December 2012

Digital Defense Discovers Zero-Day Vulnerability on VMware®

San Antonio, TX – December 19, 2012 – Digital Defense, Inc. (DDI), a leading provider of managed cloud-based security risk assessments, announced another zero-day finding, discovered by the company’s Vulnerability Research Team (VRT). The vulnerability resides in both the VMware® View Connection Server and the View Security Server. A remote unauthenticated attacker can use this weakness to retrieve arbitrary files from the affected server's underlying root file system. This security issue was revealed using DDI’s patent-pending vulnerability scanning technology.

We applaud VMware for their collaboration and rapid response in developing a solution for the issue in the form of an upgrade, which is available through their website.

Previously unknown software flaws, or zero-day vulnerabilities, continue to be one of the biggest threats an organization can face. A single exploited vulnerability in one computer or network can be devastating, resulting in severe losses to an organization’s reputation and bottom line.

DDI’s VRT has the unique capability to identify and disclose these vulnerabilities.  This Decisive Security Intelligence  is improving the security posture of organizations across the globe. The VRT has released multiple vulnerability disclosures, including those within widely used platforms.

Gordon MacKay, Chief Technology Officer at DDI states, “Our VRT is vigilant in our quest to root out any flaws that pose a danger to our clients. In addition to proactively mining data to expose potential threats, we listen to our clients and investigate identified issues, which may reveal these previously unknown vulnerabilities."

SecurED Webinar: Tuesday, Dec. 11th - 1pm Central

If you missed our last SecurED webinar, register for the December 11th session and kick-start your security awareness program with an innovative, fun and high impact approach to security training! Register Now!

November 2012

Digital Defense Offers FREE SecurED Training Video - Learn More!

Digital Defense and Veracode Webinar: Crafting Super-Powered Risk Assessments, November 14th, 1 PM - ET

Want to learn how to Craft Super-Powered Risk Assessments? Join the webinar on Wednesday, November 14th at 1 pm ET. Gordon MacKay EVP and CTO of Digital Defense Inc., and Chris Wysopal CTO and Co-Founder of Veracode discuss the benefits and challenges facing network and application risk assessment methods. They will present how to combine these two methods for a super-charged risk assessment program.  Don't miss this valuable presentation.  Register today!

October 2012

Digital Defense SecurED™ Training Helps Organizations Reduce Risk of Information Security Breaches through Increased Employee Security Awareness

San Antonio, TX – October 25, 2012 – Digital Defense, Inc. (DDI), a leading provider of managed cloud-based security risk assessments, is garnering attention for their new, innovative security awareness program,SecurED™, which offers an engaging and fun approach to training that in the past may have been considered routine and dull.

Digital Defense's Mark Bell Awarded US Patent For Cyber Security Computer Network Defense Training And Certification Method

San Antonio, TX – October 11, 2012 – Digital Defense, Inc. (DDI), a leading provider of managed security risk assessment solutions, announces the issuance of U.S. Patent No.8,266,320 to Mark Bell, Executive Vice President, Operations and others for the early design of a training system for computer network defense. This cyber defense training system is the first-of-its-kind training system and has been accepted as the national standard for cyber defense and security training, certification and competition. Most notably, it is now the test foundation for the national competition, CyberPatriot, where high school student teams compete to test their knowledge and practice of information security and cyber competency using real-world exercises.

Novell® Vulnerability Discovered By Digital Defense

San Antonio, TX – October 4, 2012 – Digital Defense, Inc. (DDI), a leading provider of managed cloud-based security risk assessments, discovered a previously undocumented vulnerability which affected multiple Novell GroupWise® agents. The HTTP interfaces for the GroupWise agents are vulnerable to an arbitrary file retrieval condition due to a failure to properly filter certain crafted directory traversal sequences. A malicious attacker could potentially leverage this flaw to retrieve files with the privileges of the vulnerable agent(s). DDI immediately notified Novell of the finding and an alert including a patch to remediate the issue was issued by Novell. This security issue was revealed using DDI’s patent-pending vulnerability scanning technology.

September 2012

Securing Personally Identifiable Information: Digital Defense And Austin Travis County Integral Care Announce Release Of Powerful Case Study

San Antonio, TX – September 6, 2012 – Digital Defense, Inc. (DDI), a leading provider of managed security risk assessment solutions, has worked closely with Austin Travis County Integral Care (ATCIC), a provider of community-based behavioral health and developmental disabilities services, to protect important healthcare information as required by regulations such as Health Information Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH).

July 2012

Digital Defense Conducts Complimentary Cyber Security Seminars

San Antonio, TX –July 31, 2012 – Digital Defense, Inc. (DDI), a leading provider of managed cloud-based security risk assessments, headquartered in San Antonio, announced the dates of their annual Cyber Security Seminars. This year’s events will be held on August 8th and September 26th and feature presentations by DDI’s executive team, national thought leaders in the information security industry.

