Skip to content

Level up your digital security defenses with ESET Endpoint Security

Our flagship solution, ESET Endpoint Security, provides powerful multilayered protection for desktops, laptops and smartphones for businesses of all sizes. It is an essential component in any modern business’ digital security toolkit.

With cyber threats continuing to rise in prominence, a single layer of defense is no longer enough. ESET Endpoint Security’s multilayered defense means it can detect malware pre-execution, during execution and post-execution to provide the highest level of protection possible. This helps businesses protect against the scourge of ransomware, block targeted attacks, prevent data breaches, and detect advanced persistent threats (APTs).

Why ESET Endpoint Security should be on your radar

In its recent Mobile Security Management (MSM) Market Radar report, respected analyst group Omdia highlighted why buyers should put ESET Endpoint Security on their radar. “The dominance of more mobile-centric work styles has increased the priority that businesses are attaching to mobile security. ESET Endpoint Security helps businesses ensure that data and access to sensitive internal networks and apps are protected across all the devices used by employees,” said Adam Holtby, Principal Analyst, Mobile Workspace at Omdia.

Omdia referred to the fact that customers value ESET’s threat detection capabilities, its light technology footprint, and the cost-effectiveness of the solution. It also highlighted that ESET Endpoint Security’s device management features enable admins to remotely carry out tasks from a single pane of glass. This includes being able to define password and screen lock policies, lock devices, prompt employees to encrypt devices, and block hardware capabilities and features such as cameras, Bluetooth, and Wi-Fi.

Protection can also be extended via ESET Cloud Mobile Device Management (Cloud MDM) which is an add-on feature native to the ESET PROTECT Cloud – an ESET SaaS delivered management console for Android and iOS. As an agent-less solution, it does not run directly on the device, saving battery and enhancing security performance. Furthermore, connection certificate management is also handled by ESET, so IT admins don’t have to worry about certificate renewals or being compliant with the latest security standards.

Reducing the attack surface

It is important that businesses of all sizes level up their digital security defenses. Although it is not possible to prevent all attacks on a network, by reducing the attack surface along with the employment of preventive measures such as speedy patching, careful system configuration, fastidious monitoring, and periodic health checks, it is possible to mitigate the effects.

ESET Endpoint Security is here to help. Its multi-tenant management console provides admins with real-time visibility of all the smartphones, servers, and desktops within the business. The most recent iteration includes a new auto-update mechanism to ensure defenses are always up to date. This helps lighten the burden on increasingly time-poor IT admins.

It also links with ESET LiveGuard Advanced to analyze suspicious files within the cloud, zero day threats and never-before-seen threat types through machine learning detection algorithms. On top of this, it boasts new functionality to help admins better defend their businesses in the remote work era thanks to Brute-Force Attack Protection blocking external IP addresses that exhibit the characteristics of an oncoming brute-force attack on remote desktop protocol (RDP) logins.

Protect the remote worker

In a move to further protect the remote worker, ESET Endpoint Security is now compatible with ARM64, the processor that dominates the mobile device market. ESET Endpoint Security protects remote workers through a new web control feature in ESET PROTECT, that allows IT admins to regulate employees’ access to suspicious websites from their mobile devices. Using built-in categories and custom rules, admins can blacklist, whitelist, or warn about URLs that lead to sites with harmful content or that can negatively impact employee productivity.

To learn more about ESET Endpoint Security and how it can support the needs of businesses looking to empower an increasingly mobile workforce, please click here.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Finding MegaRAC BMC assets on your network

Earlier this week, researchers with Eclypsium shared findings on three vulnerabilities present in American Megatrends (AMI) MegaRAC firmware. MegaRAC can be found in many server manufacturers’ Baseboard Management Controllers (BMCs), including AMD, Ampere Computing, ASRock, Asus, ARM, Dell EMC, Gigabyte, HPE, Huawei, Inspur, Lenovo, Nvidia, Qualcomm, Quanta, and Tyan. Successful exploitation of these vulnerabilities can provide an attacker with remote code execution, an administrative shell, and user enumeration. Given American Megatrend’s broad reach across server manufacturers and models the number of systems with vulnerable MegaRAC BMC firmware could be quite large.

