In the wake of recent news highlighting national security risks associated with the sale of service member data, it’s imperative to reiterate our unwavering commitment to safeguarding the privacy and integrity of service members’ information at Quandis Military Search (QMC). Our automated service ensures that no Quandis employees are involved in data processing, and it strictly caters to customers who have a legitimate financial relationship with service members, solely for SCRA and MLA compliance. The security measures in place exceed Department of Defense standards, emphasizing our dedication to data protection. As national security concerns loom large, our focus remains firmly on ensuring the responsible and secure handling of service member data in alignment with the highest ethical and legal standards.
Protecting Service Member Data Amidst National Security Concerns
/in Uncategorized /by epatrickIn the wake of recent news highlighting national security risks associated with the sale of service member data, it’s imperative to reiterate our unwavering commitment to safeguarding the privacy and integrity of service members’ information at Quandis Military Search (QMC). Our automated service ensures that no Quandis employees are involved in data processing, and it strictly caters to customers who have a legitimate financial relationship with service members, solely for SCRA and MLA compliance. The security measures in place exceed Department of Defense standards, emphasizing our dedication to data protection. As national security concerns loom large, our focus remains firmly on ensuring the responsible and secure handling of service member data in alignment with the highest ethical and legal standards.
HTTP/2 Rapid Reset Vulnerability: Quandis Not Affected, Cloud providers have remediated
/in Uncategorized /by epatrickVulnerabilities in the HTTP/2 protocol were recently announced a per CVE-2023-44487.
Quandis uses cloud services from AWS, Azure and Google.
These cloud providers have remediated the HTTP/2 issue as per the links below.
Our web applications are hosted in AWS which are fronted by AWS Application Load Balancers, and AWS has remediated the HTTP/2 issue.
MOVEit Transfer Vulnerability: Quandis Not Affected
/in Uncategorized /by wcoulterQuandis is not impacted by the MOVEit Transfer vulnerability flagged by CVE-2023-34362 as we do not use the product.
Silicon Valley Bank (SVB) and Signature Bank failures: Quandis Not Affected
/in Uncategorized /by wcoulterThe recent failure of SVB and Signature Bank does affect Quandis or QBO-based systems.
Quandis does not have a relationship with either bank and none of our cloud service providers are impacted ( AWS, Microsoft, Google )
Okta/Sitel breach: Quandis Not Affected
/in Uncategorized /by epatrickThe recent security breach at Okta’s via their partner Sitel does not affect Quandis or QBO-based systems. Quandis does not use Okta’s IDP platform.
Apache Log4j2 Vulnerability: Quandis Not Affected
/in Uncategorized /by epatrickQuandis is not impacted by the Apache Log4j2 vulnerability flagged by CVE-2021-44228.
Apache Path Normalization Vulnerability: Quandis Not Affected
/in Uncategorized /by epatrickQuandis is not impacted by the Apache path normalization vulnerability flagged by CVE-2021-41773 and CVE-2021-42013. Quandis does not use Apache servers.
Kaseya VSA Software Vulnerability: Quandis Not Affected
/in Uncategorized /by epatrickQuandis does not use Kaseya VSA Software, and as such, we are not affected by the recent ransomware attacks.
Please forward any detailed questions to compliance@quandis.com.
Pulse Secure Connect Vulnerability: Quandis not Affected
/in Uncategorized /by epatrickQuandis does not use Pulse Secure Connect, and is not directly affected by the recently announced vulnerability. No third party data source that Quandis uses is known to use it either. However, the Department of Defense is still evaluating the impact of this vulnerability, so we do not yet have positive confirmation that DMDC (used by QMS) is unaffected.
Please forward any detailed questions to compliance@quandis.com.
SolarWinds Orion breach: Quandis not affected
/in Uncategorized /by epatrickQuandis does not use the SolarWinds Orion software platform, and is thus not affected by this breach. We have also verified that our monitoring partners are also not affected by this breach.
Please forward any detailed questions to compliance@quandis.com.