Digital Defense Demonstrates Extensive Experience As PCI ASV: Facilitates Compliance While Fostering Culture Of Security

San Antonio, TX – July 17, 2012 – Digital Defense, Inc. (DDI), a leading provider of managed, cloud-based security assessment solutions announced the company’s notification from the Payment Card Industry (PCI) Security Standards Council (SSC) that it has once again been certified as a PCI Approved Scanning Vendor (PCI ASV).

June 2012

Digital Defense Previews SecurED™, an Innovative Security Awareness Education program, at Gartner Security & Risk Management Summit 2012

San Antonio, TX – June 8, 2012 – Digital Defense, Inc. (DDI), a leading provider of managed cloud-based security assessments has announced a high impact security awareness program, SecurED™, developed to reduce the risk for security breaches within organizations.

Digital Defense And Veracode Unite To Deliver Powerful Security Risk Assessment Solutions

San Antonio, TX – June 7, 2012 – Digital Defense, Inc. (DDI), a leading provider of managed cloud-based security assessment solutions, and Veracode, Inc., provider of the world’s only independent cloud-based application risk management platform, announced the completion of integration between their respective cloud-based platforms enabling the delivery of new breakthrough Security Risk Assessment solutions. DDI and Veracode will preview the offering at the Gartner Security & Risk Management Summit June 11th – 14th.

May 2012

Digital Defense Identifies Vulnerability On Epicor® Software Interface

San Antonio, TX – May, 16, 2012 – Digital Defense, Inc. (DDI), a leading provider of managed cloud-based security assessments, announced the organization’s discovery of a blind SQL injection vulnerability in the Epicor Returns Management software SOAP interface. Left unremediated, this vulnerability could potentially be leveraged by an attacker to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques. Additionally, an attacker may be able to exploit this flaw to compromise the database server host operating system.

April 2012

ACTi and TwonkyTM Directory Traversal Vulnerabilities Disclosed by Digital Defense

San Antonio, TX – April 30, 2012 – Digital Defense, Inc. (DDI), an industry leader of managed, cloud-based security assessments and advanced vulnerability management solutions, discloses directory traversal vulnerabilities in two different products, the ACTi Web Configurator 3.0 and the PacketVideo TwonkyServer and TwonkyMedia software. The previously unknown flaws – zero-day vulnerabilities – can allow unauthenticated remote attackers to gain access to restricted files which may contain passwords or other private information, compromising an organization’s security. DDI immediately notified both companies about the vulnerabilities, which have been addressed by the organizations. Further detail can be found on the DDI Labs Blog.

March 2012

Digital Defense Partners With BSides Texas To Become First Statewide Sponsor

San Antonio, TX – March 28, 2012 – Digital Defense, Inc. (DDI), a leading provider of managed cloud-based security assessment solutions, has announced a state sponsorship of BSides Texas, a venue for information security professionals that creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. BSides Austin is scheduled for April 12th -13th, while the Dallas-Ft. Worth event will be held November 3rd.

GVTC Engages Digital Defense To Safeguard Critical Networks

San Antonio, TX – March 8, 2012 – Digital Defense, Inc. (DDI), a leading provider of managed cloud-based security assessment solutions, has announced an ongoing partnership with GVTC Communications, an established and recognized communications services provider, to help secure the company’s business operations network.

February 2012

Digital Defense's Frontline™ 5.0 Spurs Rapid Vulnerability Remediation via Cloud Community Competition

San Antonio, TX – February 20, 2012 – Digital Defense, Inc. (DDI), a leading provider of managed cloud-based security assessments, announced the upcoming release of Frontline™ Solutions Platform (FSP) Release 5.0, an eagerly awaited enhancement of the organization’s online proprietary vulnerability management system. The launch, scheduled for March, will preview at the RSA Conference 2012 in San Francisco.

January 2012

SolarWinds® Vulnerability Disclosed By Digital Defense

San Antonio, TX – January 31, 2012 – Digital Defense, Inc. (DDI), a leading provider of managed cloud-based security assessments, disclosed a vulnerability within the LoginServlet page of the SolarWinds Storage Manager Server. This flaw could allow an attacker to extract sensitive information from the backend database using standard SQL injection exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host operating system. DDI immediately notified SolarWinds of the finding.

Digital Defense Discovers Previously Unknown Vulnerability Within HP JetDirect Embedded Web Server

San Antonio, TX – January 9, 2012 – Digital Defense, Inc. (DDI), a leading provider of managed cloud-based security assessments, announced the organization’s identification of a vulnerability within the embedded web server on the HP JetDirect Printer. This flaw could allow an attacker to see files that have been recently printed, capture credentials from the system, or conduct other malicious acts. DDI immediately notified HP of the finding.