Newsletters
Security Warning – 2/10/2015 - Microsoft
Digital Edge distributes this notification as an effort to improve the IT community cybersecurity, coordinate cyber information sharing, and proactively manage cyber risks while protecting our clients.
On February 10, 2015, Microsoft issued new Security Bulletin MS15-011 which is marked critical
Digital Edge security team analyzed the vulnerabilities and possibilities to exploit. We think that the vulnerability reported in MS15-011 is critical but very hard to exploit. Even though Microsoft does not disclose details about Digital Edge Security Team feels that exploiting of the vulnerability is hard and in most common enterprise settings where infrastructures protected by firewalls and users access network through VPNs almost impossible.
Digital Edge strives to be a trusted leader in cybersecurity and managed services in complex enterprise IT environments.
Security Warning
Digital Edge distributes this notification as an effort to improve the IT community cybersecurity, coordinate cyber information sharing, and proactively manage cyber risks while protecting our clients.
On January 27, 2015, Qualys Security Advisory published new Linux vulnerability repot - CVE-2015-0235.
The report alerts about Linux glibc library is being vulnerable to a buffer overflow with a risk of potential remote execution and taking over the server. Linux systems that are liable to attack include:
- Debian 7 (Wheezy),
- RHEL 5/6/7
- CentOS 6/7
- Ubuntu 12.04
Even though exploit of such vulnerability is not obvious, Qualys has developed a proof of a concept when a specially crafted email can produce a remote shell to a vulnerable system.
Digital Edge will assess managed systems and work with affected clients individually.
Digital Edge security team advise all IT professionals to take this vulnerability seriously and contact us for any questions, consultations or help.
Digital Edge strives to be a trusted leader in cybersecurity and managed services in complex enterprise IT environments.
Inclement Weather Update
Dear Valued Client,
As of 11:00 EST there have been no updates or issues to report.
All weather affected facilities reporting the following statuses:
- Additional facility engineering staff scheduled and in the facilities currently, they will remain on site 24/7 until the storm is over.
- All systems have been tested and operational.
- Commercial power: is currently stable, no outages reported
- Backup generator status: ready for switch to backup generator.
- Diesel Fuel status: 90% capacity
- Commercial power: is currently stable, no outages reported
- Cooling Systems status: normal operations, no outages reported
- Telecommunications: normal operations, no outages reported
- Local Transportation: no outages reported, delays expected
As always, our technicians are onsite and available to give you reliability that is expected from us!
Any client using our Geographical Cluster may request to switch their operation to our datacenter in Dallas for additional security. Please contact our support team to do so.
We thank you for your business!
Inclement Weather Advisory
Dear Valued Client,
This message is to assure you of our continued 24/7 support during the inclement weather conditions affecting the New York City Metro Area between Monday, 1/26 and Wednesday 1/28.
Our technicians are onsite and available to give you reliability that is expected from us!
Any client using our Geographical Cluster may request to switch their operation to our datacenter in Dallas for additional security. Please contact our support team to do so.
We thank you for your business.
-Digital Edge
Millions Of Websites Hit By Drupal Hack Attack
Drupal Vulnerability
Digital Edge assisted its clients running Drupal with patching and security assessment after Drupal Security Team a security advisory on October 15, 2014 (SA-CORE-2014-005).
All our clients are secured, however we are concerned that other non-Digital Edge clients may still be affected without knowing even after the patch was applied. Digital Edge’s Security Team brings it to IT industry’s attention that there is speculation in the Black Hat community that automated way of exploiting Drupal vulnerability is possible. The effect of such automation can be much wider then Drupal assessed initially.
The concern is that a malicious code could be injected automatically prior to the patching into servers running vulnerable Drupal. After the patching, malware might stay on the server and can bring additional Trojans, spyware or open back doors into the system.
For more valuable information about security and this particular case please contact Digital Edge security team through:
Digital Edge Security Advisory
Last month, security community discovered critical security threats that affect multiple platforms, technologies and configurations.
Digital Edge is proactively working with its clients on assessing the effect, planning for remediation, scheduling and execution of patching.
Critical vulnerabilities are:
- SSLv3 encryption protocol weakness allowing man-in-the-middle to decrypt secured communication.
- 3 critical Microsoft vulnerabilities allowing a hacker to execute malicious code remotely and gain access to data, client computers or client’s servers.
- Bash vulnerability allowing a hacker to execute malicious code remotely and gain access to client’s servers.
