Newsletters
January 25 – PHP – Multiple Vulnerabilities – Some Critical
1. This week, the Security Community announced multiple code weaknesses and related vulnerability in PHP. Some of them can cause denial of service, but more problematic is that it would allow remote code execution that might result in full server take over.
2. New Fortinet vulnerabilities were discovered that are very similar to the Juniper vulnerability announced a month ago. Fortinet is large Digital Edge partner. We verified with the hardware manufacturer that the firmware used in our devices are not affected by the vulnerability.
3. 2 SAP HANA vulnerabilities were discovered, both can cause denial of service through disk overload.
All Digital Edge managed or co-managed clients will be patched according to individual schedules.
Additionally, click here to ensure that you are safe and free of Dridex.
If you feel that you need assistance from the Digital Edge Security team please contact Danielle Saladis at dsaladis@DIGITALEDGE.NET.
Please click here for more information.
Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.
Inclement Weather Warning
Dear Valued Client,
This message is to assure you of our continued 24/7 support during the potential blizzard (Jonas) that could affect the New York City Metro Area between Friday 1/22/2016 and Sunday 1/24/2016.
Our technicians are onsite and available to give you reliability that is expected from Digital Edge!
Any client using our Geographical Cluster may request to switch their operation to our datacenter in Dallas for additional security. Please contact our support team to do so.
We thank you for your business.
-Digital Edge
First Hypervisor Vulnerability Allowing Guest to Attack
This vulnerability is more historical rather than practical, but it caught attention of the Digital Edge security team as we think it is the first hypervisor vulnerability allowing a guest to attack hypervisor host.
The virtualization idea is that virtual instances should be running in their own jail and would not be able to communicate with other virtual instances or the physical host itself. This isolation technique makes people confident going into the “cloud” as in theory that nobody can break the jail. Your “neighbors” cannot damage you.
If the isolation concept fails, a criminal can purchase a virtual machine “next” to you and hack into your machine. Hypervisor software is doing everything to block visibility from one virtual instance to another or to the physical host.
New vulnerability - CVE-2015-7835 was logged today simply stating:
“The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.”
What this actually means is that a hacker can purchase a VM and get control over its physical host and then over VMs running on that physical host. In our opinion it is the worst bug we have seen.
Please click here for more information.
Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.
October 11-17 – troubling week for the security
Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.
The week may be over but it was very troubling. There are a few events that attracted our attention so the Digital Edge security team wanted to provide our analysis and some suggestions how to stay secure.
1. Microsoft has released multiple patching addressing very critical security vulnerabilities. They include fixing for holes allowing user computer take over techniques through multiple attack vectors against Microsoft Office, VB and Java scripts, Windows Shell and Kernel itself. All those attacks can be delivered through phishing emails or through tricking users to open infected web sites.
2. At the same time, security agencies are reporting multiple instances of outbreak of Dridex malware outbreak. In short, the malware gets delivered to computers over the same mechanisms mentioned above through vulnerabilities that Microsoft addressed in this week’s patch but the malware concentrates on 3 things:
a. Stealing personal information
b. Stealing banking credentials to be able to transact on the infected user/computer behalf
c. Execute command-and-control (C2C).
Besides that, the infected computer can be employed for spam distribution and distributed denial of service (DDOS) attacks
3. On October 15, 2015, UltraDNS – large DNS service and content delivery provider went down for 90 minutes. Even though UltraDNS claims that the cause of the outage was an “internal issue in a server on East Coast” many security experts suggest that UltraDNS sustained serious DDOS attack.
All Digital Edge managed or co-managed clients will be patched according to individual schedules.
Besides that click here to make sure that you are safe and free of Dridex.
If you feel that you need assistance from the Digital Edge Security team, please contact Danielle Saladis at dsaladis@DIGITALEDGE.NET.
Please click here for more information.
Inclement Weather
Dear Valued Client,
This message is to assure you of our continued 24/7 support during the Hurricane Joaquin affecting the New York City Metro Area between Wednesday 9/30/2015 and Monday 10/4/2015.
Our technicians are onsite and available to give you reliability that is expected from us!
Any client using our Geographical Cluster may request to switch their operation to our datacenter in Dallas for additional security. Please contact our support team to do so.
We thank you for your business.
