Code42 response to industry security incidents
Overview
When other security and technology companies disclose breaches and other security events, we often receive questions about whether those incidents affect Code42 products and services. This page provides information about if and how major, widely publicized breaches affect Code42 products and services.
Code42 constantly reviews and analyzes any security incidents that could impact our customers, products, and services. In addition to the list below, there may be other security incidents that we are reviewing. Because security incident details provide sensitive information that could be used maliciously, we are unable to publish information about every incident that other organizations have notified us of.
If a security event affects Code42 products and services, we contact affected customers and issue a security advisory.
If you have questions or concerns, contact our Customer Champions for support.
Industry incidents
Date | Organization / Product | Incident | Code42 impact |
---|---|---|---|
March 10, 2021 | F5 Networks BIG-IP and BIG-IQ | F5 announced 21 CVEs, including four critical vulnerabilities. These vulnerabilities could allow for remote command execution. Alongside disclosure of the vulnerabilities, F5 Networks issued patches for both the BIG-IP and BIG-IQ platforms | Code42 does not use F5 Networks’ BIG-IP or BIG-IQ. There is no known impact to Code42’s products or services as a result of this incident. |
March 8, 2021 | Verkada |
An entity calling itself APT69420 claims to have gained unauthorized global access to Verkada’s security camera and facial recognition system. The third-party was able to view video feeds and facial recognition data for numerous large customers of Verkada’s surveillance system product. This breach was independently verified by Bloomberg and involved access using a super-user account. |
Code42 does not use Verkada. There is no known impact to Code42’s products or services as a result of this incident. |
March 2, 2021 | Microsoft Exchange |
Microsoft announced that hackers working on behalf of the Chinese government were actively exploiting 0-day vulnerabilities in on-premises Microsoft Exchange servers.
Microsoft issued emergency patches and urged all customers with on-premises Exchange to immediately patch their systems.
The Exchange vulnerabilities have been assigned the following CVEs: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065. |
Code42 does not use Microsoft Exchange. There is no known impact to Code42’s products or services as a result of this incident. |
February 1, 2021 | Accellion FTA | Accellion identified a concerted cyber-attack against their legacy FTA product. Accellion patched the actively exploited vulnerabilities and worked until January 2021 to identify and patch additional undiscovered vulnerabilities. |
Code42 does not use Accellion technologies. There is no known impact to Code42’s products or services as a result of this incident. |
December 13, 2020 | SolarWinds | Malware inserted into a service that provided software updates for the Orion platform | Code42 does not use SolarWinds Orion. There is no known impact to Code42’s products or services as a result of this incident. |
Related topics
Other resources
- Code42: Security