Skip to main content

Who is this article for?
Find your product plan in the Code42 console on the Account menu.

Incydr Professional and Enterprise
Incydr Basic and Advanced
Other product plans

Incydr Professional and Enterprise, yes.

Incydr Basic and Advanced, yes.

CrashPlan Cloud, yes.

Other product plans, yes.

CrashPlan for Small Business, yes.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Code42 response to industry security incidents

Overview

When other security and technology companies disclose breaches and other security events, we often receive questions about whether those incidents affect Code42 products and services. This page provides information about if and how major, widely publicized breaches affect Code42 products and services.

Code42 constantly reviews and analyzes any security incidents that could impact our customers, products, and services. In addition to the list below, there may be other security incidents that we are reviewing. Because security incident details provide sensitive information that could be used maliciously, we are unable to publish information about every incident we review.

If a security event affects Code42 products and services, we contact affected customers and issue a security advisory

If you have questions or concerns, contact our Customer Champions for support.

Industry incidents 

Date Organization / Product Incident Code42 impact
July 2, 2021 Kaseya VSA remote management service

Kaseya was struck by a ransomware attack, which spread to an estimated 1,500 businesses around the world. It is believed that attackers exploited a zero-day vulnerability in the Kaseya VSA remote management service, which the company says is used by 35,000 customers. 

Code42 does not use Kaseya products. There is no known impact to Code42’s products or services as a result of this attack.
June 30, 2021 Microsoft Windows Print Spooler service

A vulnerability (CVE-2021-34527) in the Microsoft Windows Print Spooler service, known colloquially as PrintNightmare, allows an attacker to remotely execute code with system level privileges. A threat actor exploiting this vulnerability can compromise the entire identity infrastructure of a targeted organization.

 

References:

Code42 products are not vulnerable to this threat. If you are a Code42 customer, your Code42 environment is not affected.

 

However, Code42 does use affected Microsoft Windows technology in our internal corporate environment. We have taken the appropriate steps to mitigate this vulnerability.

 

Between June 30 and July 9, Code42 took the following actions:   

  • June 30 - Disabled Print Spooler functionality where possible on impacted devices, including putting in place file system access restrictions for one server where the spooler service was operationally necessary
  • July 6 - Updated system monitor configurations and logging
  • July 8 - Applied Microsoft patches 
  • July 9 - Configured registry settings via group policy for disabling point and print
April 20, 2021 Pulse Connect Secure (PCS 9.0R3 and higher)

A vulnerability was discovered in Pulse Connect Secure (PCS). This vulnerability includes an authentication bypass vulnerability that can allow an unauthenticated user to perform remote arbitrary file execution on the Pulse Connect Secure gateway.

Code42 does not use Pulse Connect Secure. There is no known impact to Code42’s products or services as a result of this vulnerability disclosure.
April 20, 2021 SonicWall Email Security

Three zero-day vulnerabilities in SonicWall’s Email Security (ES) product were found exploited in the wild. These vulnerabilities were executed together to obtain administrative access and carry out code execution on a SonicWall ES device. 

Code42 does not use SonicWall Email Security. There is no known impact to Code42’s products or services as a result of this vulnerability disclosure.
March 10, 2021 F5 Networks BIG-IP and BIG-IQ F5 announced 21 CVEs, including four critical vulnerabilities. These vulnerabilities could allow for remote command execution. Alongside disclosure of the vulnerabilities, F5 Networks issued patches for both the BIG-IP and BIG-IQ platforms Code42 does not use F5 Networks’ BIG-IP or BIG-IQ. There is no known impact to Code42’s products or services as a result of this incident.
March 8, 2021 Verkada

An entity calling itself APT69420 claims to have gained unauthorized global access to Verkada’s security camera and facial recognition system. The third-party was able to view video feeds and facial recognition data for numerous large customers of Verkada’s surveillance system product. This breach was independently verified by Bloomberg and involved access using a super-user account.

Code42 does not use Verkada. There is no known impact to Code42’s products or services as a result of this incident.
March 2, 2021 Microsoft Exchange

Microsoft announced that hackers working on behalf of the Chinese government were actively exploiting 0-day vulnerabilities in on-premises Microsoft Exchange servers.

 

Microsoft issued emergency patches and urged all customers with on-premises Exchange to immediately patch their systems.

 

The Exchange vulnerabilities have been assigned the following CVEs: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858CVE-2021-27065.

Code42 does not use Microsoft Exchange. There is no known impact to Code42’s products or services as a result of this incident.
February 1, 2021 Accellion FTA Accellion identified a concerted cyber-attack against their legacy FTA product. Accellion patched the actively exploited vulnerabilities and worked until January 2021 to identify and patch additional undiscovered vulnerabilities.

Code42 does not use Accellion technologies. There is no known impact to Code42’s products or services as a result of this incident.

December 13, 2020 SolarWinds Malware inserted into a service that provided software updates for the Orion platform Code42 does not use SolarWinds Orion. There is no known impact to Code42’s products or services as a result of this incident.

Other resources

  • Was this article helpful?