Knowledge

6/28/2017 Newsletters

2 Facts about the New Cryptolocker Ransom.Petya

A brief message from the Digital Edge Security Team

  1. All Digital Edge’s clients are patched and safe. If you are not Digital Edge client and feel that you may need assistance please contact us
  2. If you are affected by Ransom.Petya, do not pay the ransom and speak immediately to the Digital Edge Security Team. Further analysis of the cryptolocker, revealed that data retrieval is possible without paying ransom. Please contact our Security Team if you need an assistance with recovering and removing Ransom.Petya. 
     
5/28/2017 Newsletters

Unintentional Damage - Warning About Possible Information Disclosure

Traffic analytical tools can cause unintentional sensitive information disclosure.  

Most of precisely targeted attacks on IT infrastructures are originated from outside of security perimeters of the victimized organizations. However, the security openings allowing cyber attackers to breach security mechanisms overwhelmingly originated either with unintentional help of insiders or disclosure of sensitive information. 

Read more on this subject and how the Digital Edge Security Team helps clients mitigate or prevent these risks.

5/13/2017 Newsletters

Update – Microsoft to Include Support for WannaCrypt Attacks - Windows XP & 2003

There is a great relief for the many companies which still use legacy systems that are no longer supported by the manufacturer, as the case with Windows XP and Windows Server 2003 - Microsoft is including these operating systems in the updates to patch for the existing vulnerabilities exposed in this attack. For those customers who still have legacy systems, this is vital to protect their overall customer ecosystem.
 
Download English language security updates for: 

To download localized versions for the security update for Windows XP, Windows 8 or Windows Server: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598

 

5/12/2017 Newsletters

Urgent - Important Response to WanaCrypt0r Ransomeware Attack

As per all news agencies and cyber security organizations, multiple countries are under a massive ransomware attack. The ransomware spreads through Europe but specialists are sure that it will eventually spill into US. 

The Digital Edge Security Team is assessing the situation and will assist all the clients and any IT organization that require cyber security help. 
 
We feel that the threat is serious as the infection has a “hunting” functionality that is used to infect other computers that the infected computer has access to through vulnerable Windows SMB Protocol. Microsoft Windows vulnerability called EternalBlue is used by NSA tools leaked to WikiLeaks earlier. The attack might be inspired by NSA weaponry or by NSA itself.

Simply put, if a user opens a malicious email or a website on a desktop that was not patched after March 14, 2017,  there is a big chance that the user’s computer will be infected and the virus will spread inside of the organization.  

Please open a support ticket if you need immediate help at: https://www.digitaledge.net/support/
 
Please click here for more information how to protect your systems.

5/9/2017 Newsletters

May 2017 – Vulnerabilities in Consumer Devices

More and more, security organizations report cyber security vulnerabilities in devices that are not exactly computers. Those devices may include routers, video cameras, and other “internet of things” gadgets. 

It is critically important to know that your home devices with access to the internet are secured. Some of these weaknesses could be related to well-known default user ID and password combinations or whereas, some devices do not even have patching capabilities making people permanently vulnerable. 

Digital Edge is monitoring known vulnerabilities in consumer devices and notifying our friends and colleagues about such cases. 

Click here to see recent vulnerable devices.
 

5/1/2017 Newsletters

Digital Edge Assists in Handling Cyber Security: How to Deal with Identity Theft

The Federal Trade Commission (FTC) has announced a new web site – a single point to report Identity Theft - https://identitytheft.gov/

In many cases, reports from this site will be accepted as an official police report. 

Please see how Digital Edge’s Log Management Service can be utilized as an SIEM (Security Information and Event Management) Dashboard.

4/3/2017 Newsletters

Hard Reminder to Upgrade Windows 2003 Servers: Microsoft Will Not Fix New Vulnerability

New remote execution vulnerability (CVE-2017-7269) was recorded in the National Vulnerability Database for Windows 2003 R2 IIS6 last week. Exploitation of this vulnerability allows a remote attacker to execute code on the vulnerable web server. 

Thus, potentially allowing hackers to take over the whole system, install remote control systems and propagate within local network conducting local attacks. Results of the exploitation might be catastrophic for organizations. Microsoft will not provide a patch for this vulnerability, as OS is not officially supported. 

Read the Digital Edge Security Team analysis and mitigation mechanisms here.

3/16/2017 Newsletters

Cutting Through the Noise – WikiLeaks, CIA, Hacking, and Digital Edge

WikiLeaks has recently exposed that the CIA possessed the capability to hack into nearly every device you own. With all that we have learned from these leaks,  Digital Edge wants to take the time to focus on is the “zero days” concept – which can be simply put as a weakness/hole in a system that allows a hacker to breach it before anyone even knows about this vulnerability. The act of reporting the vulnerability is known as “zero days”.

Once a hole in the system is found, it should be reported immediately, so it can be patched up before it’s exploited.

Read more about this here.

3/9/2017 Newsletters

Amazon Outage – The Reality of 99.95% Uptime

As many have heard, according to Amazon’s blog post, it was due to a “human error” that on Tuesday, February 28th, that Amazon and over 100,000 of its clients experienced about 4 hours of downtime.  It is no secret the tremendous impact that 4 hours of downtime can have on a company, but today, we at Digital Edge want to focus on industry’s uptime standards, quality of the provided services, and some practical suggestions to clients and colleagues. 

Amazon promises a 99.95% SLA which, by definition, means that they’re promising an allowed downtime of 4.38 hours a year for clients. There are several issues with this promise. Normally, everything is fine when those 4.38 hours are split in multiple smaller outages. Such long single outage feels painful for everyone.  

Digital Edge believes that there much better offers on the market for the same price. 

Click here for the full article.

2/22/2017 Newsletters

Digital Edge’s Log Management Service and DHS Analysis of GRIZZLY STEPPE Activities

On February 10, 2017, the Department of Homeland Security issued the Enhanced Analysis of GRIZZLY STEPPE Activities. 
 
One of the first detection and prevention recommendations is directly related to Digital Edge’s Log Management Service. Please click here to see DHS recommendation and reference to the full DHS analysis. 

LET'S TALK: 800-714-5143