Cybersecurity Threat Advisory: Critical Microsoft Exchange Server Vulnerabilities

As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.

This week there is a new critical alert that requires the mission-critical community’s immediate attention.

Advisory overview

Microsoft released several security updates due to targeted attacks against vulnerabilities found in Microsoft Exchange Server (versions 2013, 2016, and 2019). Though the attacks appear to be limited, Microsoft is urging the immediate updating of all affected systems to mitigate the vulnerabilities and further abuse within networking environments where Exchange servers are being used. Microsoft attributes the activity to a cyberattack group known as “Hafnium.”

Life at MCP: Meet Joe Wheeler, VP of Justice and Courts

Over the last two years, Mission Critical Partners has grown significantly through acquisition, starting with Athena Advanced Networks in 2018, and continuing with Black & Veatch Public Safety and URL Integration last year. Last month, MCP announced its latest acquisition, Seattle-based MTG Management Consultants. The subject-matter experts who are joining MCP will enable us to better serve clients in the public-safety and justice communities by helping them enhance data integration and address their technology challenges.

Cybersecurity Threat Advisory: Critical VMware Vulnerabilities

As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.

Here Are The Biggest Trends Impacting Public Safety Right Now

We surveyed MCP’s subject-matter experts earlier this year on the biggest trends impacting public safety right now, and asked for their insights on what they believe will happen in the near future. Here is what they said:

The Key Buzzword at MCP These Days Is ‘Growth’

Last week, Mission Critical Partners (MCP) announced the acquisition of MTG Management Consultants (MTG), a Seattle-based firm that provides strategy and management services to local, county and state government entities. The acquisition further strengthens MCP’s credentials as the leading provider of consulting services—as well as data-integration, network and cybersecurity solutions—for public safety and justice sector clients.

More on that in a bit—but first, a history lesson that will provide some context for this development.

Cybersecurity Threat Advisory: Apple iOS Zero-Day Vulnerabilities Exploited in Wild

As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.

This week there is a new critical alert that requires the mission-critical community’s immediate attention.

Advisory Overview

Apple announced that it has learned of three zero-day vulnerabilities affecting its iOS (formerly iPhone operating system). One of the vulnerabilities (CVE-2021-1782) affects the system kernel, allowing for privilege escalation; the other two (CVE-2021-1870, CVE-2021-1871) are present within the system’s WebKit Safari browser, allowing for remote code execution (RCE). According to Apple, all vulnerabilities have been patched in iOS 14.4.

Cybersecurity Threat Advisory: Threat Actors Abusing Windows RDP Servers

As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.

This week there is a new critical alert that requires the mission-critical community’s immediate attention.

Advisory Overview

The Remote Desktop Protocol (RDP) service for Microsoft Windows devices operating on User Datagram Protocol (UDP) port 3389 can be used in an amplified attack, potentially resulting a distributed denial of service (DDoS) attack on a target. A system that is involved in, or is the target of, such an attack could experience partial or total degradation in usability. It is recommended that RDP services be available exclusively via virtual private network (VPN) services. If that is impossible, then RDP via UDP port 3389 should be blocked.

Vaccinating 911 Telecommunicators Is a National Imperative

The COVID-19 pandemic has impacted every aspect of life for most Americans and our nation’s emergency responders particularly have been affected by the disease. Like first responders working in the field, 911 professionals (i.e., telecommunicators, aka call-takers and dispatchers) working in public safety communications also have suffered. Many 911 authorities that are already experiencing dramatic staffing shortages are struggling to keep the coronavirus out of their emergency communications centers (ECCs) through the use of masks, social distancing, enhanced cleaning measures, temperature checks, and quarantining measures. 

The Seven Best Cybersecurity Resolutions for the New Year

Cybersecurity continues to be a persistent problem for government agencies, including those operating in the public safety and justice sectors. These entities must be constantly vigilant in their efforts to prevent breaches, a task made incredibly difficult given the ingenuity of cyberattackers, the fact that the number of attacks continues to increase at a dizzying pace, and the reality that attack vectors evolve seemingly by the hour. Nevertheless, while fighting the battle isn’t easy, it is essential.

MCP Makes Best-of-Breed Technology Procurements Easy and Painless

Since the firm’s launching 12 years ago, Mission Critical Partners has participated in hundreds of technology procurements. We are proud that our clients trust the support that we provide. The foundation for that trust can be found in two important factors.

Cybersecurity Advisory: SolarWinds Orion Compromise Updates

As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.

Government and private-sector organizations continue to release updates concerning a variety of topics related to the SolarWinds Orion compromise. In December, SolarWinds Orion, a prominent information technology (IT) monitoring and management solution, was compromised via a backdoor exploit by a sophisticated state-sponsored cyberattacker. The application was discovered to be communicating with unknown third-party servers through traffic deliberately designed to mimic normal activity. This compromise was highly sophisticated and affects many public and private organizations across the world.

In this article, we have provided information regarding several important SolarWinds-related developments.

Be Wary of Using Commercial Broadband Networks for Public Safety Voice

More than ever, broadband communications networks are essential to the public safety and justice communities. Such networks easily transmit highly bandwidth-intensive files, e.g., video and building floor plans, that would choke a narrowband network. Such files enhance situational awareness for incident commanders and other officials—as well as emergency responders and jail/prison officers—by orders of magnitude, which in turn helps them do their jobs better.

But there’s a flip side to broadband communications networks of which the public safety community needs to take seriously. Such networks typically are owned and operated by commercial entities, and because of this public safety agencies that contract for broadband services typically do not receive the performance guarantees and—even more importantly—the visibility into these networks that they’re used to receiving from the networks that they own and operate, for example, their land mobile radio (LMR) systems.

Consequently, public safety agencies should proceed carefully when they consider whether to contract with any commercial entity for broadband services.