Security

Fraudulent Emails Sent to Clients

Edulog has been made aware of bad actors impersonating Edulog staff in an attempt at fraudulent activity, namely requesting the set-up of up a direct deposit account. These requests are NOT coming from Edulog systems but are being generated from outside sources with addresses that appear to be our own at a casual glance. If […]

Fraudulent Emails Sent to Clients Read More »

Implementing Solutions to Safeguard Sensitive Data

In January, we were alerted by one of our vendors, Karros Technologies, regarding a potential vulnerability in its email verification services. The vulnerability, discovered by a white-hat security research firm, allowed a bypass of authentication controls that could potentially allow access to areas of the back-end infrastructure, including monitoring dashboards containing customer information.   No

Implementing Solutions to Safeguard Sensitive Data Read More »

How Teamwork Keeps Our Data Safer

In September, we were alerted by an exposure management company regarding a potential vulnerability relating to the configuration of an endpoint in Parent Portal.  We immediately investigated the issue and determined that the information potentially exposed consisted of encrypted passwords (i.e., unusable credentials), school and district names, and directory-type information. However, given that the configuration

How Teamwork Keeps Our Data Safer Read More »

Log4J (2021/2022) Exploits and Review

[Updated 01/05/2022] Edulog has continued to investigate the Log4J vulnerability since Friday, December 10. Currently we have reviewed the following vulnerabilities CVE-2021-44228 CVE-2021-45046 CVE-2021-44832 CVE-2021-45105 CVE-2021-4104 The current results of our investigation have shown that Edulog software does not use the affected software versions or configurations. The main Edulog products that are not impacted include:

Log4J (2021/2022) Exploits and Review Read More »