What is the impact?

These vulnerabilities are scored as CVSS “critical” and “high” severities, and the reported vulnerability details include:

  • CVE-2022-40259 (CVSS “critical” score of 9.9) – Remote code execution via Redfish API; requires initial access to an account with callback privileges or higher
  • CVE-2022-40242 (CVSS “high” score of 8.3) – Administrative shell via default credentials
  • CVE-2022-2827 (CVSS “high” score of 7.5) – User enumeration via API request manipulation

The Eclypsium report does mention that public exposure of vulnerable BMCs appears to be “relatively low compared to recent high-profile vulnerabilities in other infrastructure products.” That said, data centers where many similar servers exist -–including data centers providing cloud-based resources-– could yield many opportunities for an attacker who has attained access, and detection of BMC exploitation can be “complex” and is likely to be missed with traditional EDR/AV.

Are updates available?

While American Megatrends has not made a security advisory available at the time of this publication, owners and administrators of systems with MegaRAC BMC firmware should check with their server manufacturers for patched firmware updates.

Mitigations are offered in the Eclypsium report (see the “Mitigations” section), including (but not limited to) the following suggestions:

  • Ensure that all remote server management interfaces (e.g. Redfish, IPMI) and BMC subsystems in their environments are on their dedicated management networks and are not exposed externally, and ensure internal BMC interface access is restricted to administrative users with ACLs or firewalls.
  • Review vendor default configurations of device firmware to identify and disable built-in administrative accounts and/or use remote authentication where available.

How do I find potentially vulnerable MegaRAC BMC assets with runZero?

From the Asset Inventory, use the following pre-built query to locate BMC assets running MegaRAC firmware which may need remediation:

type:"BMC" and (hw:"MegaRAC" or os:"MegaRAC")
The prebuilt query is available in the Queries Library

You can also locate all BMC assets in your environment by searching your Asset inventory for type:"BMC", which can then be triaged further.

As always, any prebuilt queries are available from our Queries Library. Check out the library for other useful inventory queries.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

Thriving as an app security engineer: 6 reasons to work in cybersecurity

Although the application security (app sec) role can seem the same in every industry, it’s not. Businesses operating in general industries offer fewer possibilities for comprehensive professional growth than security-focused companies. That was the case for Marvin Petzolt, a Senior Application Security Engineer at Nord Security, who jumped from an application security engineer role at a music-sharing business to a security-oriented company. Let Marvin tell us in his own words what factors make app sec professionals thrive at our company.
Marvin Petzolt, Senior Application Security Engineer at Nord Security

#1 You make an impact

Many people, including me, enjoy working at a place where you can make an impact. As an app security engineer at Nord, I can influence security design and the implementation of some of the greatest cybersecurity products in the industry – NordVPN, NordPass, NordLayer, and NordLocker. By ensuring high-security standards for each product, I contribute to building meaningful, user-friendly, and security-centric consumer solutions valued by millions of people and businesses worldwide.

However, having a tangible impact on security products is not the only way I can make a difference. My security recommendations and guidelines are also taken into account when improving business operations or team workflow. For example, when I joined the Application Security Team, we would be notified of upcoming Nord product updates mainly via our automatization and notification bots. However, this approach left us very little time between security testing of the upcoming feature and release to production, which naturally increased pressure on the team.

So I initiated the concept of security product owners, establishing a bi-directional exchange between a specific Nord product and the Application Security team. This concept allowed us to improve communication between developers, team leads, and the Application Security team.

We’re now notified about upcoming changes significantly earlier, leaving us enough time for all the necessary app security tests.

