Skip to content

SCADAfence Governance – Now Open To Any Third-Party Application & Free Onboarding Until 2021!

It’s true, the SCADAfence Governance Portal can now connect to any third-party application through Syslog or rest-API and we’re providing the entire on-boarding for free until the end of this year. (Details at the end of this blog post).

How You Can Use The Governance Portal

The SCADAfence Governance Portal, first introduced in 2019, has been developed for IT & OT users to enable real-time compliance monitoring across the entire organization and remote site, and to assure compliance with regulations and standards such as NERC-CIPIEC-62443NISTISO-27001, NIS NCSC, NIST CSF, and others.

Earlier this year, the SCADAfence Governance Portal was enhanced to allow you to extend your compliance automatic coverage by receiving inputs from external tools directly to the Governance Portal.

The SCADAfence Governance Portal had just become your very own full organizational OT/IT Governance & Compliance management system. You can now manage all inputs from your entire security, management and orchestration tools in a central location and get real time compliance status for all of your sites.

How You Can Connect The Governance Portal To Third-Party Applications

It’s easier than you think. 

You configure your external tool to send out the relevant information to the SCADAfence Governance Portal, and it will automatically add this new information to the process of compliance calculation. 

That’s it. 

You immediately enjoy extended coverage in areas that cannot be measured based on network traffic data. For instance, you can easily set up your Endpoint definitions to send alerts when outdated virus definitions are detected or receive inputs from your firewall on blocked traffic.

The Main Benefits Of Using The SCADAfence Governance Portal:

  • It’s a multi-site regulatory and policy compliance framework for your organization.
  • It’s a compliance policy manager – you can define your own policy and measure your organization based on it.
  • You get real-time compliance dashboards – these are automatically created and available at all times for immediate compliance visibility.
  • You have detailed reports – you can even drill down into each site and into each improvement opportunity.

The Look & Feel Of The Compliance Score Dashboards

Ultimately, the SCADAfence Governance Portal offers a one-of-a-kind solution which can help you to increase your readiness and compliance for organizational policies and regulatory compliance by performing automatic regulatory assessments based on real network traffic data.

The automatic compliance score calculation provides ready-to-use compliance dashboards and reports which enables end-to-end management of the compliance process as well as gradual enforcement process with flexible policy options.

 

How To Get The SCADAfence Governance Portal For Free Until 2021

Want to get it for your organization risk-free? Just click this link and fill in your details: https://l.scadafence.com/schedule-a-demo-governance

We will then provide you with full on-boarding for the Governance Portal for free, from October 1st until December 31st 2020.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SCADAfence
SCADAfence helps companies with large-scale operational technology (OT) networks embrace the benefits of industrial IoT by reducing cyber risks and mitigating operational threats. Our non-intrusive platform provides full coverage of large-scale networks, offering best-in-class detection accuracy, asset discovery and user experience. The platform seamlessly integrates OT security within existing security operations, bridging the IT/OT convergence gap. SCADAfence secures OT networks in manufacturing, building management and critical infrastructure industries. We deliver security and visibility for some of world’s most complex OT networks, including Europe’s largest manufacturing facility. With SCADAfence, companies can operate securely, reliably and efficiently as they go through the digital transformation journey.

ESET Research discovers CDRThief, malware attacking Chinese VoIP platform

BRATISLAVA – ESET researchers have discovered and analyzed malware that targets Voice over IP (VoIP) softswitches. This new malware, named CDRThief by ESET, is designed to target a very specific VoIP platform used by two China-made softswitches (software switches): Linknat VOS2009 and VOS3000. A softswitch is a core element of a VoIP network that provides call control, billing, and management. These softswitches are software-based solutions that run on standard Linux servers. Entirely new Linux malware is rarely seen, thus making CDRThief worthy of interest. The primary goal of the malware is to exfiltrate various private data, including call detail records (CDR), from a compromised softswitch.

“It’s hard to know the ultimate goal of attackers who use this malware. However, since it exfiltrates sensitive information, including call metadata, it seems reasonable to assume that the malware is used for cyberespionage. Another possible goal for attackers using this malware is VoIP fraud. Since the attackers obtain information about the activity of VoIP softswitches and their gateways, this information could be used to perform International Revenue Share Fraud,” says ESET researcher Anton Cherepanov, who discovered CDRThief. “CDRs contain metadata about VoIP calls such as caller and IP addresses of call recipients, starting time of the call, call duration, call fees, and other information,” he adds.

