icon

Articles by tag "security"

2/11/2017 White Papers

The Benefits of Pen Testing

A huge threat to today’s businesses is hackers. They can manipulate their way into any businesses system and take advantage of any data that is important to the company. This can generally leave long lasting, harmful effects on the business which might even lead to eventual failure of the organization. 

Don’t let this happen to you! Digital Edge offers a Penetration test in which our trained and specialized team gets authorized access to “attack” your system. This is done in the form of a real attack using strategies hackers usually use. Digital Edge uses standard licensed security assessments and penetration tools, as well as their own proprietary techniques, black hat reconnaissance and exploitation methods. The purpose of this test is to expose any and all vulnerabilities in your system that can potentially hurt your business, so they can be fixed. Pen tests provide the precautionary measures needed to be taken to ensure there be no breach in your system. They ensure the safety of your data by allowing you to be ready to prevent future attacks.  

Due to rapid technological advances, Pen tests should be done regularly to catch any vulnerabilities that pop up before it’s too late. Read more about how Digital Edge’s Penetration test can be beneficial to your company! 

1/13/2017 Newsletters

Shining Light on the Political Hacking Crisis

Digital Edge felt it was crucial to comment on the recent news regarding the political hacking crisis. Our Security Team wanted to make the efforts of acknowledging the ways of hacking. Hackers that continue to practice have not changed their ways. They use the same methods, techniques and tricks except now everyone knows how to use them. Actual hacking isn’t composed of an actual professional anymore; a child can access codes and hack someone. Whereas, real hackers develop tools, simplify them and sell them to regular people; they don’t actually hack anymore, making the person hacking not the real criminal at hand. It has become nearly impossible to figure out who the hacker is on a technological standpoint nowadays. 

However, information securities methods have drastically improved, developed, and are now more advance than ever before. Not only is it easy to identify when someone is trying to hack you, but now it is easy to prevent someone from trying to steal your information. Digital Edge has put in its greatest efforts to create a security system that will protect our clients from any hackers and now we want you to know how to spot and avoid a hacker yourself!

Be aware of hackers with these tips and check out our website for more about Digital Edge!

12/20/2016 Newsletters

Yahoo Account Data Breach

Following a 500 million user account data breach in September, Yahoo has just announced that they have once again suffered another breach of an estimated one billion accounts. Yahoo disclosed in November, that the company was provided with data files from law enforcement claiming to be Yahoo user data. Outside forensic experts, in conjunction with Yahoo, have determined that it is in fact Yahoo user data, that was obtained by an unauthorized third party in August of 2013. The party responsible for the intrusion has not yet been able to be identified. This incident has been diagnosed to be separate from the incident in September 2016. 

Yahoo believes that the information that was stolen consists of full names, email addresses, dates of birth, phone numbers, hashed passwords, and possibly security questions and answers as well. Luckily, Yahoo does not store credit card or any other payment information in the system that was affected.

Currently, Yahoo is identifying and notifying potentially affected users and instructing them to change passwords immediately. Additionally, Yahoo is removing all unencrypted security questions and answers from affected users so that hackers cannot use those answers to break into users accounts. 

As 2016 comes to a close, it seems to appear to be the “Year of the Breach” with reports of eight major breaches involving well-known companies. Obtaining large amounts of data is key for these hackers, so companies most vulnerable are those which hold a large amount of personal data on their customers, including Social Security numbers, birthdates, home addresses and even medical records. 

Digital Edge’s Security Operation Center (SOC) protects your organization’s intellectual property and sensitive data. Digital security threats are real and it is better to be able to detect and respond to them as quickly as possible. It is difficult for organizations without a comprehensive incident-handling capability to create a proactive SOC team. These capabilities have to include tools and processes that enable centralized security threat visibility, instant alerting, and efficient troubleshooting. Digital Edge’s SOC is ready to deliver those capabilities and provide security coverage for your organization today. 

For more information on this new Yahoo hack, and tips to help keep your password safe and secure, please click here.

8/10/2016 Newsletters

Security Update Cyber Incident Reporting

Digital Edge’s Security Team assists clients with cyber security forensics and often hears the question – “what is the proper way to report to law enforcements?” As a company, we aim to aid our clients in informing them on the right steps to take when dealing with a cyber-incident. There is a growing number of cyber networks that were seriously attacked and this is not a matter to be taken lightly. This is why Digital Edge feels it is important to know the right procedure. These incidents can result in serious consequences with the capability of causing lasting harm. By reporting these incidents, the government can assist them with agencies that can investigate the incident, lessen the consequences, and help avoid these cyber incidents in the future.

Please click here for more information.

If you feel that you need assistance from the Digital Edge Security team, please contact us at support@DIGITALEDGE.NET or open a ticket through Digital Edge web site at https://www.digitaledge.net.

6/7/2016 Newsletters

Security Update: Was TeamViewer Hacked? Digital Edge Believes it was a Backdoor Dropped by Trojan.MulDrop6.39120

Digital Edge’s Security Team is monitoring the situation with TeamViewer hacking allegations. The news broke last week – some TeamViewer users complained that intruders gained access to their computers through TeamViewer program. 
TeamViewer denied any hacking allegations but shortly following, its service was knocked off by a DDoS attack aiming DNS services, leaving more questions to TeamViewer’s Security Team. 