#2 You can reach your full professional potential

The truth is that being an application security specialist in the general industry doesn’t let you reach your full professional potential due to the limited app security cases and tasks you’re working on. This was one of the key reasons why I left a promising application security engineer role at one of the best-known music-sharing companies. There I was securing mainly one app, so the security issues that challenged me were limited.

I wanted to face different app security cases, advance my career, and concentrate more on technical work, security design, and cryptography – things I’m passionate about.

A security-focused company like Nord Security, with its wide range of applications and potential for different security cases, seemed like a natural solution to fulfill all these goals.

#3 You work with meaningful products and interesting challenges

At Nord Security, I’m contributing to building meaningful products – such as NordVPN, NordPass, NordLayer, and NordLocker – that secure people and businesses online.

Most of the time, I focus on cryptography, security architecture, and low-level, client-side implementations. I perform occasional design reviews, threat model sessions, pentesting of features and release candidates, and security code reviews.

Still, my tasks are pretty diverse and depend on what I want to work on. One day I might look into NordLocker’s architecture and how it will encrypt files in the future. The next day, I’ll focus on reviewing the code of NordVPN’s Meshnet feature, establishing a peer-to-peer connection between two endpoints to exchange data or route internet traffic to verify that it is implemented securely. I’ll sometimes also do a black-box security assessment on the NordPass Android release client.

#4 You work with an experienced team

Working in a security-centric company like Nord Security, you can be sure that you’ll always be guided by some of the best professionals in the cybersecurity field.

If you’re facing a challenging situation that is too difficult or complex for you to cope with on your own, the whole Application Security team comes in to help. The team member with the most experience assesses the issue based on severity and validity. If it’s valid, as a team, we determine how we can support in escalating this issue and jump in to help resolve it as fast as possible.

One of the most useful insights I have received from my team is that an app sec professional doesn’t have to know or be involved in all aspects of the team’s work. Application security has many subcategories and specializations, such as Windows Security, Linux Security, Android, and iOS security. It’s hard enough to keep up with one specialization, but keeping up with all of them is nearly impossible. So it’s OK not to be an expert in all of these technologies, and this is where you can rely on the other members of your team.

Another valuable tip – don’t over-complicate. Keep it user-friendly. The perfect security solution usually doesn’t exist or comes with a heavy impact on the user experience. Having a 32-character password requirement or providing your biometric authentication for every action you take on the app doesn’t help anybody. So it is important to focus on realistic threats and put minor theoretical risks aside for later.

Finally, my team taught me how important it is to keep the cryptographic systems simple. When designing a cryptographic system, the key is to keep it as simple as possible so that anybody can understand it and be able to securely extend this system. The more features and changes are added, the more complex the system becomes. That’s why it is necessary to redesign and realign the cryptographic design from the ground up to better fit the new requirements. If you don’t do that, you have a design that nobody understands. That makes it impossible to apply the necessary security and confidentiality measures.

#5 You are given opportunities to learn

If you’re just starting out in an app security position, coming from a slightly different field, such as web or cloud security, or simply want to learn more, even in a senior position, your team and the whole company will be there to help you grow.

If you’re a newbie, one member of your team will become your onboarding buddy, helping you to get up to speed with everything that is going on in the Application Security team. Additionally, you will be provided with a dedicated document leading you through your 30- and 90-day milestones and a checklist of all the tools and access you require to get started.

To keep our team performing at its best, we have knowledge-sharing sessions, pairing sessions, and daily standups. All this helps us stay updated on each other’s work, share best practices, and sharpen our skills in the app security field. As a team, we also have a Friday tradition of “self-allocated time” when we learn something new. What we choose to learn can be anything from technologies, reading blog posts, news articles, or methodologies. Did you ever want to learn how to develop iOS applications or do a CTF? Then self-allocated time is meant for that.

Collaboration with other teams also has a huge impact on advancing your expertise in app security. It improves your soft skills and teaches effective communication about the risks and severities of security issues. It also gives you a direct connection to developers, which means that they will come to you with questions and concerns during the development process. In turn, it gives you a unique inside look into the technical foundation of the developed software. Just like that, I learned new technologies and programming languages on the fly since they were required to understand the source code and implementation details.

