Security Advisory Alerts & Notifications

What's in the news

FortiOS devices under active exploit

December 12, 2022

Fortinet has just announced that firewall devices running versions of its FortiOS operating system are under active exploit: CVE-2022-42475 allows an unauthenticated attacker to remotely access admin controls from outside the network, posing a serious security threat to unpatched devices. 

Fortinet has already released patches that will eliminate the vulnerability…[read more]

Critical vulnerability in select Fortinet products

October 7, 2022

Fortinet has recently announced a severe vulnerability in certain firewalls and web proxies: CVE-2022-40684 allows an unauthenticated attacker to remotely access admin controls from outside the network, posing a serious security threat to unpatched devices.

Thankfully, the fix is straightforward: the latest released patches for these products will eliminate the exploit. Therefore, patching these devices as quickly as possible should be a priority for any organization that uses them…[read more]

Microsoft Exchange On-Premise Vulnerability

September 30, 2022

A newly-discovered malicious exploit for Microsoft Exchange Servers is drawing attention this week. This exploit allows an authenticated attacker to execute malicious code on a vulnerable on-premise Exchange Server. This vulnerability only exists for on-premise servers: Microsoft Exchange Online servers are not affected. Because the attack requires authentication to get past the “first line of defense,” this vulnerability is serious but not catastrophic.

As always, Mytech is monitoring this situation closely and has already taken steps to protect any of our clients who could be affected by this vulnerability. To stay updated on this and other cybersecurity news, follow this page for further details.

May 31, 2022

A newly-discovered malicious exploit for Microsoft Office files has made headlines over the weekend: the “Follina” MSDT attack uses programs like Microsoft Word to execute malicious code when a prepared file is accessed, allowing an attacker significant access to a device, where they can then deploy further exploits and do even greater damage.

The bad news: this exploit requires user input. The good news: this exploit requires user input! If your team members have experience detecting a phishing attempt, they are well-positioned to stop this attack in its tracks. Please notify your team of this vulnerability for Office files, and remind them that they should never click, open, download, or even preview an email attachment that they were not expecting to receive…[read more]

December 22, 2021

The Log4j vulnerability that we posted about earlier this month continues to pose a major risk for many organizations. Due to the nature of this vulnerability, your greatest risk likely comes through any vendor that provides software to your organization. If you have not already discussed this vulnerability with each of your vendors and confirmed that their patches are up to date, do so immediately.
 
In addition, you should discuss your exposure level with your IT provider, to determine any potential points of attack on your network. Mytech is working behind the scenes to catalogue and track security updates from our clients’ vendors, to help us quickly assess any remaining risks. But the threat of this attack remains high, and your IT provider cannot defend you from vendor vulnerabilities that they don’t know about.
RSS Most Recent
  • Security Alert: Phishing Attacks via QR Code June 27, 2023
    There's recently been an uptick in targeted phishing attacks attempting to steal Microsoft 365 credentials via a unique method - QR codes. We have now seen several organizations receive a version of the message copied below, which impersonates Microsoft 365 using fear-based language and encourages users to scan a QR code with their smartphone camera […]
  • Service Alert: Windows Defender deletes taskbar & desktop shortcuts January 13, 2023
    As you may have seen in the news, this morning a bugged Windows Defender update deleted app shortcuts from some users’ desktops and task bars. Only the shortcuts are deleted: your data and applications are safe. Microsoft has now fixed this issue, but many users are still missing quick access to common apps and tools.
  • Security Alert: FortiOS devices under active exploit December 12, 2022
    Fortinet has just announced that firewall devices running versions of its FortiOS operating system are under active exploit: CVE-2022-42475 allows an unauthenticated attacker to remotely access admin controls from outside the network, posing a serious security threat to unpatched devices.
  • Security Alert: Critical vulnerability in select Fortinet products October 7, 2022
    Fortinet has recently announced a severe vulnerability in certain firewalls and web proxies: CVE-2022-40684 allows an unauthenticated attacker to remotely access admin controls from outside the network, posing a serious security threat to unpatched devices.
  • Security Alert: Phishing vulnerability 'Follina' in Office files May 31, 2022
    A newly-discovered malicious exploit for Microsoft Office files has made headlines over the weekend: the “Follina” MSDT attack uses programs like Microsoft Word to execute malicious code when a prepared file is accessed, allowing an attacker significant access to a device, where they can then deploy further exploits and do even greater damage.
  • Security Alert: Critical Log4j Vulnerability December 14, 2021
    Update 12.22.21. This vulnerability continues to pose a major risk for many organizations. Due to the nature of this exploit, your greatest risk likely comes through any vendor that provides software to your organization. If you have not already discussed this vulnerability with each of your vendors and confirmed that their patches are up to […]
  • Security Alert: Phishing Risks from Threat Actor Nobelium Remain High October 25, 2021
    You may have heard about the recent cyberattack activity from Russian actor Nobelium, a nation-state group that was responsible for the SolarWinds breach of 2020. Experts in the cybersecurity industry expect these attacks to continue, so awareness and diligence in preventing phishing attacks and breaches is crucial – for both managed services providers like Mytech, […]
  • Security Alert: Exploit for Malicious Microsoft Office Attachments September 10, 2021
    You may have heard about the recently-announced security vulnerability that makes use of malicious code embedded in Microsoft Office documents. This exploit is possible if a user opens or even previews the malicious document in Outlook or Windows Explorer, and can grant an attacker significant access to the user’s network and privileges to cause further harm.
  • PrintNightmare Vulnerability in Majority of Windows Devices July 7, 2021
    UPDATE – July 7 @ 11:45am: Microsoft has now published a patch to mitigate this vulnerability, and Mytech is already working on deploying it to our clients as securely and non-disruptively as possible. Further information about this process has been emailed out to our clients. If you experience any issues or have questions about this […]
  • Kaseya VSA Attack: Why Mytech Isn't Affected, What We're Doing Anyway July 6, 2021
    You may have seen the news about a supply-chain ransomware attack on Kaseya which affected numerous businesses over the holiday weekend. The targeted company, Kaseya, provides tools to Managed Services Providers (MSPs) like Mytech. One of these tools, “Kaseya VSA,” was recently compromised by an international cybercrime organization, then used to attack roughly 60 MSPs […]

Join our email group

Subscribe to receive industry updates, best practices articles, invites to in-person events, webinars, and more!

Does your security strategy presume breach?

With our philosophy of “presume breach” sophisticated threats like these are mitigated by the security measures we deploy through our SmartBusiness Suite, which can detect pre-attack network changes and prevent the call-and-response tactics that allow further access into a network.