All affected Digital Edge’s clients will be contacted and required actions will be discussed, scheduled and performed. If you feel that you need an additional help please contact us at: https://www.digitaledge.net/Contact-SendEmail.aspx
Bug in Linux “bash” shell causes “shellshock”
Security Advisory from Digital Edge
On Wednesday, September 24th, a vulnerability in Linux bash shell was discovered. The vulnerability may allow code execution to open door for other attacks causing OS to become fully compromised. In lots of environments this vulnerability is exploitable over the network.
Digital Edge is assessing our internal environment as well as our clients’ environments and will remediate the vulnerability within the next few days. Affected Digital Edge clients will be contacted and protective actions will be discussed.
Digital Edge is committed to secure all controlled IT infrastructure environments and to advise the IT community about possible vulnerabilities, newly discovered weaknesses, hacks as well as security news and events.
If you feel that you need assistance from Digital Edge Security team please contact us at “support@digitaledge.net”
Thank you,
Digital Edge
"Heartbleed Zero Day" Threat
NEW OpenSSL Vulnerability Advisory
Digital Edge has been and will be continuing to assess our clients risks and potential urgency for patching the new vulnerability, dubbed “Heartbleed”, which is a security concern for users of OpenSSL, a widely-used opensource cryptographic software library. It can allow attackers to read the memory of the systems using vulnerable versions of OpenSSL library (1.0.1 through 1.0.1f). This may disclose the secret keys of vulnerable servers, which allows attackers to decrypt and eavesdrop on SSL encrypted communications and impersonate service providers. In addition, other data in memory may be disclosed, which conceivably could include usernames and passwords of users or other data stored in server memory.
The vulnerability was discovered on April 7 and announced on April 8.
If you are a fully managed client and was not contacted yet, it means you are not under any risk.
If you are managing your own applications/services or part of the Digital Edge private or hybrid cloud, Digital Edge will assist you with upgrading vulnerable libraries.
If you have questions please contact our security team sending an email to support@digitaledge.net.
Thank you
Digital Edge
Fasten your IT seatbelts - eCommerce is growing!
Online purchasing Issues, Site performance lagging, Incomplete transactions during checkout, Site timeouts & glitches, Double charges, Site downtime!
Sound familiar? The Digital Edge End-to-End E-commerce Solution may be the answer for your growing business. We take full responsibility of problems just like these. For a limited time, you can try some of the best features from The Digital Edge End-to-End E-commerce Solution for FREE!
Whether you already have a functional e-commerce platform and just need help with monitoring OR you are a growing business that needs e-commerce functionality all together – Digital Edge can act as a dedicated team that:
- Maintains site stability
- Prepares for new implementations
- Preserves PCI compliance
- Optimizes Analytic tools
- Stays on top of all new innovations
… And more!
According to a Forbes study, Amazon experienced downtime of just two hours; resulting in $3.48 million of loss revenue! You know how vital your website is to your business. Get a firm grip on stability!
For details on how Digital Edge has been working e-commerce sites since 1998 here.
Register here to try out the Digital Edge End-to-End E-commerce Solution FREE!
NOW OFFERING!
FREE single performance troubleshooting and optimization with one year of contract for private or hybrid cloud services.
FREE assistance to migrate your e-commerce solution to our public or hybrid cloud.
FREE 60 days for any VM servers with 2 year contract.
FREE security assessment.
We Pledge to Continue Hiring Veterans
Digital Edge is pleased to announce our newest partnership with the Department of Defense’s employment initiative: Hero 2 Hired (H2H)!
The H2H organization is more than another virtual job database, this organization is on a mission to say “thank you” to members of the National Guard, Reserve Component and Military Spouses by leading them toward real careers. Because employing veterans and their families has been an essential part of our hiring strategy, this Yellow Ribbon Reintegration Program directly mirrors the Digital Edge value!
We view the IT services industry as an excellent career transition for military affiliates. International active duty service members and veterans presently account for 7% of the Digital Edge staff. It is with great privilege and honor that we continue to recruit the men and women who have dedicated their lives to protecting our nation’s freedom.
We provide our veteran military staff with the training and advancement opportunities needed to continue their careers. Digital Edge values and welcomes the limitless contributions our veterans bring into the workplace. As our government continues to emphasize the importance of employing veterans, there is no better time to form this valuable partnership. With our new H2H alliance, we hope to deepen our commitment to HIRING OUR HEROES and encourage other organizations to do the same.
Digital Edge has developed partnerships with the following military support groups:
- U.S. Chamber of Commerce
- Hero 2 Hired
- Hiring Our Heroes
- National Guard
- Coalition to Salute America’s Heroes
- Employer Support of the Guard and Reserve
- Wounded Warrior Project
- HireVeterans.com
- American GI Forum
Visit the Hero 2 Hired website for more information this initiative at www.H2H.Jobs.