Articles by tag "vulnerability"

In our continuing efforts to help our clients automate system administration and enforce cybersecurity's best practices, Digital Edge’s skillful and experienced team worked hard to create a script that will scan your servers for the required patch ensuring the security of your servers. 

Friends and Colleagues, 

It is critical that at this time, the Digital Edge Security Team sends an urgent warning about a wide-spread email phishing campaign aiming at Microsoft Office 365 users. The emails have subject similar to this: “View your Office 365 Business billing statement for…”. 

The email looks very real and our Security Team is urging what users should pay attention to when analyzing such email for authenticity.

Multiple clients have notified us about receiving said emails and some people were getting trapped by this campaign. 

Click here to read more about this incident of email phishing and possible remediation for this and further attack involving setting up spying rules in your Office 365 account.

This vulnerability is more historical rather than practical, but it caught attention of the Digital Edge security team as we think it is the first hypervisor vulnerability allowing a guest to attack hypervisor host. 

The virtualization idea is that virtual instances should be running in their own jail and would not be able to communicate with other virtual instances or the physical host itself. This isolation technique makes people confident going into the “cloud” as in theory that nobody can break the jail. Your “neighbors” cannot damage you. 

If the isolation concept fails, a criminal can purchase a virtual machine “next” to you and hack into your machine. Hypervisor software is doing everything to block visibility from one virtual instance to another or to the physical host. 

New vulnerability - CVE-2015-7835 was logged today simply stating: 

“The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.” 

What this actually means is that a hacker can purchase a VM and get control over its physical host and then over VMs running on that physical host. In our opinion it is the worst bug we have seen. 

Please click here for more information. 

Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.

  Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.

  On Tuesday, July 14, 2015, Microsoft issued new Security Bulletin MS15-067 which is marked critical.

  The Digital Edge Security Team has analyzed the reported details and one vulnerability raises a particularly high level of concern and attention. Security Bulletin ID # MS15-034 can be potentially very dangerous. The vulnerability could allow remote code execution is and attacker sends a specially crafted sequence of packets to a targeted system with the Remote Desktop Protocol (RDP) server service enabled.

  Digital Edge is committed to securing all of its controlled IT infrastructure environments, to advising its IT community about possible vulnerabilities, newly discovered weaknesses and hacks, and to providing security news and events.

  If you feel that you need assistance from the Digital Edge Security team please contact Danielle Johnsen at djohnsen@digitaledge.net 

  For more information and Digital Edge’s recommendations go here.

A vulnerability in Google's Android OS has been discovered that could allow an attacker to change or replace a seemingly safe Android application with malware during installation. An attacker exploiting this vulnerability could access and steal user data on compromised devices without user knowledge. Devices running Android version 4.4 or later are not vulnerable.

Digital Edge suggestions:
  1. Make sure your OS level is up to date.
  2. Download Applications only from Google Play as they are downloaded into a protected area.
  3. Discuss with us how you can protect your mobile users and clients using Enterprise class mobile security.

Please feel free to contact us for any additional information.

Drupal Vulnerability

Digital Edge assisted its clients running Drupal with patching and security assessment after Drupal Security Team a security advisory on October 15, 2014 (SA-CORE-2014-005). 

All our clients are secured, however we are concerned that other non-Digital Edge clients may still be affected without knowing even after the patch was applied. Digital Edge’s Security Team brings it to IT industry’s attention that there is speculation in the Black Hat community that automated way of exploiting Drupal vulnerability is possible. The effect of such automation can be much wider then Drupal assessed initially. 

The concern is that a malicious code could be injected automatically prior to the patching into servers running vulnerable Drupal. After the patching, malware might stay on the server and can bring additional Trojans, spyware or open back doors into the system. 

For more valuable information about security and this particular case please contact Digital Edge security team through:

https://www.digitaledge.net/contact/