Security

Implementing Solutions to Safeguard Sensitive Data

April 18, 2024
In January, we were alerted by one of our vendors, Karros Technologies, regarding a potential vulnerability in its email verification services. The vulnerability, discovered by a white-hat security research firm, allowed a bypass of authentication controls that could potentially allow access to areas of the back-end infrastructure, including monitoring dashboards containing customer information.   No …

Implementing Solutions to Safeguard Sensitive Data Read More »

How Teamwork Keeps Our Data Safer

April 18, 2024
In September, we were alerted by an exposure management company regarding a potential vulnerability relating to the configuration of an endpoint in Parent Portal.  We immediately investigated the issue and determined that the information potentially exposed consisted of encrypted passwords (i.e., unusable credentials), school and district names, and directory-type information. However, given that the configuration …

How Teamwork Keeps Our Data Safer Read More »

Log4J (2021/2022) Exploits and Review

April 18, 2024
[Updated 01/05/2022] Edulog has continued to investigate the Log4J vulnerability since Friday, December 10. Currently we have reviewed the following vulnerabilities CVE-2021-44228 CVE-2021-45046 CVE-2021-44832 CVE-2021-45105 CVE-2021-4104 The current results of our investigation have shown that Edulog software does not use the affected software versions or configurations. The main Edulog products that are not impacted include: …

Log4J (2021/2022) Exploits and Review Read More »