Wellpepper Support

Archive for Wellpepper Support

Wellpepper Security Bulletin April 14, 2017: Unplanned Critical Maintenance

Update 4/16/17: Issues have been mitigated, maintenance is now complete.


On April 14, a batch of Windows-targeting exploits, including several suspected 0-day exploits, were released by Shadow Brokers. We have no reason to believe that any Wellpepper systems were targeted or affected. Most of the exploits target the SMB file sharing protocol, which our firewalls block. Additionally, most of Wellpepper’s infrastructure is Linux-based, and is unaffected. However, we do have some Windows systems (fully patched) in our environment that support non-critical functions. Out of an abundance of caution, we are temporarily suspending these systems until the risks are better understood and properly mitigated as needed. 

As a result, the following features will be offline until further notice:

  1. Uploading images or videos attached to secure messages
  2. PDF Export in the iPad Clinic App

We are working hard to deploy workarounds for these issues where possible. All other Wellpepper functions, including sending/receiving secure messages, and image/video upload for tasks are operating as expected.

Currently, there is not comprehensive information on these exploits. We will be monitoring news sources and updating as information is available.

  

We will update this blog entry by April 17th with additional information on any impact. If you have any questions about your Wellpepper deployment, please contact Wellpepper Support.

 

Mike Van Snellenberg, Wellpepper CTO

Posted in: Security, Wellpepper Support

Leave a Comment (0) →

Wellpepper Security Update: Shellshock Vulnerability Patch

On Sep 24, a critical security advisory was posted about CVE-2014-7169 (a.k.a “shellshock”), a vulnerability in bash shell which affects many unix-variant systems including Linux and MacOS. Wellpepper uses linux systems as part of our cloud service. As of 10:00 AM PDT this morning (Sep 25), we have validated that all of Wellpepper’s systems have been patched against this vulnerability. We are unaware of any current network exploits that affect our systems (we do not use cgi-bin, for example), and we see no evidence of any unauthorized access attempts to our systems. There is no action required for Wellpepper customers – your data is safe and secure.

For others working on patching systems, the Register has posted some good background information and guidance here: http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/

For your own personal devices and computers running Mac OSX, do not connect to public networks until Apple issues a patch.

Mike

CTO, Wellpepper

Posted in: Wellpepper Support

Leave a Comment (0) →
Google+