Active Incident
Welcome to UTG's tool status site. Please subscribe to updates above to get up to minute alert notifications on any scheduled maintenance activities and/or service interruptions. If you require further assistance, please email us at helpdesk@utgsolutions.com or call us at 678-730-2660

2

Active Incidents

2

Days Since Last Incident

1

Upcoming Maintenances

Incident Status

Security Issue

Components

Security Operations

Locations

Cloud



February 13, 2018 3:20PM EST
[Monitoring] 96% of all entitled customers have been patched. If we are still waiting for a maintenance window from you please get in touch as soon as possible so that we can update your firewall.

February 6, 2018 5:12PM EST
[Monitoring] All customers have been notified of new update. If you have received notice and have not scheduled a time for the update please do so as soon as possible.

February 5, 2018 4:24PM EST
[Monitoring] Cisco has updated the scope and the affected firmware this morning 2/5. All firmware previous to today needs to be patched. We have identified ASA in need of patching and will be in contact again to schedule the updates.

February 2, 2018 5:37PM EST
[Monitoring] All affected REM+ and AIM+ customers have been notified. 88% of all REM+ updates have been scheduled or performed. If you have been contacted for a REM+ firmware update and have not scheduled it with us please get in touch as soon as possible so we may perform the update.

January 31, 2018 1:21PM EST
[Monitoring] UTG is staging software updates for all affected Cisco ASA Firewalls that have the Remote+ service level on an active managed services agreement. UTG is creating a professional services ticket for all clients with AIM+ service levels as firmware upgrades are not included in the agreement for this service level.

January 30, 2018 1:30PM EST
[Identified] Cisco Systems released a patch Monday to fix a critical security vulnerability in its Secure Sockets Layer VPN solution called Adaptive Security Appliance. The vulnerability, according to a Cisco Security Advisory, could allow an unauthenticated and remote attacker to execute remote code on affected devices. The vulnerability impacts nearly a dozen Cisco products ranging from 3000 Series Industrial Security Appliance, ASA 5500-X Series Next-Generation Firewalls and ASA 1000V Cloud Firewall. The bug (CVE-2018-0101) received a CVSS score of 10, the highest you can get. There are no workarounds available for the bug, Cisco said. UTG is urgently moving to apply this patch to all affected systems. More Details: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
VSA Security IncidentSecurity Issue

Incident Status

Security Issue

Components

Kaseya VSA

Locations

Atlanta Data Center



February 19, 2018 12:10PM EST
[Monitoring] We continue to monitor for any updates or changes to this XMR infection. We will leave this incident open till the end of the week unless there is another update.

February 13, 2018 10:00PM EST
[Monitoring] Version 4 of the XMR cleanup has been pushed to all agents.

February 7, 2018 5:09PM EST
[Monitoring] As you know, UTG takes network security very seriously. Our company believes in transparency and proactive solutions that correct any security gaps our clients may face after there has been a new incident reported. As of now, we are waiting on our partner’s official update on the events related to the recent VSA Security incident. Rest assured, UTG is continuing to real time monitor the situation and will keep you updated as more information becomes available to us on how to proceed. We have put together a quick outline of this event at https://goo.gl/VoLnFb

February 2, 2018 7:59AM EST
[Monitoring] We continue to make progress as machines come online with scanning and remediation. Please be sure to have staff turn on their machines as the remaining 9% are machines that are offline and have been unavailable to scan/remediate. We will continue our efforts into the weekend and update all on Monday.

February 1, 2018 10:06AM EST
[Monitoring] We are making progress as machines come online with scanning and remediation, if necessary. Please be sure to have staff turn on their machines the remaining 10% are machines that are offline and unavailable to scan/remediate.

January 31, 2018 5:29PM EST
[Monitoring] We are making progress as machines come online with scanning and remediation, if necessary. Please be sure to have staff leave their machines on this evening so cleanup can continue; the remaining 13% are machines that are offline and unavailable to scan/remediate. We will continue scanning and remediation overnight and provide another update in the morning.

January 31, 2018 10:54AM EST
[Monitoring] We have made progress on offline machines, we are now roughly at 14% of the machines in our system are pending a check script as they are offline. Once those systems come online, a check will be performed and automatically add them to the list to be cleaned.

January 31, 2018 7:45AM EST
[Monitoring] We continue to monitor the situation and finding that check and cleanup scripts are working as expected. We have roughly 18% of the machines in our system are pending a check script as they are offline. Once those systems come online, a check will be performed and automatically add them to the list to be cleaned.

January 30, 2018 9:00PM EST
[Monitoring] Patch for the platform has been applied and we are actively scanning and cleaning any machines found to show signs of the infection.

January 30, 2018 3:00PM EST
[Monitoring] UTG has observed an unknown threat actor attempting to deploy a Monero cryptocurrency miner to multiple end-user machines. We believe the threat leveraged Kaseya’s Virtual Systems Administrator (VSA) agent to deploy the vulnerability to multiple customers starting on January 19, 2018. Kaseya has made a set of patches available to address this vulnerability and has provided procedures to detect and remove the Monero cryptocurrency miner software from affected endpoints. UTG has already begun scanning our fleet and are set to deploy these patches to our clients under all coverage levels. We have seen no evidence to suggest that this vulnerability was used to harvest personal, financial, or other sensitive information. However, we are aware of a small subset of our clients where Monero cryptocurrency mining software was deployed to endpoints. More Details: https://www.esentire.com/news-and-events/security-advisories/kaseya-virtual-system-administrator/

ConnectWise (StreamlineIT)

Operational

Support Chat

Operational

UTG Phone System

Operational

Kaseya Traverse

Operational

Kaseya VSA

Operational

Sophos

Operational

Forms Server

Operational

IT Glue

Operational

Security Operations

Security Issue

External Services

AWS EC2

AWS S3

MS Office365

Status.io

Scheduled Maintenance

ConnectWise UpgradePlanned Maintenance

Schedule

February 25, 2018 10:00AM - 6:00PM EST

Components

ConnectWise (StreamlineIT)

Locations

Atlanta Data Center

Description

We are upgrading the ConnectWise platform to the latest release of 2018.1. During this window, ConnectWise (support portal, ticket updates, and streamline IT access) will be unavailable. Monitoring will be unaffected during this period.