To steal this metadata, the malware queries internal MySQL databases used by the softswitch. Thus, attackers demonstrate a solid understanding of the internal architecture of the targeted platform.

“We noticed this malware in one of our sample sharing feeds, and as an entirely new Linux malware, it’s a rarity and caught our attention. What was even more interesting was that it quickly became apparent that this malware targeted a specific Linux VoIP platform,” explains Cherepanov.

To hide malicious functionality from basic static analysis, the authors encrypted any suspicious-looking strings. Interestingly, the password from the configuration file is stored encrypted. Despite this, Linux/CDRThief malware is still able to read and decrypt it. Thus, the attackers demonstrate deep knowledge of the targeted platform, since the algorithm and encryption keys used are not documented. Furthermore, only the malware authors or operators can decrypt any exfiltrated data.

“The malware can be deployed to any location on the disk under any file name. It’s unknown what type of persistence is used for starting the malware. However, it should be noted that once the malware is started, it attempts to launch a legitimate file present on the Linknat platform. This suggests that the malicious binary might somehow be inserted into a regular boot chain of the platform in order to achieve persistence and possibly masquerade as a component of the Linknat softswitch software,” concludes Cherepanov.

For more technical details about CDRThief, read the blog post “Who is calling? CDRThief targets Linux VoIP softswitches” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

訊連科技推出全新威力導演365商業版及AdDirector行動版App 協助商業用戶快速打造吸睛廣告及社群影片

內建超過 60萬種Shutterstock素材庫及超過三百種廣告影片範本
協助行銷人員三分鐘輕鬆打造各種平台的廣告影片

【2020年9月17日,台北訊】多媒體創作軟體領導廠商訊連科技(5203.TW)今日發布為商業用戶量身打造的「威力導演365商業版」及「AdDirector」行動App。近年來影片內容行銷對各式品牌日益重要,無論是企業、公司行號、餐廳或個人工作室,打造吸睛的廣告及社群影片都是數位行銷重要環節。全新的「威力導演365商業版」及「AdDirector」行動App可協助商業用戶利用超過三百種內建範本、及超過60萬種豐富素材的Shutterstock素材庫,即使在沒有專職影片製作人員或外包預算下,也能在三分鐘內快速打造行銷影片,上傳至社群或進行數位廣告投放。

全球社群活躍用戶在2020年已達到39.6億[1],隨著社群平台和數位行銷蓬勃發展,影片也成為消費者與品牌的主要溝通方式。超過65%的消費者即指出,一周至少一次透過社群網紅的內容來了解新產品或品牌[2]。疫情影響時期尤為如此,多數企業主面臨的困境主

要為影音素材有限,無法整合並產出吸睛的社群行銷內容。訊連科技全新推出的創意導演365商業版及AdDirector行動App,內建美食、時尚、美妝、教學、旅遊、運動、健康與保健、房地產、季節等超過10種主題、超過三百組的高品質廣告影片範本,針對訂閱用戶,亦會每月更新擴充內容,提供更多設計範本。此外,威力導演365商業版及AdDirector行動App內建了超過60萬筆Shutterstock授權的影片、圖片及音樂等商用素材,讓用戶不再需要為找尋適合範本、素材傷透腦筋。

威力導演365商業版及AdDirector行動版App的功能簡單易用,僅需三個步驟:挑選範本、置換文字及logo、置換範本中的影音素材,可在三分鐘內快速打造廣告或社群影片。而針對各種不同平台對於影片比例的需求,用戶也可於各式範本中快速選擇、切換1:1、16:9及9:16等多種主流尺寸,供作Instagram、Facebook及YouTube等主流社群平台之行銷內容或廣告影片製作。

「數位行銷是企業數位轉型重要的一環,影片內容可廣泛應用在內容行銷、社群行銷及數位廣告等。然而,製作專業的影片對於大多數企業或是個人工作室都是重大難題,往往需要專職影片人員或是高昂的外包成本,更遑論曠日廢時的影片製作時間及流程。」訊連科技執行長黃肇雄表示:「威力導演365商業版及AdDirector行動App是專為各式企業設計的影片製作工具,協助企業簡單上手、內容豐富、快速生成及跨平台優化的影片製作工具,讓企業用戶不再需要為了製作行銷影片傷透腦筋。」

