Support • (786) 621-8600 Contact us
Demo

Recent Posts

An Update on Meltdown and Spectre: What You Need to Know Now

It’s been about a week now since Meltdown and Spectre.

Here’s  what you need to know:

There are no confirmed threats out in the wild being exploited right now. However, for Windows 8 or 10 most fixes to applications, AV and the OS kernels, require either a manual update or hacking your registry. Thus, Windows 7 does not have the update automatically come in yet. MacOS is resolute, upgrade to Sierra to patch Spectre; but if you want Meltdown protections at the kernel you must update your OS to High Sierra 10.13.2.  See the article here.

 

What You Can Do

After a fair amount of research and grinding, Microsoft has released a tool you can run in Powershell. However, thanks to Microsoft user Andy Bentley, who has compiled an executable you can use to check the update.

You can download the verification tool here and use version 20 or 30 for Windows 7, 8 and 10.

Below is a screenshot of an unverified system once this script or executable has been run.

Windows 7

For Windows 7,  download the appropriate version of the update for your system from Microsoft’s update catalog

Once applied and your system restarts, check your system again with the script above. When completed, you should see the following on your system that is now patched:

Windows 8 or 10

For Windows 10 there is an automatic update which requires you to change the registry that will allow automatic updates to show as an out of band patch.

The keys to add and remove automatic updates on Windows 8 or 10 are below:

To enable the fix *

  • reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management” /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
  • reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management” /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
  • Restart the computer for  changes to take effect.

To disable the fix *

  • reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management” /v FeatureSettingsOverride /t REG_DWORD /d 3 /f
  • reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management” /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
  • Restart the computer for changes to take effect. (There is no need to change MinVmVersionForCpuBasedMitigations.)

There’s also a script you can download from Cylance to simplify the registry edits needed. Please note that this requires you have a Cylance account for support.

Once the registry is updated and the Windows 8 or 10 computer has been rebooted, simply check for available updates. Once completed, verify using the above script to ensure the updates applied have taken effect.

You can also manually download Windows 8, 10 and server updates from Microsoft’s Update Catalog.

Finally, beware that if your AV vendor is not compatible, the registry update could bluescreen your windows pc/server.

Stay Safe! We hope this information helps our community.

###

 

Meltdown and Spectre: If you aren’t monitoring your firmware, now would be good time to start.

So, by now you have heard that a flaw present in most modern Computer Processing Units (CPU) produced in the last decade will require operating system (OS) kernels and system firmware to be overhauled. This flaw is easily exploitable to obtain information from databases, applications and processes running on the system due to the way the CPUs pre-process instructions and access system memory.

The immediate fix is to update the different OS kernels and applicable firmware. However, some security experts are

suggesting that the only real fix is to replace all CPU’s as the only mitigation. In any case, this presents a serious operational challenge to all organizations, including cloud service providers. For example, Azure, AWS and Google have notified customers of major ongoing security updates in the upcoming weeks related to this issue.

And not all devices can be updated. All Apple devices are vulnerable at this time but the kernel fixes will only apply to the latest IOS, macOS and tvOS operating systems. Devices that cannot run the latest OS versions will remain vulnerable.

It is also important to note that there are some needed changes in antivirus tools to properly inspect virtual memory and access. In addition, organizations must now continuously monitor their environments to ensure they are running the latest OS kernel and firmware combinations.

So now what?

First of all, reports indicate that no known exploits have been found at this time. But that just means that none have been detected or seen by security companies or organizations.   In fact, the disclosures include proof-of-concept code that is probably being tested by bad actors as you read this.

Second, OS kernel changes will be a software level change, meaning that the underlying hardware will likely remain vulnerable unless firmware patches are released by the hardware manufacturers and OEMs. In fact, security analysts fear that many cheap IoT devices will never be updated.

This will remain a critical issue for months or years to come because of the sheer amount of hardware that needs to be properly inventoried, updated, monitored and potentially replaced to really enact a proper remediation. Visibility will be key in knowing not only what clean-up has been done, but also what remediation is still needed.

DigitalEra partner Trapezoid offers tools to help. Here’s how:

1)    Trapezoid’s Firmware Integrity Verification Engine (FIVE) is designed to continuously monitor the firmware regardless of manufacturer or OEM.

