Newsletters

9/16/2015 Newsletters

.NET elevation of privileges vulnerability

Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology. 

  For a while Microsoft didn’t have significant security vulnerabilities that would attract our interest. Last week security advisory however revealed CVE-2015-2504 that requires close attention. 

   As usually Digital Edge warns the community about possible remote execution and privilege elevation vulnerabilities allowing hackers to break through the security perimeters. 

   All Digital Edge managed or co-managed clients will be patched according to individual schedules. 

   If you feel that you need assistance from the Digital Edge Security team please contact Danielle Saladis at dsaladis@DIGITALEDGE.NET

   Please click here for more information.

7/16/2015 Newsletters

Microsoft HTTP.sys Vulnerability in RDP Could Allow Remote Code Execution

  Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.

  On Tuesday, July 14, 2015, Microsoft issued new Security Bulletin MS15-067 which is marked critical.

  The Digital Edge Security Team has analyzed the reported details and one vulnerability raises a particularly high level of concern and attention. Security Bulletin ID # MS15-034 can be potentially very dangerous. The vulnerability could allow remote code execution is and attacker sends a specially crafted sequence of packets to a targeted system with the Remote Desktop Protocol (RDP) server service enabled.

  Digital Edge is committed to securing all of its controlled IT infrastructure environments, to advising its IT community about possible vulnerabilities, newly discovered weaknesses and hacks, and to providing security news and events.

  If you feel that you need assistance from the Digital Edge Security team please contact Danielle Johnsen at djohnsen@digitaledge.net 

  For more information and Digital Edge’s recommendations go here.

5/13/2015 Newsletters

VENOM security vulnerability – possible threat to datacenters

  Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.

  On Wednesday, May 13, 2015, new vulnerability that has been assigned CVE-2015-3456 was published. News agencies breaking this news stating that datacenters are vulnerable and at risk at their core:

  “A security research firm is warning that a new bug could allow a hacker to take over vast portions of a datacenter -- from within.” ZDNet (May 13, 2015).

   1. Digital Edge does not run vulnerable virtualization platforms.
   2. Digital Edge has small portion of clients running vulnerable platforms. Digital Edge security team will be contacting such clients on individual bases.

  Digital Edge is committed to securing all of its controlled IT infrastructure environments, to advising its IT community about possible vulnerabilities, newly discovered weaknesses and hacks, and to providing security news and events.

  If you feel that you need assistance from the Digital Edge Security team please contact us at support@digitaledge.net

  Click here to read Digital Edge risk assessment for this vulnerability.

4/15/2015 Newsletters

Microsoft HTTP.sys remote execution vulnerability

  On Tuesday, April 14, 2015, Microsoft Issued a cumulative patch for multiple critical vulnerabilities, one of which could be dangerous and needs to be patched urgently.

  The Digital Edge Security Team has analyzed the reported details and one vulnerability raises a particularly high level of concern and attention. Security Bulletin ID # MS15-034 can be potentially very dangerous very soon. The vulnerability allows remote code execution using system level privileges with standard HTTP protocol.

  For more information click here

  Digital Edge recommends applying the patch as soon as possible (Note, Fully Managed clients will be patched by Digital Edge).


More news:

  The Government Accountability Office reports that some newer aircraft such as the Boeing 787 Dreamliner, the Airbus A350 and Airbus A380 could be vulnerable to attack through their advanced high tech cockpits which are integrated with these aircraft’s WiFi systems for on board passengers.

  For more information click here.

  Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.

  If you feel that you need assistance from the Digital Edge Security team please contact us at support@digitaledge.net

4/10/2015 Newsletters

Free Advice For Priceless Security

Potential Threat: One of the techniques that hackers use to infiltrate operating systems is known as polymeric downloaders. These are viruses that could download other, more complex viruses, password stealers or remote controlled software. These downloaders typically access systems via emails or zip files. They can also get to your computer in tandem with other programs, mostly together with free game downloads or with illegal software. These downloaders can also traverse when connecting infected USB disks to your computer. Virus authors aim to trick you into executing these downloaders. These tricks could be sophisticated, which sometimes could confuse even sophisticated computer users into executing the underlying viruses and infecting their systems. A more complex infecting technique is called polymorphic downloaders or polymorphic viruses, which allows viruses to traverse undetected.

