VEGAS Movie Studio 15 released

Creating high-quality videos just got a lot easier

VEGAS Creative Software releases VEGAS Movie Studio 15. This brand-new version makes it the most powerful two-in-one solution for video and audio editing in its segment.

Based on the core technology and features of the award-winning VEGAS Pro, the latest update of VEGAS Movie Studio enables professional results with minimal effort. 4k video editing and hardware acceleration improvements (support for Nvidia and Intel’s Quick Sync Video) bring top-level standards of video excellence and speed, whilst the new HEVC support allows users to significantly compress large video content while maintaining perfect quality.

The new modern user interface is now fully customizable to benefit experienced editors. Firstly, a new ‘hamburger menu’ button has been added, giving users the power to decide which button set should be visible in each window. The most noticeable update from the previous version is a logical, modern docking window behavior and control that allows users to arrange the workspace to individual workflows. You can even select between dark or light shades of interface background color according to preference.

For the beginners, a Quick Start dashboard has been added to guide with step-by-step instructions for video production, making it even easier to get started. An integrated ‘Show-Me-How’ tutorial feature that already exists from previous versions is still there to help. On top, new features like picture-in-picture scenes, freeze frames and split-screen sequences provide a professional look-and-feel to the video with just a few clicks on the storyboard. YouTubers or Vloggers will love the sharing-workflow-automation feature, now with improved file format support including iPhone video files.

For advanced users, the Suite version additionally offers iZotope RX Elements to achieve high-quality sound, as well as top-notch film effects coming from HitFilm and Boris FX.

“With the new VEGAS Movie Studio 15 we bring the powerful technology and high efficiency of VEGAS Pro to everyone who wants to make best-quality videos with minimal efforts,” says Gary Rebholz, VEGAS Product Owner.

Depending on their requirements, filmmakers can choose between three different versions of VEGAS Movie Studio 15:

You could find detailed version comparison here:
https://www.vegascreativesoftware.com/us/vegas-movie-studio/product-comparison

Downloads



About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About VEGAS
Today, millions of VEGAS Pro and VEGAS Movie Studio users benefit from global industry-leading video editing technologies. Now, VEGAS launches into a new era. In May, 2016, MAGIX acquired the multiple award-winning VEGAS Pro and VEGAS Movie Studio product lines, along with other video and audio products. VEGAS Creative Software stands poised to take video editing to a new level. Our development teams in the US and Germany are working on innovative solutions to old problems, and building tools that push the boundaries of what’s currently possible. The VEGAS Creative Software mission: to make VEGAS software faster, more efficient, and even more intuitive. Our goal: to provide users at all levels–from video editing amateurs to creative professionals–tools that are perfectly suited to their needs and demands.

ESET boosts value proposition for MSPs via new direct plug-in with ConnectWise

ESET today announced the launch of ESET Direct Endpoint Management with ConnectWise, a company that transforms how technology solution providers build, manage, and grow their businesses. The new Remote Management and Monitoring (RMM) plug-in for ConnectWise Automate speeds up and improves installation processes of ESET endpoints for the company’s Managed Service Providers (MSPs).

ESET Direct Endpoint Management establishes a direct connection between ESET endpoints and the ConnectWise Automate console. Built with the ConnectWise equipped partner in mind, the plug-in leverages the existing ConnectWise Agent to simplify deployment and management without sacrificing on performance or functionality.

While ESET currently offers a plug-in that connects ESET Remote Administrator (ERA) and ConnectWise Automate, this new version does not require MSPs to install ERA at all, meaning there are no additional servers or intermediate console to manage.  MSPs can get up and running faster, and stay running with fewer issues caused by complex integration. 

“We’ve had a strong relationship with ESET for many years, and from working with them, we know that we are partnering with a proven and reliable technology company,” said Travis Vigneau, director of channel sales and alliances for ConnectWise. “This new direct plug-in demonstrates ESET’s commitment to constantly improving what they offer to the entire ecosystem.”

“We understand how important our MSPs are and we want to help them overcome any challenges they may face,” said Jeronimo Varela, Director of Global Sales at ESET. “That’s why we’ve focused on developing the very best tools, with world-class protection solutions, to not only ensure our MSPs can deliver top-quality service efficiently, but also so that they can become trusted advisors to their customers.”

