IT Security Alerts to Keep an Eye On: Spring4Shell, Citrix CVEs, iManage Certificate Expirations (April 2022)

Managing your IT has become complex – contact Cornerstone.IT and learn how our Managed Services can help support the health of your network. IT Security Alerts to Keep an Eye On: Spring4Shell, Citrix CVEs, iManage Certificate Expirations April 13, 2022 Contact Cornerstone The following alerts were issued — (click or tap to expand) Spring4Shell Spring4Shell critical security alert – targeting Java Script FrameworkSome products being affected: CitrixCiscoVMware Citrix Security Advisory – Multiple CVE Citrix StoreFront [...]

IT Security Alerts to Keep an Eye On: Spring4Shell, Citrix CVEs, iManage Certificate Expirations (April 2022)2022-04-13T08:16:59-04:00

Security Advisory:  VMware ESXi, Workstation and Fusion –Multiple vulnerabilities

Security Advisory: Multiple vulnerabilities in VMware ESXi, Workstation, and Fusion were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.

Security Advisory:  VMware ESXi, Workstation and Fusion –Multiple vulnerabilities2022-12-13T16:29:59-05:00

iManage Security Vulnerability due to third-party Apache component Log4j

If not mitigated, potential remote exploits to an Apache component called Log4J can be executed by a malicious attacker. This vulnerability is known worldwide as CVE-2021-44228. Check this iManage Security Advisory.

iManage Security Vulnerability due to third-party Apache component Log4j2022-12-13T14:54:40-05:00

Alert: Third-party Security Vulnerability Affects On-Premises versions of iManage Systems (Apache)

The iManage Security team identified a vulnerability affecting on-premises versions of iManage products. It is an exploit targeting the Apache HTTP Server which if not mitigated, can be exploited under certain conditions.

Alert: Third-party Security Vulnerability Affects On-Premises versions of iManage Systems (Apache)2022-12-13T14:57:01-05:00

Alert: VMware vCenter Server Privilege Escalation Vulnerability

VMware has investigated and confirmed possible exploits that can be performed by a malicious attacker using “privileged account escalation” method. Learn how to mitigate with the provided remediation tasks.

Alert: VMware vCenter Server Privilege Escalation Vulnerability2022-12-13T15:37:35-05:00

Microsoft Exchange Server Vulnerabilities On-Premises & Hybrid

Microsoft released patches and fixes during this week’s November Patch Tuesday. The report identified 55 vulnerabilities on Microsoft Windows, including on-premises (locally installed) products such as Microsoft Office (Microsoft Excel), Microsoft Edge browser and - most importantly - Microsoft Exchange.

Microsoft Exchange Server Vulnerabilities On-Premises & Hybrid2022-12-13T16:31:49-05:00

Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP Edition – Unauthenticated Denial of Service

Ask us how we can help secure your environment with the top 10-12 security enhancements every firm should have.  #ManagedServices Alert: Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP Edition - Unauthenticated Denial of Service November 9, 2021 Severity: Critical Contact Us Issue / Vulnerability Unauthenticated denial of service and temporary disruption of services. Citrix has published a discovered vulnerability on Citrix ADC, Citrix Gateway and Citrix SD-WAN WANOP Edition devices that could result in possible [...]

Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP Edition – Unauthenticated Denial of Service2022-12-13T16:32:14-05:00

Nobelium – Targeting CSPs, MSPs, & Other IT Service Providers

You may recall Nobelium from the infamous software supply chain attack on SolarWinds in 2020 that enabled bad actors access to various US government computers. Nobelium has been busy replicating its success on new prey: CSPs (Cloud Service Providers), MSPs (Managed Services Providers), and other IT service providers.

Nobelium – Targeting CSPs, MSPs, & Other IT Service Providers2021-11-19T08:37:39-05:00