At the company level, we have knowledge-sharing events. One such example is Tech Days, allowing our people to stay in tune with the latest tech and cybersecurity news, trends, and advancements.

Nord Security also offers a personal development budget that can be used for training or certifications, helping us improve in our field. Moreover, teams often visit various conferences, such as Black Hat, to keep a finger on the pulse of the latest in the field of information security.

Last but not least, everybody can have their own personal development plan. It helps me stay aligned with the overall goals of the security team and how my part might fit in the bigger picture. Personally, I would like to dive even deeper into security architecture and cryptography, so I have aligned this goal on my personal development plan in cooperation with my manager.

#6 You don’t have to convince everyone of the importance of security

As an app security specialist, you understand that security should be a top priority in every company. And if you ask a company about it, of course, they will indicate security is their number one priority but is this actually true? From my experience, you always end up arguing with product managers, product owners, and engineering managers about security improvements. Yet, in a company that has security as its main selling point, it becomes easier to motivate security changes and push people in the right direction.

All these reasons are why application security professionals thrive at Nord Security. If you also want to advance your career in this field, join the Application Security team in Lithuania, Germany, or remotely by applying HERE.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

The Dark Stuff – Tor – Continued

Intro

We talked about how to access the tor network, what it is, what a tor circuit and torrc file are, and other stuff. For this one, I’d like to focus on some of the core Tor concepts, as well as possible considerations, issues, weaknesses, risks inherent to Tor, and their appropriate management and mitigation.

Hidden services

This is basically just a relay that offers a web service or any other Internet service; A hidden service is a type of service that’s accessible only through a .onion URL, and its actual IP address is basically hidden behind the Tor circuit.

To host a hidden service, you need to install a web server or any other service you want to host; add this to your torrc file:

HiddenServiceDir /var/lib/tor/service


HiddenServicePort 80 <ip>:80

Tor will then generate a public-private key pair for your service, and it will write it to a file called private_key. It will also create a hostname file.

example –

/var/lib/tor/service/private_key                 


/var/lib/tor/hostname

The hostname file will have the name of your .onion address, as well as the information about your public key.

Obviously, to run a service such as this, you need to know what’s at stake, and if you’re doing it in the first place, you’re probably of the general idea to hide your IP; thus, you should appropriately harden your systems and take the risks into account.

This can be achieved in a myriad of ways, so I like to ponder these topics from a more general/high-level perspective. One possible way to isolate yourself is true virtualization and compartmentalization. Whoonix also comes to mind, as its double VMs setup makes all your traffic routed through the Whoonix gateway, and both of these systems are hardened and preconfigured out-of-the-box, of course, they should be reconfigured if necessary. This would be one example of how you might make it harder for attackers to figure out your real IP address.

However, I am not an expert on how to run hidden services, far from it, I just wanted to sort of ‘define’ them, so I can tie them into our whole narrative here.

Tor2web

Tor2web lets you access hidden service with a standard web browser. (No connection to the Tor network)

Basically, wherever you see a .onion URL, you can replace it with .onion.to, .onion.city, .onion.cab, .onion.direct, etc. Note that this is not anonymous, private or anything like that. This is just a way of accessing without connecting to the Tor network.

From the Tor2web site:

WARNING: Tor2web only protects publishers, not readers. As a reader installing Tor Browser will give you much greater anonymity, confidentiality, and authentication than using Tor2web. Using Tor2web trades off security for convenience and usability.

Tor – reflections – .onion URLs, stuff & risk

Since the darkweb is not indexed by the clearweb search engines finding/discovering hidden services can be difficult. Places where you can find the .onion links are usually Hidden Wikis, Twitter, Reddit, Pastebin, Github and internet forums. You should be able to google search for these links as well.