To find out more about ESET’s MSP program, please click here.

About Version 2 Limited

Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET

Founded in 1992, ESET is a global provider of security software for enterprises and consumers. ESET’s award-winning, antivirus software system, NOD32, provides real-time protection from known and unknown viruses, spyware, rootkits and other malware. ESET NOD32 offers the smallest, fastest and most advanced protection available, with more Virus Bulletin 100 Awards than any other antivirus product. ESET was named to Deloitte’s Technology Fast 500 five years running, and has an extensive partner network, including corporations like Canon, Dell and Microsoft. ESET has offices in Bratislava, SK; Bristol, U.K.; Buenos Aires, AR; Prague, CZ; San Diego, USA; and is represented worldwide in more than 100 countries. 

About ConnectWise

ConnectWise transforms how technology solution providers successfully build, manage and grow their businesses. Our award-winning set of software solutions provides a fully integrated, seamless experience to companies in more than 50 countries, giving them the ability to increase their productivity, efficiency and profitability. When combined with our relentless commitment to innovation, powerful network of ideas and experts, unparalleled passion for our users, and more than 35 years of experience, ConnectWise software solutions deliver the support companies want at each step of their business journey. For more information, visit www.ConnectWise.com.

GREYCORTEX RELEASES MENDEL 3.0

March brings the most recent version of GREYCORTEX MENDEL; Version 3.0. As part of this release, MENDEL 3.0 brings several new features SOC administrators will love, as well as continued expansion for SCADA networks and upgraded hardware support.

Specifically, MENDEL now supports the latest in DELL Rx40 hardware. Those in SCADA network environments will enjoy updates to the MENDEL IDS system. Version 3.0 also includes visibility for the NFS (Network File System) and IEC 60870 5 101/104 protocols. SOC users will note that dashboards have been adjusted to better accommodate multiple sensors, and that the overall capacity for sensors connected to one collector has been increased to 30. Finally, MENDEL’s capabilities have been expanded to include the ability to add your own blacklist file, as well as export files to IBM Qradar SIEM via the LEEF format.
New Features

  • GREYCORTEX has added support for the latest Dell servers (Rx40) so users will now be able to use the latest hardware.
  • SCADA support continues, with updates to the MENDEL IDS engine to include visibility IEC 60870 5 101/104 protocols – bringing new security for professionals in the energy infrastructure sector.
  • SOC administrators will appreciate several new features in version 3.0, including new dashboard settings suitable for multiple sensors for better SOC visualization, as well as the ability to add up to 30 sensors on one collector, and finally; LEEF expert format for events exported to IBM Qradar SIEM, and the ability to upload users’ own blacklists in .csv file.

Improvements
Several MENDEL features were improved. These included easier license extension, host identification, decryption performance, status monitoring, and data export.
Bug Fixes

In general, our development team focused on improving the user experience and reporting.

Please note that updating to version 3.0 requires appliance restart and may take up to one hour.

Contact your local GREYCORTEX partner to find out how you can put MENDEL v3.0 to work for you.


About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

FriedEx: BitPaymer ransomware the work of Dridex authors

Dridex has been a nightmare for computer users, companies and financial institutions for several years now, so much so that for many, it has become the first thing that comes to mind when talking about banking trojans.

Recent ESET research shows that the authors of the infamous Dridex banking trojan are also behind another high-profile malware family – a sophisticated ransomware detected by ESET products as Win32/Filecoder.FriedEx and Win64/ Filecoder.FriedEx, and also known as BitPaymer.

Dridex

The Dridex banking trojan first appeared in 2014 as a relatively simple bot inspired by older projects, but the authors quickly turned this bot into one of the most sophisticated banking trojans on the market. The development seems to be steady, with new versions of the bot including minor fixes and updates being released on a weekly basis, with occasional breaks. From time to time, the authors introduce a major update that adds some crucial functionality or larger changes. The last major update from version 3 to version 4, released at the beginning of 2017, gained attention for adopting the Atom Bombing injection technique, and later in the year also introducing a new MS Word zero-day exploit, which helped spread the trojan to millions of victims.

As of this writing, the most recent version of Dridex is 4.80 and includes support for webinjects into Chrome version 63. Dridex 4.80 was released on December 14th 2017.