1. Even though the situation is still not clear, the Digital Edge Security Team sides with security expects blaming a BackDoor Trojan discovered in May of 2016. The signature for the Trojan was added on 05/26/2016. The version of Trojan -  BackDoor.TeamViewer.49 utilizes TeamViewer as its backdoor implementation and is delivered by Trojan.MulDrop6.39120 through Adobe vulnerability. Even though the Trojan is supposed to hide the TeamViewer interface and use its functions in the background, we believe that mutation of the virus (the virus uses advanced hiding techniques) can create an unpredicted effect on the systems with legitimately installed TeamViewer causing effect described by users that reported the compromise. 

Please click here for more details

As a result, we do believe that it is safe to use TeamViewer, unless your system does not have updated antivirus and does not have all latest patches installed. By saying that, the Digital Edge team urges to cautiously use this product, as there is no confirmation from TeamViewer’s Security Team or reputable security companies that our analysis is correct

2. Digital Edge security team has contacted all clients using TeamViewer and discussed preventive measures. 

3. If you are using TeamViewer please click here to see our advice how to verify that your TeamViewer was not hacked. 

If you feel that you need assistance from the Digital Edge Security team please contact Danielle Saladis at dsaladis@DIGITALEDGE.NET

Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.

4/26/2016 Newsletters

Security Updates For April

For the past few months, the security community did not surprise its audience with anything interesting, but this week there have been a few updates worth to share:

  1. The administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service (reboot) via a crafted SSL packet. There are more denial types of vulnerabilities found in Juniper software. 
  2. Multiple gnu_glibc libraries vulnerabilities potentially exposing threat to cause denial of service were discovered. 
  3. The most interesting is Xen overflow vulnerability. This vulnerability allows guest to corrupt physical host. Those type of vulnerabilities are troubling security professionals, showing that information technology should not blindly trust virtualization encapsulation.  

All Digital Edge managed or co-managed clients will be patched according to individual schedules. 
If you feel that you need assistance from the Digital Edge Security team please contact Danielle Saladis at dsaladis@DIGITALEDGE.NET
Please click here for more information. 

Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.

2/22/2016 Newsletters

Security Warning: Remote Exploitation - A New Linux/Unix Vulnerability May Allow a Hacker to Take Control

Last week, it was announced that a new GNU glibc library buffer overflow is classified as a critical. This vulnerability may allow a hacker to take control over your system. What requires additional attention is DNS systems, as they are publically exposed. 

Digital Edge reports that over weekend our security team addressed the situation. All our DNS infrastructure is up to date on security patches. 

The Digital Edge team is working with fully managed clients individually to secure clients’ Linux systems. 

Please contact us for more information. 

Read more

Digital Edge Security

10/17/2015 Newsletters

October 11-17 – troubling week for the security

    Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology. 

    The week may be over but it was very troubling. There are a few events that attracted our attention so the Digital Edge security team wanted to provide our analysis and some suggestions how to stay secure. 

          1. Microsoft has released multiple patching addressing very critical security vulnerabilities. They include fixing for holes allowing user computer take over techniques through multiple attack vectors against Microsoft Office, VB and Java scripts, Windows Shell and Kernel itself. All those attacks can be delivered through phishing emails or through tricking users to open infected web sites. 

          2. At the same time, security agencies are reporting multiple instances of outbreak of Dridex malware outbreak. In short, the malware gets delivered to computers over the same mechanisms mentioned above through vulnerabilities that Microsoft addressed in this week’s patch but the malware concentrates on 3 things: 

                a. Stealing personal information 
                b. Stealing banking credentials to be able to transact on the infected user/computer behalf 
                c. Execute command-and-control (C2C). 

              Besides that, the infected computer can be employed for spam distribution and distributed denial of service (DDOS) attacks 

          3. On October 15, 2015, UltraDNS – large DNS service and content delivery provider went down for 90 minutes. Even though UltraDNS claims that the cause of the outage was an “internal issue in a server on East Coast” many security experts suggest that UltraDNS sustained serious DDOS attack.  

      All Digital Edge managed or co-managed clients will be patched according to individual schedules. 

      Besides that click here to make sure that you are safe and free of Dridex. 

      If you feel that you need assistance from the Digital Edge Security team, please contact Danielle Saladis at dsaladis@DIGITALEDGE.NET

      Please click here for more information.

9/20/2015 White Papers

Log Management Compliance - PCI DSS - Payment Card Industry Data Security Standards

The PCI DSS was created to encourage and enhance cardholder data security and facilitate the extensive adoption of consistent data security measures worldwide. This applies to all organizations that store, process, and/or transmit cardholder data.

9/16/2015 Newsletters

.NET elevation of privileges vulnerability

Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology. 

  For a while Microsoft didn’t have significant security vulnerabilities that would attract our interest. Last week security advisory however revealed CVE-2015-2504 that requires close attention. 

   As usually Digital Edge warns the community about possible remote execution and privilege elevation vulnerabilities allowing hackers to break through the security perimeters. 

   All Digital Edge managed or co-managed clients will be patched according to individual schedules. 

   If you feel that you need assistance from the Digital Edge Security team please contact Danielle Saladis at dsaladis@DIGITALEDGE.NET

   Please click here for more information.

Let's talk: 800-714-5143

Speak to a specialist