- Digital Edge
.NET elevation of privileges vulnerability
Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.
For a while Microsoft didn’t have significant security vulnerabilities that would attract our interest. Last week security advisory however revealed CVE-2015-2504 that requires close attention.
As usually Digital Edge warns the community about possible remote execution and privilege elevation vulnerabilities allowing hackers to break through the security perimeters.
All Digital Edge managed or co-managed clients will be patched according to individual schedules.
If you feel that you need assistance from the Digital Edge Security team please contact Danielle Saladis at dsaladis@DIGITALEDGE.NET.
Please click here for more information.
Microsoft HTTP.sys Vulnerability in RDP Could Allow Remote Code Execution
Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.
On Tuesday, July 14, 2015, Microsoft issued new Security Bulletin MS15-067 which is marked critical.
The Digital Edge Security Team has analyzed the reported details and one vulnerability raises a particularly high level of concern and attention. Security Bulletin ID # MS15-034 can be potentially very dangerous. The vulnerability could allow remote code execution is and attacker sends a specially crafted sequence of packets to a targeted system with the Remote Desktop Protocol (RDP) server service enabled.
Digital Edge is committed to securing all of its controlled IT infrastructure environments, to advising its IT community about possible vulnerabilities, newly discovered weaknesses and hacks, and to providing security news and events.
If you feel that you need assistance from the Digital Edge Security team please contact Danielle Johnsen at djohnsen@digitaledge.net
For more information and Digital Edge’s recommendations go here.
VENOM security vulnerability – possible threat to datacenters
Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.
On Wednesday, May 13, 2015, new vulnerability that has been assigned CVE-2015-3456 was published. News agencies breaking this news stating that datacenters are vulnerable and at risk at their core:
“A security research firm is warning that a new bug could allow a hacker to take over vast portions of a datacenter -- from within.” ZDNet (May 13, 2015).
1. Digital Edge does not run vulnerable virtualization platforms.
2. Digital Edge has small portion of clients running vulnerable platforms. Digital Edge security team will be contacting such clients on individual bases.
Digital Edge is committed to securing all of its controlled IT infrastructure environments, to advising its IT community about possible vulnerabilities, newly discovered weaknesses and hacks, and to providing security news and events.
If you feel that you need assistance from the Digital Edge Security team please contact us at support@digitaledge.net
Click here to read Digital Edge risk assessment for this vulnerability.
Microsoft HTTP.sys remote execution vulnerability
On Tuesday, April 14, 2015, Microsoft Issued a cumulative patch for multiple critical vulnerabilities, one of which could be dangerous and needs to be patched urgently.
The Digital Edge Security Team has analyzed the reported details and one vulnerability raises a particularly high level of concern and attention. Security Bulletin ID # MS15-034 can be potentially very dangerous very soon. The vulnerability allows remote code execution using system level privileges with standard HTTP protocol.
For more information click here.
Digital Edge recommends applying the patch as soon as possible (Note, Fully Managed clients will be patched by Digital Edge).
More news:
The Government Accountability Office reports that some newer aircraft such as the Boeing 787 Dreamliner, the Airbus A350 and Airbus A380 could be vulnerable to attack through their advanced high tech cockpits which are integrated with these aircraft’s WiFi systems for on board passengers.
For more information click here.
Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.
If you feel that you need assistance from the Digital Edge Security team please contact us at support@digitaledge.net
Free Advice For Priceless Security
Potential Threat: One of the techniques that hackers use to infiltrate operating systems is known as polymeric downloaders. These are viruses that could download other, more complex viruses, password stealers or remote controlled software. These downloaders typically access systems via emails or zip files. They can also get to your computer in tandem with other programs, mostly together with free game downloads or with illegal software. These downloaders can also traverse when connecting infected USB disks to your computer. Virus authors aim to trick you into executing these downloaders. These tricks could be sophisticated, which sometimes could confuse even sophisticated computer users into executing the underlying viruses and infecting their systems. A more complex infecting technique is called polymorphic downloaders or polymorphic viruses, which allows viruses to traverse undetected.
Digital Edge is committed to the highest of security standards and making sure that its constituents are likewise serious about security which is all about knowledge and behavior. Click here to read about some free techniques for detecting and fighting polymorphic downloaders.
Read more about free virus scanners.