Note: Last year we released a tool that helps identify malicious hooks in popular web browsers. The tool is designed to help incident responders discover potential banking trojan infections, including Dridex.

FriedEx

Initially dubbed BitPaymer, based on text in its ransom demand web site, this ransomware was discovered in early July 2017 by Michael Gillespie. In August, it returned to the spotlight and made headlines by infecting NHS hospitals in Scotland.

FriedEx focuses on higher profile targets and companies rather than regular end users and is usually delivered via an RDP brute force attack. The ransomware encrypts each file with a randomly generated RC4 key, which is then encrypted using the hardcoded 1024-bit RSA public key and saved in the corresponding .readme_txt file.

In December 2017, we took a closer look at one of the FriedEx samples and almost instantly noticed the resemblance of the code to Dridex. Intrigued by the initial findings, we dug deep into the FriedEx samples, and found out that FriedEx uses the same techniques as Dridex to hide as much information about its behavior as possible.

It resolves all system API calls on the fly by searching for them by hash, stores all strings in encrypted form, looks up registry keys and values by hash, etc. The resulting binary is very low profile in terms of static features and it’s very hard to tell what the malware is doing without a deeper analysis.

This prompted yet further analysis, which revealed a number of additional attributes that confirmed our initial suspicions – the two malware families were created by the same developers.

Code Similarities

Figure 1. Comparison of GetUserID function present in both Dridex and FriedEx samples

In Figure 1, we can see a part of a function used for generating UserID that can be found across all Dridex binaries (both loaders and bot modules). As we can see, the very same Dridex-specific function is also used in the FriedEx binaries. The function produces the same results – it generates a string from several attributes of the victim’s machine that serves as a unique identifier of the given victim, either in the botnet in the case of Dridex, or of the ransomware with FriedEx. Indeed, the screenshots would make for a good “Spot the difference” game!

This kind of similarity to Dridex is present throughout the FriedEx binaries and only very few functions that mostly correspond to the specific ransomware functionality are not found in the Dridex sample (i.e. the file encryption loop and creation of ransom message files).

 Figure 2. Comparison of function order in Dridex and FriedEx samples. 
Functions that are missing in the other sample are highlighted in the corresponding color

Another shared feature is the order of the functions in the binaries, which occurs when the same codebase or static library is used in multiple projects. As we can see in Figure 2, while the FriedEx sample seems to be missing some of the functions present in the Dridex sample and vice versa (which is caused by the compiler omitting unreferenced/unused functions), the order remains the same.

Note: Auto-generated function name pairs, based on code addresses (sub_CA5191 and sub_2A56A2, etc), obviously do not match, but the code they refer to does.

It’s also worth mentioning that both Dridex and FriedEx use the same malware packer. However, since the packer is very popular nowadays (probably due to its effectiveness in avoiding detection and hampering analysis) and used by other well-known families like QBot, Emotet or Ursnif, we don’t really consider that alone strong evidence.

PDB paths

When building a Windows executable, the linker may include a PDB (Program Database) path pointing to a file that contains debug symbols that help the developer with debugging and identifying crashes. The actual PDB file is almost never present in malware, because it’s a separate file that doesn’t get into distribution. However, sometimes even just the path, if included, can provide valuable information, because PDB files are located in the same directory as the compiled executable by default and usually also have the same base name followed by the .pdb extension.

As one might guess, PDB paths are not included in malware binaries very often, as the attackers don’t want to give away any information. Fortunately, some samples of both families do include PDB paths.

Figure 3. List of all PDB paths found in the Dridex and FriedEx projects

As you can see in Figure 3, the binaries of both projects are being built in the same, distinctively named directory. Based on a search across all of our malware sample metadata, we have concluded that the path S:\Work\_bin\ is unique to the Dridex and FriedEx projects.

Timestamps

We found several cases of Dridex and FriedEx with the same date of compilation. This could, of course, be coincidence, but after a closer look, we quickly ruled out the “just a coincidence” theory.

Not only do the compilations with the same date have time differences of several minutes at most (which implies Dridex guys probably compile both projects concurrently), but the randomly generated constants are also identical in these samples. These constants change with each compilation as a form of polymorphism, to make the analysis harder and to help avoid detection.

This might be completely randomized in each compilation or based on some variable like the current date.