針對進階的影片製作需求,威力導演365商業版也提供了新版本的威力導演完整功能及編輯工具。除了於程式啟動時,使用廣告設計師透過範本快速製作影片外,對於有進階編輯影片需求之商業用戶,也可選擇完整編輯模式,使用威力導演的多樣功能編輯影片。

[1] Global social media research summary, July 2020

[2] Rakuten Marketing

  

PowerDirector365商業版及AdDirector 訂閱方案特色

  • 每月新增創意特效:無限使用創意導演家族的影音擴充內容,並每月增加更多套件與素材,提供源源不絕的創作靈感!
  • 每月最新背景音樂與音效:無限使用Shutterstock素材庫影片、背景音樂及酷炫音效,揮灑創意不再受限!
  • 優先客服禮遇。
  • 50GB容量訊連雲空間。

PowerDirector365商業版方案

  • 威力導演365商業版 (Windows)
  • AdDirector (Android) / (iOS) 

即日起威力導演365商業版已可於訊連科技線上商城及指定零售通路選購,並內建繁體中文、簡體中文、英文、法文、德文、義大利文、西班牙文、日文及韓文等九國語系,AdDirector可於AppStore Google Play商店下載。

2020創意導演家族新品線上發表會

活動回看連結:https://u.cyberlink.com/live/840385615882094748

About Version 2

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

關於CyberLink
訊連科技創立於1996年,擁有頂尖視訊與音訊技術的影音軟體公司,專精於數位影音軟體及多媒體串流應用解決方案產品研發,並以「抓準技術板塊,擴大全球行銷布局」的策略,深根台灣、佈局全球,展現亮麗的成績。訊連科技以先進的技術提供完美的高解析影音播放效果、以尖端的科技提供完整的高解析度擷取、編輯、製片及燒錄功能且完整支援各種高解析度影片及音訊格式。產品包括:「威力導演」、「PowerDVD」、「威力製片」、「威力酷燒」等。

MARTIN HALLER EXCLUSIVELY IN AN INTERVIEW FOR GREYCORTEX

In the header of your blog there’s written “In the head of a Network Administrator: Thoughts, ideas, insights” – that brings up a question: what have you been dealing with in terms of security at your clients in the past few months?

That’s a pretty good question. I’ve been thinking about changing the header recently into something in the sense of “IT security lies in thorough and honest work”, which corresponds the most with what we come across during audits in companies.
IT departments often try to do “rocket science”. They consider advanced and expensive technologies, such as sandboxing and SIEM, skipping basic and simple concepts. For instance, they update servers twice a year, they use just a few passwords (as they haven’t adopted a password manager), they administer everything under the domain admin account and they haven’t performed a test disaster recovery from backup yet.
Don’t get me wrong. Sandboxing and SIEM are really useful technologies. It’s just that they belong to “add-on” technologies, and it’s necessary to get the network tidy first – get to know it inside out, be aware of all devices, setup the firewall and antivirus correctly. Basically, it’s important to focus first on activities that will contribute to security the most with the least effort.

You mention sophisticated attacks and chaotic arrangement of the infrastructure – what kind of impact might they have on organizations and companies? And what risks do you as an expert link with them?

When investigating attacks, I’m often taken aback by how fast the attackers manage to perform a “lateral movement”. It’s the stage of attacks in which attackers have a device under control, and they attempt to extend it to as much of the network as possible. In many cases they manage within a few hours. For example, in one case they managed to get a backdoor to a Director’s PA’s computer using spear-phishing. On Friday night they connected to it and within three hours they took over the domain administrator account and took control of the whole network. That’s a very short time and it’s really difficult for a company without 24/7 network security monitoring to react in time.
It’s critical to invest more time in securing the internal network to make “lateral movement” harder for the attackers and get time to detect and stop them.
Most administrators I meet put all their effort into protecting the “perimeter”. They see the security black and white – the Internet’s full of the bad, while the internal network seems safe to them. That’s a pity as the perimeter’s usually very well secured and the extra time invested has little effect. On the other hand, the internal network tends to be neglected security-wise, so every single day spent securing it is noticeable.

I understand there’s not a single correct approach that would protect all users. In your opinion, though, is there a “must” for the companies to protect their data nowadays? Something that’s changed in this respect in the past 10 years, e.g. new technologies or tools?