Digital Edge is committed to the highest of security standards and making sure that its constituents are likewise serious about security which is all about knowledge and behavior. Click here to read about some free techniques for detecting and fighting polymorphic downloaders.

Read more about free virus scanners.

3/25/2015 Newsletters

Google Android OS Vulnerability

vulnerability in Google's Android OS has been discovered that could allow an attacker to change or replace a seemingly safe Android application with malware during installation. An attacker exploiting this vulnerability could access and steal user data on compromised devices without user knowledge. Devices running Android version 4.4 or later are not vulnerable.

Digital Edge suggestions:
  1. Make sure your OS level is up to date.
  2. Download Applications only from Google Play as they are downloaded into a protected area.
  3. Discuss with us how you can protect your mobile users and clients using Enterprise class mobile security.

Please feel free to contact us for any additional information.

3/13/2015 Newsletters

Microsoft March 2015 Security Update

Microsoft has released updates to address Windows vulnerabilities as part of the Microsoft Security Bulletin Summary for March 2015. These vulnerabilities could allow remote code execution, spoofing, security feature bypass, denial of service, elevation of privilege, or disclosure of information.

Digital Edge encourages users and administrators to review Microsoft Security Bulletin Summary MS15-MAR and apply the necessary updates.

Digital Edge is committed to secure all controlled IT infrastructure environments and to advise the IT community about possible vulnerabilities, newly discovered weaknesses, hacks as well as security news and events.

No action is necessary for fully managed Digital Edge clients because your systems will be patched on regularly scheduled and approved basis

2/10/2015 Newsletters

Security Warning – 2/10/2015 - Microsoft

Digital Edge distributes this notification as an effort to improve the IT community cybersecurity, coordinate cyber information sharing, and proactively manage cyber risks while protecting our clients. 

On February 10, 2015, Microsoft issued new Security Bulletin MS15-011 which is marked critical 

Digital Edge security team analyzed the vulnerabilities and possibilities to exploit. We think that the vulnerability reported in MS15-011 is critical but very hard to exploit. Even though Microsoft does not disclose details about Digital Edge Security Team feels that exploiting of the vulnerability is hard and in most common enterprise settings where infrastructures protected by firewalls and users access network through VPNs almost impossible. 

Digital Edge strives to be a trusted leader in cybersecurity and managed services in complex enterprise IT environments.

1/30/2015 Newsletters

Security Warning

Digital Edge distributes this notification as an effort to improve the IT community cybersecurity, coordinate cyber information sharing, and proactively manage cyber risks while protecting our clients. 

On January 27, 2015, Qualys Security Advisory published new Linux vulnerability repot - CVE-2015-0235. 
The report alerts about Linux glibc library is being vulnerable to a buffer overflow with a risk of potential remote execution and taking over the server. Linux systems that are liable to attack include:

  • Debian 7 (Wheezy), 
  • RHEL 5/6/7
  • CentOS 6/7 
  • Ubuntu 12.04

Even though exploit of such vulnerability is not obvious, Qualys has developed a proof of a concept when a specially crafted email can produce a remote shell to a vulnerable system.

Digital Edge will assess managed systems and work with affected clients individually.  

Digital Edge security team advise all IT professionals to take this vulnerability seriously and contact us for any questions, consultations or help. 

Digital Edge strives to be a trusted leader in cybersecurity and managed services in complex enterprise IT environments.

1/27/2015 Newsletters

Inclement Weather Update

Dear Valued Client,

As of 11:00 EST there have been no updates or issues to report.

All weather affected facilities reporting the following statuses:

  1. Additional facility engineering staff scheduled and in the facilities currently, they will remain on site 24/7 until the storm is over.
  2. All systems have been tested and operational.
  3. Commercial power: is currently stable, no outages reported
  4. Backup generator status: ready for switch to backup generator. 
  5. Diesel Fuel status: 90% capacity
  6. Commercial power: is currently stable, no outages reported
  7. Cooling Systems status: normal operations, no outages reported
  8. Telecommunications: normal operations, no outages reported
  9. Local Transportation: no outages reported, delays expected

As always, our technicians are onsite and available to give you reliability that is expected from us!

Any client using our Geographical Cluster may request to switch their operation to our datacenter in Dallas for additional security. Please contact our support team to do so.

We thank you for your business!