Red Cup IT has implemented best-in-class security practices to keep customer data safe. Our mission is to build the world's most secure and advanced MSP platform, where security by design is the default way that we operate. We're laser-focused on how to leverage security as an enabler of a better user experience for our customers. Privacy and data security best practices are embedded in our policies, training, and daily operations.
Recently, the security team here at Red Cup IT became aware of the news surrounding a high-impact MOVEit vulnerability. Reputable threat intelligence sources have reported that this incident impacts customers of this solution: https://www.securityweek.com/moveit-customers-urged-to-patch-third-critical-vulnerability/.
We want our customers to know that this vulnerability does not impact Red Cup IT.
We do not leverage this technology/software within our product, and therefore the confidentiality, integrity, and availability of our systems remain unharmed.
Thanks, and please reach out with any questions. Team Red Cup IT
Red Cup IT does not use CircleCI for continuous integration and continuous delivery.
Red Cup IT does not use Microsoft Exchange Server (Cloud or On-Premise)
At Red Cup IT, Inc., transparency with our clients and maintaining our customers' trust are critical to who we are. As you’ve likely heard in the news, Okta released a statement on March 22nd, 2022 regarding a security incident that may have affected their customers. Red Cup IT, Inc. leverages Okta as an authentication provider for internal authentication. Our team has received notice from Okta that neither we nor our customers were affected by this incident.
Red Cup IT, Inc. can confirm that within 24 hours of publishing CVE-2021-44228 in our vulnerability database all services that compose our platform running Apache’s vulnerable Log4j library have been patched to the latest version. We have not detected any successful attempts at exploitation of this attack vector during that time window. Red Cup IT, Inc.'s security response to events pertaining to the Log4j remote code execution vulnerability (RCE) is also strengthened by our defense in depth that leverages network-based firewalls, web application firewalls, and anomaly detection with our platform environment.
If you need help using this Trust Center, please contact us.
If you think you may have discovered a vulnerability, please send us a note.