Security Advisory Alerts & Notifications

What's in the news

December 22, 2021

The Log4j vulnerability that we posted about earlier this month continues to pose a major risk for many organizations. Due to the nature of this vulnerability, your greatest risk likely comes through any vendor that provides software to your organization. If you have not already discussed this vulnerability with each of your vendors and confirmed that their patches are up to date, do so immediately.
 
In addition, you should discuss your exposure level with your IT provider, to determine any potential points of attack on your network. Mytech is working behind the scenes to catalogue and track security updates from our clients’ vendors, to help us quickly assess any remaining risks. But the threat of this attack remains high, and your IT provider cannot defend you from vendor vulnerabilities that they don’t know about.

December 14, 2021

Over the weekend, you may have heard about the Log4j RCE or CVE-2021-44228 vulnerability. This Java logging package is used in a significant variety of software, so this vulnerability poses a serious cybersecurity threat to unpatched systems. A patch for CVE-2021-44228 has been released – however, due to the nature of this tool, there is no global patch that can be pushed to all instances at once: each vendor that uses Log4j must individually patch their specific software.  

October 25, 2021

You may have heard about the recent cyberattack activity from Russian actor Nobelium, a nation-state group that was responsible for the SolarWinds breach of 2020. Experts in the cybersecurity industry expect these attacks to continue, so awareness and diligence in preventing phishing attacks and breaches is crucial – for both managed services providers like Mytech, as well as each of our end users.

RSS Most Recent
  • Security Alert: Critical Log4j Vulnerability December 14, 2021
    Update 12.22.21. This vulnerability continues to pose a major risk for many organizations. Due to the nature of this exploit, your greatest risk likely comes through any vendor that provides software to your organization. If you have not already discussed this vulnerability with each of your vendors and confirmed that their patches are up to […]
  • Security Alert: Phishing Risks from Threat Actor Nobelium Remain High October 25, 2021
    You may have heard about the recent cyberattack activity from Russian actor Nobelium, a nation-state group that was responsible for the SolarWinds breach of 2020. Experts in the cybersecurity industry expect these attacks to continue, so awareness and diligence in preventing phishing attacks and breaches is crucial – for both managed services providers like Mytech, […]
  • Security Alert: Exploit for Malicious Microsoft Office Attachments September 10, 2021
    You may have heard about the recently-announced security vulnerability that makes use of malicious code embedded in Microsoft Office documents. This exploit is possible if a user opens or even previews the malicious document in Outlook or Windows Explorer, and can grant an attacker significant access to the user’s network and privileges to cause further harm.
  • PrintNightmare Vulnerability in Majority of Windows Devices July 7, 2021
    UPDATE – July 7 @ 11:45am: Microsoft has now published a patch to mitigate this vulnerability, and Mytech is already working on deploying it to our clients as securely and non-disruptively as possible. Further information about this process has been emailed out to our clients. If you experience any issues or have questions about this […]
  • Kaseya VSA Attack: Why Mytech Isn't Affected, What We're Doing Anyway July 6, 2021
    You may have seen the news about a supply-chain ransomware attack on Kaseya which affected numerous businesses over the holiday weekend. The targeted company, Kaseya, provides tools to Managed Services Providers (MSPs) like Mytech. One of these tools, “Kaseya VSA,” was recently compromised by an international cybercrime organization, then used to attack roughly 60 MSPs […]
  • Security Alert: Critical Vulnerability in Microsoft Exchange March 3, 2021
    Microsoft recently announced the discovery of a critical exploit in its Exchange Server products: these vulnerabilities are simple for attackers of any sophistication level to exploit. Microsoft has advised any organizations that use on-premise Exchange servers, or have servers with “OWA” websites open to the internet for any reason, to deploy these patches immediately, as well […]
  • Security Alert: Sophisticated Cybersecurity Attacks on US Healthcare Industry October 29, 2020
    The FBI, the Department of Homeland Security, and (unusually) the Department of Health and Human Services recently released a joint advisory warning of an imminent, credible threat to the cybersecurity of US healthcare institutions. Based on information discovered in the past several days, this attack is expected to come from an established cybercriminal group in Russia, which is preparing to attack hundreds of US targets […]
  • Hackers Actively Targeting Managed Service Providers (MSPs) July 18, 2019
    It’s all over the news.  Hackers are actively targeting managed service providers (MSPs) in an attempt to simultaneously infect all of their clients with ransomware or malware. 

Join our email group

Subscribe to receive industry updates, best practices articles, invites to in-person events, webinars, and more!

Does your security strategy presume breach?

With our philosophy of “presume breach” sophisticated threats like these are mitigated by the security measures we deploy through our SmartBusiness Suite, which can detect pre-attack network changes and prevent the call-and-response tactics that allow further access into a network.