*A note on hidden wikis – there are many websites that claim to be the hidden wiki and the uncensored Tor hidden wiki – be mindful if/when clicking on here as you can’t always be sure where that exit node is leading to.

As you know, Tor is decentralized by nature, so there is no list of all hidden services, but there are hidden services whose task is to catalog those known .onion addresses.

Such as this.

There are also Torch, Sinbad, and other search engines, but it remains to you to decide how worthy they are.

While we’re on the topic, I’d like to point out that you should always be mindful of the potential risks you’re opening yourself to. Every action counts, and you should take necessary precautions, always.

A good way to illustrate this are the CTFs I participated in, that required us to investigate data collected from Tor that pertains to a slew of illegal activities. The organizers simply didn’t render any content, thus eliminating the risk for us analysts.

You could only see what was relevant for your investigation, be that a hash, bitcoin address, email address, or anything else that was of relevance and scraped to the dataset.

When you’re doing this by yourself, there’s no organizer to filter out stuff for you, so always be mindful of that.

More reflections on Tor and Mitigations

Tor prevents your ISP/local network from knowing what you visited, prevents tracking, and helps with avoiding censorship.

However, the 3-letter agencies dislike Tor; mainly because Tor is the best network for these uses, thus it is always under attack, and when it is, its mostly to deanonymyze its users.

If you’re in locations that might be targeted and risk is high, or your adversary has significant resources, you should not rely on Tor to anonymyze you.

Another big weakness for Tor is you, the user. This is due to you not having good Opsec, which will defeat the purpose of Tor, by default.

Other weaknesses are browser-based attacks, as well as attacks against the host OS.

Of course, you can mitigate and reduce the probability of these attacks and this implies you having some controls implemented.

First and foremost, go back to Opsec basics, learn it inside and out, and create your model.

You should also leverage isolation, compartmentalization/virtualization to reduce the impact and possibility of browser exploits (or other attacks) being successful.

Never install Tor on your main OS, especially if the consequences are high.

Use hardened VMs.

Just running the tor browser in windows is NOT a good idea. Assume the Tor browser is exploitable and mitigate appropriately, use isolation.

Whatever is your isolation, it also needs to be hardened.

To future proof yourself against unknown threats, you need non-persistence; you should not rely on the Tor browser to purge all that data fully reliably. However, you can get this through Tails and other live OSes, VMs or you can use whole disk encryption and secure delete. You can also use combination of these methods to better protect yourself.


Be aware of the design documentation – https://2019.www.torproject.org/projects/torbrowser/design/

Conclusion

I hope I’ve put you on a path down the rabbit hole called Tor! There’s so much more, and I will cover as much as I possibly can.

Stay tuned.

Cover image by JC Gellidon

#tor #risk #tracking #deanonymization

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

Weapon of Mass Destruction – Voice AI-based Attack

Many people think that getting key personal information can be very hard, but it’s now becoming easier than ever.

Last week, I was reading how Elon Musk let go of thousands of people at Twitter using an AI-based bot that was trained to reproduce a message using the voice of famous people. I find it clownish but VERY dangerous.

This impersonation technology, used in the wrong hands, could lead to someone obtaining critical information about a business. It’s even better than phishing.

Even a combination of both (plus some threat intelligence) could be the perfect weapon to utilize in a malicious campaign.

Imagine this: you record the voice of any C-level position in a company – let’s say Procurement Manager. Train the bot to recognize the voice, and then we call the Finance Manager with it and ask him/her to transfer money to an external party, using a phishing mail which impersonates the Procurement Manager.

Bingo! It’s money in the bank.

In fact, it’s already happening.

There are even more terrible attacks that I won’t describe, but this will be a weapon of mass destruction.

Conclusion: cybersecurity offensive techniques are evolving very quickly and a black hat can do a lot of harm without the right company controls and processes.

My advice:

  1. Check everything twice.
  2. Have the correct processes in place in your company before moving a finger.
  3. Train your workforce, family and friends.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×