All Articles

CHP has undergone multiple IT audits including security, compliance and financial, for which Digital Edge assisted with the documentation and knowledge management system, addressing all of the auditors’ concerns. Additionally, DE provides 24/7 infrastructure management, including knowledge management, help desk, monitoring, and problem resolution.

NYCHHC is restructuring the health care system to provide better care for the citizens of NYC. Digital Edge was contracted to assist the NYCHHC in understanding the technology capabilities, maturity and needs of partners, in particular as they relate to the goals and metrics of DSRIP.

Dear Valued Client, 

The National Weather Service has issued a Severe Thunderstorm Watch for this afternoon and later tonight in the DFW area, with Hazard conditions up to 70 MPH wind Gusts and Penny size hail. 

This message is to assure you of our continued 24/7 support during this SEVERE THUDERSTORM WATCH that is in affect for the Dallas, Texas area today, Tuesday, March 8, 2016. 

Our technicians are onsite and available to give you reliability that is expected from Digital Edge! 

At this time, Building Management preparations include: 

• Ensuring fuel reserves are at maximum levels and confirming fuel deliveries, if needed 
• Testing all generators to ensure they are in optimal working conditions 
• Verifying all UPS and HVAC systems are in proper settings and working in optimal conditions 
• Confirming any necessary supporting contractors are on call for quick response, if needed 

Throughout the storm, the Building Management will conduct hourly inspections of all critical facilities, assess the situation, and prepare accordingly. Local teams will provide additional notification if any issues arise. 

Any client using our Geographical Cluster may request to switch their operation to our datacenter in NEW YORK for additional security. Please contact our support team to do so. 

We thank you for your business. 

-Digital Edge

Last week, it was announced that a new GNU glibc library buffer overflow is classified as a critical. This vulnerability may allow a hacker to take control over your system. What requires additional attention is DNS systems, as they are publically exposed. 

Digital Edge reports that over weekend our security team addressed the situation. All our DNS infrastructure is up to date on security patches. 

The Digital Edge team is working with fully managed clients individually to secure clients’ Linux systems. 

Please contact us for more information. 

Read more. 

Digital Edge Security

1. This week, the Security Community announced multiple code weaknesses and related vulnerability in PHP. Some of them can cause denial of service, but more problematic is that it would allow remote code execution that might result in full server take over. 

2. New Fortinet vulnerabilities were discovered that are very similar to the Juniper vulnerability announced a month ago. Fortinet is large Digital Edge partner. We verified with the hardware manufacturer that the firmware used in our devices are not affected by the vulnerability. 

3. 2 SAP HANA vulnerabilities were discovered, both can cause denial of service through disk overload. 

All Digital Edge managed or co-managed clients will be patched according to individual schedules. 

Additionally, click here to ensure that you are safe and free of Dridex. 

If you feel that you need assistance from the Digital Edge Security team please contact Danielle Saladis at dsaladis@DIGITALEDGE.NET. 

Please click here for more information. 

Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.

Dear Valued Client, 

This message is to assure you of our continued 24/7 support during the potential blizzard (Jonas) that could affect the New York City Metro Area between Friday 1/22/2016 and Sunday 1/24/2016. 

Our technicians are onsite and available to give you reliability that is expected from Digital Edge! 

Any client using our Geographical Cluster may request to switch their operation to our datacenter in Dallas for additional security. Please contact our support team to do so. 

We thank you for your business. 

-Digital Edge

This vulnerability is more historical rather than practical, but it caught attention of the Digital Edge security team as we think it is the first hypervisor vulnerability allowing a guest to attack hypervisor host. 

The virtualization idea is that virtual instances should be running in their own jail and would not be able to communicate with other virtual instances or the physical host itself. This isolation technique makes people confident going into the “cloud” as in theory that nobody can break the jail. Your “neighbors” cannot damage you. 

If the isolation concept fails, a criminal can purchase a virtual machine “next” to you and hack into your machine. Hypervisor software is doing everything to block visibility from one virtual instance to another or to the physical host. 

New vulnerability - CVE-2015-7835 was logged today simply stating: 

“The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.” 

What this actually means is that a hacker can purchase a VM and get control over its physical host and then over VMs running on that physical host. In our opinion it is the worst bug we have seen. 

Please click here for more information. 

Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.

    Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology. 

    The week may be over but it was very troubling. There are a few events that attracted our attention so the Digital Edge security team wanted to provide our analysis and some suggestions how to stay secure. 

          1. Microsoft has released multiple patching addressing very critical security vulnerabilities. They include fixing for holes allowing user computer take over techniques through multiple attack vectors against Microsoft Office, VB and Java scripts, Windows Shell and Kernel itself. All those attacks can be delivered through phishing emails or through tricking users to open infected web sites. 

          2. At the same time, security agencies are reporting multiple instances of outbreak of Dridex malware outbreak. In short, the malware gets delivered to computers over the same mechanisms mentioned above through vulnerabilities that Microsoft addressed in this week’s patch but the malware concentrates on 3 things: 

                a. Stealing personal information 
                b. Stealing banking credentials to be able to transact on the infected user/computer behalf 
                c. Execute command-and-control (C2C). 

              Besides that, the infected computer can be employed for spam distribution and distributed denial of service (DDOS) attacks 

          3. On October 15, 2015, UltraDNS – large DNS service and content delivery provider went down for 90 minutes. Even though UltraDNS claims that the cause of the outage was an “internal issue in a server on East Coast” many security experts suggest that UltraDNS sustained serious DDOS attack.  

      All Digital Edge managed or co-managed clients will be patched according to individual schedules. 

      Besides that click here to make sure that you are safe and free of Dridex. 

      If you feel that you need assistance from the Digital Edge Security team, please contact Danielle Saladis at dsaladis@DIGITALEDGE.NET. 

      Please click here for more information.

Dear Valued Client,

This message is to assure you of our continued 24/7 support during the Hurricane Joaquin affecting the New York City Metro Area between Wednesday 9/30/2015 and Monday 10/4/2015.

Our technicians are onsite and available to give you reliability that is expected from us!

Any client using our Geographical Cluster may request to switch their operation to our datacenter in Dallas for additional security. Please contact our support team to do so.

We thank you for your business.

- Digital Edge

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines relevant technical and non-technical security standards to ensure individuals’ ePHI, “electronic protected health information”. Compliance with HIPPA requires information systems to be monitored using SIEM, Security Information and Event Management. The SIEM is a tool that guarantees immediate notification and analysis of conditions influencing the reliability of an organization’s ePHI data through actionable reports and forensic investigation.