TSP Risk Alerts
Here you will find our responses to found vulnerabilities and common security questions
CrowdStrike Falcon Sensor
July 20, 2024
A recent configuration update for CrowdStrike on Windows 10 and later hosts resulted in network outages.
TS Partners does not use CrowdStrike on Windows servers or workstations at its facility. Clients using CrowdStrike may be exposed and require remediation
Snowflake SaaS Data Warehouse
June 11, 2024
Snowflake has reported increased cyber threat activity on its cloud data platform. It is believed to be targeted attacks to obtain customer data but is not caused by any vulnerability.
TS Partners is not a customer of Snowflake and does not use Snowflake services in any area of the TS Partners business including services to Clients.
CVE-2023-34362 MOVEit Zero Day Vulnerability
June 19, 2023
In some versions of Progress MOVEit Transfer, a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer’s database.
TS Partners does not use this software and operations are not affected. No action is required at this time.
CVE-2022-42889 Apache Commons Text RCE via String Interpolation
October 19, 2022
A vulnerability in the Apache Commons Text library indicates that attackers can perform remote code execution (RCE). This new vulnerability is being analyzed currently by NIST and others.
TranStar does not contain an implementation of the Apache Commons Text library, and LinkStar uses an unaffected version. No action is required at this time.
CVE-2022-22965 Spring Framework RCE via Data Binding on JDK 9+
April 11, 2022
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Apache Tomcat as a WAR servlet deployment.
While LinkStar currently utilizes an affected version of the Spring Framework, LinkStar deployments only exist as executable JARs. TS Partners does not distribute WAR deployments of LinkStar.
CVE-2021-34484: Sitel/Sykes breach affecting Okta
March 31, 2022
Sitel, cited a legacy network from its 2021 acquisition Sykes Enterprise as the cause of the security incident that affected access management provider Okta.
Okta revealed that it notified Sitel of the breach on January 20, 2022 and the full report on the incident was not available from Sitel until March. During the intervening period, the extortion group Lapsus$ released data from Okta that was obtained through the compromise of Sitel’s systems.
TS Partners brings this information to client attention as Okta is an enterprise access management provider at a number of organizations.
CISA Alert (AA22-011A) Understanding Russian State-Sponsored Cyber Threats to U.S. Infrastructure
February 21st, 2022
A Joint Cybersecurity Advisory (CSA) has been authored by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) to provide organizations with an overview of Russian state-sponsored cyber operations, tactics, and techniques.
TS Partners has evaluated its environment proactively to ensure potential threats are identified and mitigated.
As background: TS Partners is not an ASP/Service Bureau; TSP does not use cloud, contractors, sub-contractors or other third-parties in the development and support of the application software licensed to clients.
CVE-2021-44228: Apache Log4j Remote Code Execution Vulnerability
December 22nd, 2021
The Apache Software Foundation has released a security advisory to address a remote code execution vulnerability affecting Log4j versions. A remote attacker could exploit this vulnerability to take control of an affected system. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services.
CVE-2020-10148 SolarWinds Orion Supply Chain Attack
December 21st, 2020
On Dec. 12, 2020, FireEye provided information on a widespread attack involving a backdoored component of the SolarWinds Orion platform used by numerous organizations to monitor and manage their IT infrastructures.
FireEye has given the incident an identifier of UNC2452 and the trojanized version of the SolarWinds Orion component is being called “Sunburst.” Microsoft has used the “Solorigate” identifier for the malware and added detection rules to its Defender antivirus. SolarWinds has issued a separate customer advisory for the incident.