Figure 4. GetAPIByHash function in Dridex samples with compilation time difference of 3 days. The highlighted constant is different

In Figure 4, we have the comparison of two Dridex loader samples with a three-day difference between compilation timestamps. While the loaders are almost identical with the only difference being their hardcoded data, such as encryption keys and C&C IPs, the constants are different, and so are all the hashes that are based on them. On the other hand, in Figure 5, we can see the comparison of the FriedEx and Dridex loader from the same day (in fact, with timestamps just two minutes apart). Here, the constants are the same, meaning both were probably built during the same compilation session.

Figure 5. GetAPIByHash function in Dridex and FriedEx binaries compiled the same day. 
The highlighted constant is the same in both samples

Compiler information

The compiler information only further supports all the evidence we found so far – the binaries of both Dridex and FriedEx are compiled in Visual Studio 2015. This is confirmed by both the linker version found in the PE Header and Rich Header data.

Figure 6. Rich header data found in Dridex and FriedEx samples

Apart from the obvious similarities with Dridex, we came across a previously unreported 64-bit variant of the ransomware. As the usual 32-bit version of the ransomware can target both x86 and x64 systems, we consider this variant to be a bit of a curiosity.

Conclusion

With all this evidence, we confidently claim that FriedEx is indeed the work of the Dridex developers. This discovery gives us a better picture of the group’s activities – we can see that the group continues to be active and not only consistently updates their banking trojan to maintain its webinject support for the latest versions of Chrome and to introduce new features like Atom Bombing, but that it also follows the latest malware “trends”, creating their own ransomware.

We can only guess what the future will bring, but we can be sure that the Dridex gang isn’t going anywhere anytime soon and that they will keep innovating their old project and possibly extend their portfolio with a new piece here and there.

For a long time, it was believed that the Dridex gang was a one-trick pony that kept their focus on their banking trojan. We have now found that this is not the case and that they can easily adapt to the newest trends and create a different kind of malware that can compete with the most advanced in its category.

IoCs

Win32/Dridex.BE C70BD77A5415B5DCF66B7095B22A0DEE2DDA95A0

Win64/FriedEx.A CF1038C9AED9239B6A54EFF17EB61CAB2EE12141

Win32/FriedEx.A 8AE1C1869C42DAA035032341804AEFC3E7F3CAF1

 

 

About Version 2 Limited

Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

 

About ESET

Founded in 1992, ESET is a global provider of security software for enterprises and consumers. ESET’s award-winning, antivirus software system, NOD32, provides real-time protection from known and unknown viruses, spyware, rootkits and other malware. ESET NOD32 offers the smallest, fastest and most advanced protection available, with more Virus Bulletin 100 Awards than any other antivirus product. ESET was named to Deloitte’s Technology Fast 500 five years running, and has an extensive partner network, including corporations like Canon, Dell and Microsoft. ESET has offices in Bratislava, SK; Bristol, U.K.; Buenos Aires, AR; Prague, CZ; San Diego, USA; and is represented worldwide in more than 100 countries. 

GREYCORTEX OPENS JAPANESE OFFICE, ANNOUNCES FIRST PARTNER AND CUSTOMERS

GREYCORTEX is happy to announce that we have successfully entered the Japanese market with our first office outside of Europe, and first Japanese partner and customers.

The new GREYCORTEX office, located in Kobe, Japan, will focus on sales and service across the APAC region. It will be led by Milan Fujita, who brings nearly 20 years of experience in the software sector and the Japanese and APAC markets. The office will also coordinate the regional collaboration between GREYCORTEX and its regional ESET technology alliance partners. The office may be contacted at: Kobe Fashion Mart 10F, 6-9 Koyo-cho Naka, Higashinada-ku Kobe, Hyogo, Japan 658-0032.

GREYCORTEX is also happy to announce our first partner in Japan: iSEC. Information Security Inc. Based in Kobe City, iSEC is led by CEO Yoshihisa Suzuki. iSEC offers the MENDEL Network Traffic Analysis throughout the country. The relationship is already bearing fruit, with two customers implementing GREYCORTEX MENDEL; Hyogo Prefectural Government (https://web.pref.hyogo.lg.jp/fl/index.html) and University of Hyogo (http://www.u-hyogo.ac.jp/english/index.html)

We look forward to many years of success from these relationships.


About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.