UEM Console Security advisory

 

If you're not confident your organization is on top of weekly security threats, vulnerabilities, and patches, it's time to conduct a cyber security audit. Or better, get in touch so we can walk you through critical items for your security checklist.

Conduct Self-Audit Now

Topics: primeCLOUD cyber security security vulnerabilities cyber criminals security patches security threats
6 min read

[Security Tip] December Security Threats Summarized

By Prime Care Tech Security Team on Mon, Jan 10, 2022 @ 10:59 AM

Each week our security team tracks threats, vulnerabilities, and patches announced by leading IT experts and vendors to ensure we prioritize and address them for our managed IT services clients. Below you'll find our monthly recap of all events. If you're not a client, make sure your team knows about these security events, as well as future ones. 

Get Updates


High Impact

Company/Source Product Type
Apache Log4j New release (v2.15.0) for critical RCE vulnerability under exploitation

Note: While our apps do not use, we continue to review our systems and assist primeCLOUD clients with other/impacted apps.
Zoho ManageEngine Desktop Central & Desktop Central MSP Security advisory


Medium Impact

Company/Source Product Type
Google Chrome Security updates
Microsoft Multiple Security updates
VMware n/a Security update

 

Low Impact

Company/Source Product Type
Apple Multiple Security update
Mozilla Firefox, Firefox ESR, and Thunderbird Security updates

 

No Impact to Our Clients/FYI

Company/Source Product Type
Adobe Multiple Security updates
Apache HTTP Server Server-side request forgery (SSRF) - CVE-2021-40438
CISA Hillrom Welch Allyn Cardiology Products Security advisory
CISA WebHMI Security advisory of vulnerabilities
CISA/FBI Zoho ManagedEngine ServiceDesk Plus Alert on active exploitation - CVE-2021-44077
CISA/NSA 5G Cloud Infrastructures Guidance on securing
ManageEngine ADSelfService Plus APT exploitation
MikroTik RouterOS Directory traversal vulnerability - CVE-2018-14847
Mozilla Network Security Services Security updates
Qualcomm Multiple Chipsets Improper input validation vulnerability - CVE-2020-11261
SAP Multiple Security updates (Dec)
SonicWall SMA 100 Series Appliances Security advisory
Zoho ManagedEngine ServiceDesk Authentication bypass vulnerability - CVE-2021-37415
Zoho ManagedEngine ServiceDesk Plus Remote code execution - CVE-2021-44077

 

If you're not confident your organization is on top of weekly security threats, vulnerabilities, and patches, it's time to conduct a cyber security audit. Or better, get in touch so we can walk you through critical items for your security checklist.

Conduct Self-Audit Now

Topics: primeCLOUD cyber security security vulnerabilities cyber criminals security patches security threats
6 min read

[Security Tip] November Security Threats Summarized

By Prime Care Tech Security Team on Thu, Dec 02, 2021 @ 12:51 PM

Each week our security team tracks threats, vulnerabilities, and patches announced by leading IT experts and vendors to ensure we prioritize and address them for our managed IT services clients. If you're not a client, make sure your team knows about these security events from November 2021, as well as future ones.

Subscribe Yourself or Colleague


High Impact

Source Product Type
Citrix n/a Security updates

 

Medium Impact

Source Product Type
VMware n/a Security advisory

 

Low Impact

Source

Product

Type

Apple

iCloud for Windows 13

Security updates

CISA

n/a

Security Advisory - Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities

Cisco

Multiple

Security updates for vulnerabilities

Google

Chrome

Security updates

Mozilla

Firefox, Firefox ESR

Security updates

Samba

n/a

Security updates

 

No Impact to Our Clients/FYI

Source

Product

Type

CISA

n/a

Security Advisory - Multiple Data Distribution Service Implementations

CISA

n/a

Security Advisory - Siemens Nucleus Real-Time OS

Drupal

n/a

Multiple security updates

ManageEngine

ADSelfService Plus

Security researchers alert of active targeting

Palo Alto Networks

PAN-OS

Security updates

SAP

Multiple

Security updates (Nov 2021)

VMware

Tanzu Application Service for VMs

Security update

 

If you're not confident that your organization is on top of weekly security threats, vulnerabilities, and patches, it's time to conduct a cyber security audit.

