Articles by tag "security"

Microsoft has released updates to address Windows vulnerabilities as part of the Microsoft Security Bulletin Summary for March 2015. These vulnerabilities could allow remote code execution, spoofing, security feature bypass, denial of service, elevation of privilege, or disclosure of information.

Digital Edge encourages users and administrators to review Microsoft Security Bulletin Summary MS15-MAR and apply the necessary updates.

Digital Edge is committed to secure all controlled IT infrastructure environments and to advise the IT community about possible vulnerabilities, newly discovered weaknesses, hacks as well as security news and events.

No action is necessary for fully managed Digital Edge clients because your systems will be patched on regularly scheduled and approved basis

Digital Edge distributes this notification as an effort to improve the IT community cybersecurity, coordinate cyber information sharing, and proactively manage cyber risks while protecting our clients. 

On February 10, 2015, Microsoft issued new Security Bulletin MS15-011 which is marked critical 

Digital Edge security team analyzed the vulnerabilities and possibilities to exploit. We think that the vulnerability reported in MS15-011 is critical but very hard to exploit. Even though Microsoft does not disclose details about Digital Edge Security Team feels that exploiting of the vulnerability is hard and in most common enterprise settings where infrastructures protected by firewalls and users access network through VPNs almost impossible. 

Digital Edge strives to be a trusted leader in cybersecurity and managed services in complex enterprise IT environments.

Digital Edge distributes this notification as an effort to improve the IT community cybersecurity, coordinate cyber information sharing, and proactively manage cyber risks while protecting our clients. 

On January 27, 2015, Qualys Security Advisory published new Linux vulnerability repot - CVE-2015-0235. 
The report alerts about Linux glibc library is being vulnerable to a buffer overflow with a risk of potential remote execution and taking over the server. Linux systems that are liable to attack include:

• Debian 7 (Wheezy), 
• RHEL 5/6/7
• CentOS 6/7 
• Ubuntu 12.04

Even though exploit of such vulnerability is not obvious, Qualys has developed a proof of a concept when a specially crafted email can produce a remote shell to a vulnerable system.

Digital Edge will assess managed systems and work with affected clients individually.  

Digital Edge security team advise all IT professionals to take this vulnerability seriously and contact us for any questions, consultations or help. 

Digital Edge strives to be a trusted leader in cybersecurity and managed services in complex enterprise IT environments.

Last month, security community discovered critical security threats that affect multiple platforms, technologies and configurations.

Digital Edge is proactively working with its clients on assessing the effect, planning for remediation, scheduling and execution of patching.

Critical vulnerabilities are:

1. SSLv3 encryption protocol weakness allowing man-in-the-middle to decrypt secured communication.
2. 3 critical Microsoft vulnerabilities allowing a hacker to execute malicious code remotely and gain access to data, client computers or client’s servers.
3. Bash vulnerability allowing a hacker to execute malicious code remotely and gain access to client’s servers.

All affected Digital Edge’s clients will be contacted and required actions will be discussed, scheduled and performed. If you feel that you need an additional help please contact us at: https://www.digitaledge.net/contact/

Security Advisory from Digital Edge

On Wednesday, September 24th, a vulnerability in Linux bash shell was discovered. The vulnerability may allow code execution to open door for other attacks causing OS to become fully compromised. In lots of environments this vulnerability is exploitable over the network.

Digital Edge is assessing our internal environment as well as our clients’ environments and will remediate the vulnerability within the next few days. Affected Digital Edge clients will be contacted and protective actions will be discussed.

Digital Edge is committed to secure all controlled IT infrastructure environments and to advise the IT community about possible vulnerabilities, newly discovered weaknesses, hacks as well as security news and events.

If you feel that you need assistance from Digital Edge Security team please contact us at “support@digitaledge.net”

Thank you,

Digital Edge