2)   Trapezoid FIVE can maintain an inventory of hardware platforms and firmware revisions over time to detect whether your systems are threatened by this critical vulnerability, and others like it.

3)   Trapezoid can leverage multiple integrity measurement technologies from different OEM’s to identify changes that could be indicators of compromise, and remotely attest to the integrity of your systems.

###

For more information on these threats and Trapezoid solutions, contact us at sales@digitaleragroup.com.

 

Some links for additional information on Meltdown and Spectre:

https://isc.sans.edu/forums/diary/Spectre+and+Meltdown+What+You+Need+to+Know+Right+Now/23193/

https://www.kb.cert.org/vuls/id/584653

Digital Logistix Partners With LogRhythm to Deliver World Class Security Intelligence

Partnership Delivers LogRhythm’s Patented, Award-winning Platform and Cybersecurity Technologies to Digital Logistix Clients.

MIAMI, FL – August 21, 2017:  Digital Logistix, a premier IT security technology distributor and managed services provider and wholly owned subsidiary of DigitalEra Group, LLC, has announced its partnership with LogRhythm, a security intelligence company and leader in Threat Lifecycle Management. Digital Logistix will make LogRhythm’s advanced suite of tools available to their partners in the Caribbean and Latin America.

“LogRhythm’s advanced technologies are best-in-class for protecting organizations from the growing number of sophisticated hackers and threats bombarding government agencies, for-profit and non-profit organizations everywhere,” said Patrick Dyer, President and CEO of Digital Logistix. “We’re thrilled to partner with LogRhythm to deliver these powerful solutions to our clients.”

Among LogRhythm’s award-winning solutions:

LogRhythm’s Threat Lifecycle Management (TLM) is a framework that puts organizations ahead of attackers by providing an end-to-end security workflow that combines people, process, and technology. TLM’s highly effective and efficient workflows sort through the noise to highlight and investigate high-priority threats.

LogRhythm’s Log Management is a ready-to-go log management solution that helps organizations uncover actionable data and identify useful insights. The solution’s Machine Data Intelligence (MDI) Fabric classifies and contextualizes the structure every log message, providing deep intelligence into over 785 unique data source types. The net: greater search accuracy, accelerated decisions and the ability to enforce continuous compliance.

LogRhythm’s next-gen SIEM is a unified platform that modernizes security operations with big-picture visibility and actionable intelligence. Leveraging machine learning and other techniques, LogRhythm’s SIEM reveals advanced threats otherwise unnoticed. It is distinguished as SIEM leader in Gartner’s Magic Quadrant.

“LogRhythm is excited to continue our expansion into the Caribbean & Latin American marketplace by establishing this strategic partnership with Digital Logistix, a forward-thinking, trusted cybersecurity company that will deliver incremental reach and an exceptional cybersecurity skillset to our organization & customers,” said Rudy Piekarski, VP of Sales LATAM for LogRhythm. “Digital Logistix will play an essential role in delivering LogRhythm’s Threat Lifecycle Management platform to enable LATAM customers to rapidly detect, respond to and neutralize damaging cyberthreats.”

About Digital Logistix and LogRhythm:

Digital Logistix, a wholly owned subsidiary of DigitalEra Group, LLC, is a leading distributor of network and cybersecurity products and services, serving major business, education and governmental agencies throughout the Caribbean and Latin America. In addition to access to the most sophisticated and effective security products, DigitalLogistix provides expert guidance on use as well as ongoing security counsel and insights that help their clients prevent security breaches and mitigate threats. For more information, visit: www.digitallogistix.com. For partnering inquiries with Digital Logistix, contact us here.

LogRhythm, a leader in Threat Lifecycle Management, empowers organizations around the globe to rapidly detect, respond to and neutralize damaging cyberthreats. The company’s patented award-winning platform unifies next-generation SIEM, log management, network and endpoint monitoring, user entity and behavior analytics (UEBA), security automation and orchestration (SAO) and advanced security analytics. In addition to protecting customers from the risks associated with cyberthreats, LogRhythm provides compliance automation and assurance, and enhanced IT intelligence. For more information, visit: www.logrhythm.com.