Conduct Self-Audit Now

Or better, get in touch so we can walk you through the critical items for your security checklist.

 
Topics: primeCLOUD cyber security security vulnerabilities cyber criminals security patches security threats
10 min read

[Security Tip] October's Security Threats Summarized

By Prime Care Tech Security Team on Fri, Oct 29, 2021 @ 02:51 PM

Each week our security team tracks threats, vulnerabilities, and patches announced by leading IT experts and vendors to ensure we prioritize and address them for our managed IT services clients. If you're not a client, make sure your team knows about these security events from October 2021, as well as future ones.

Subscribe Yourself or Colleague


High Impact

Source Product Type
AMD Ryzen Chipset Driver Patches for security vulnerabilities
Microsoft NTLM Relay Mitigation advice for PetitPotam attacks 
ManageEngine ADManager Plus Security fix for critical vulnerability
VMware n/a Security update

 

Medium Impact

Source Product Type
FBI n/a Indicators of compromise associated with Hive ransomware
Google Chrome Security updates
Intel Multiple Multiple security updates
Microsoft Multiple Mitigation advice and workarounds for zero-day threat CVE-2021-40444

 

Low Impact

Source Product Type
Atlassian Confluence Server and Data Center Security updates
ManageEngine ServiceDesk Plus Update for remote code execution (RCE) and server-side request forgery (SSRF) vulnerabilities
Microsoft Multiple Security updates (Aug 2021)
Microsoft Multiple Security updates (Sep 2021)
Mozilla Firefox, Firefox ESR, and Thunderbird  Security updates
Pulse Secure Secure Connect Security update
Cisco Multiple Security Updates
Mozilla Firefox, Firefox ESR Security updates
Adobe Multiple Security Updates 
Apple Multiple Security Update to Address CVE-2021-30883
Microsoft Multiple Security Updates (October 2021)
Google Chrome  v95.0.4638.54 for Windows, Mac, and Linux

 

No Impact

Source Product Type
Apple iOS and iPadOS 14.8 Security updates
Citrix ShareFile Storage Zones Controller Security update
Drupal n/a Multiple security updates
FBI-CISA-CGCYBER ManageEngine ADSelfService Plus Advisory on advanced persistent threat (APT) exploitation of vulnerability
Fortinet FortiManager SD-WAN Orchestrator Patch for improper access control vulnerability
Microsoft Azure Linux Open Mgt Infrastructure Security update
SAP Multiple Security updates (Sep 2021)
WordPress WordPress Security update
CISA/NSA Multiple Guidance on Selecting and Hardening VPNs
Apache HTTP Servers Security update
Apache Server Address vulnerabilities under exploitation
CISA Multiple Security Advisory Honeywell Experion and ACE Controllers
CISA n/a Advisory remote users
Juniper Networks Multiple Security Updates
NSA Multiple Guidance on Avoiding the Dangers of Wildcard TLS Certificates and ALPACA Techniques
U.S. Water and Wastewater Systems Sector Facilities Ongoing Cyber Threats
Apache Tomcat (multiple versions) Security advisory to address vulnerability
Cisco IOS XE SD-WAN Software Security updates to address vulnerability
GPSD  v3.20 (Dec 31, 2019) through v3.22 (Jan 8, 2021) GPS Daemon (GPSD) bug
Oracle Multiple Critical patch update (October 2021) to address vulnerabilities 

 

If you're not confident that your organization is on top of weekly security threats, vulnerabilities, and patches, it's time to conduct a cyber security audit.

Conduct Self-Audit Now

Or better, get in touch so we can walk you through the critical items for your security checklist.

Topics: primeCLOUD cyber security security vulnerabilities cyber criminals security patches security threats
All posts

Featured

Posts by Tag

See all