The thing is that security will probably never be 100 %. There will always be some zero-day vulnerabilities, human errors, and it won’t be possible to apply all security technologies (e.g. they won’t be compatible with business requirements). That’s why every company should have an efficient back-up system, resistant to hacker attacks. Thanks to that they’ll be able to get their data back without having to pay a ransom.
The development of the cloud and fast Internet has helped a lot in this area. It’s possible to make off-site backups in the cloud for a reasonable price, where the backups are protected against deleting (thanks to snapshotting, i.e. preserving a state of the storage where backups are located to a particular point in time) and natural disasters.
That doesn’t mean, though, that it isn’t necessary to deal with security anymore. A successful attack still means a downtime for days or weeks for companies as well as the risk of making their private data public.

So, it’s not just about eliminating the causes, but prevention – it’s clear that as an expert on IT security you often face misunderstanding from budget holders. What arguments or real-life cases do you use at such moments?

Exactly, the prevention is paramount. It’s cheaper to prevent problems than to deal with their consequences. Thanks to the media attention paid to the recent cyber attacks (on hospitals) the budget holders now realize the need to deal with security. The money is there. The issue is its effective allocation. Almost every IT company now “does” security. There’re also a lot of vendors of security SW / HW solutions. Security’s not a commodity, though, and the quality of individual solutions differs diametrically. The price isn’t a reliable indicator, either. Our strategy is to educate the public in the area of security. And we want Czech companies and institutions to have good security.

So far, the year 2020 seems to be a year full of changes and the need to be prepared even for the most unbelievable moments, which applies to cyberattacks, too. After all, some may be considered more likely a target than others. For example, in the USA there’ll be the presidential election, the Olympics in Tokyo (postponed to 2021), the world economics has shaken due to the coronavirus, and a lot of companies “go online”, which poses enormous risk in itself. Are there any other events or circumstances this year that, in your opinion, may carry a higher risk of attack?

Talking about the Olympics, I’ve read an article about a cyberattack on the 2018 Winter Olympics in PyeongChang, South Korea. It was a very interesting and sophisticated attack which didn’t turn into a fiasco only thanks to a coincidence and a bit of luck. I definitely recommend reading “The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History”.
It’s hard to say whether companies “going online” will have any influence on cybercrime. Most companies were already ready for home office and remote work. On the other hand, there are still a lot of companies on the market that are only about to modernize and digitize their processes. Due to the lack of IT people on the market, it’s possible that some implementations of changes won’t be done very thoroughly.

Given the direction hacker attacks have taken recently – where do you see the future of security tools?

Good question. Apart from imposing restrictions, it’s also crucial to have an overview of your network. That’s the only way how to recognize that the “restrictions” have been overcome and there’s an intruder in the network. Systems such as IDS / IPS will help you with that, as well as honeypots, network traffic analyzers, or SIEM systems. The choice of the system depends on the needs and possibilities of each company, though.


Apart from an early warning about a network issue, the systems are also necessary for backward incident investigation. With their help, it’s possible to find out how far the attackers got, which accounts and devices were compromised, which techniques and programs they used during the attack, which data they took out, how long the network was compromised, or the intrusion vector (the route of the attack). Without such systems the investigation of attacks is strenuous and inaccurate. Especially nowadays, when ransomware groups not only encrypt the data, but also steal parts of it and subsequently publish it (unless paid), such systems are needed more than ever before. Without them it’s almost impossible to find out whether any of your data got stolen during the attack, or not. 


Due to the decreasing price of network analyzers, their constant debugging, and the increasing importance of IT, I expect their adoption to grow. These technologies have a very good price / performance ratio. 

Martin Haller

Martin Haller is a co-owner of PATRON-IT and a technician with all his heart. He specializes in cyber security and has experience as an ethical hacker. He believes it’s necessary to be able to break the network first in order to secure it well. On his blog martinhaller.cz he shares updates from the field of IT security as well as his own real-life insights. He also runs his own YouTube channel – you’ll find there e.g. what a webcam attack looks like.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

ESET Research discovers KryptoCibule: The multitasking multicurrency cryptostealer

BRATISLAVAMONTREAL – ESET researchers have discovered a previously undocumented trojan malware family that spreads through malicious torrents and that uses multiple tricks to squeeze as many cryptocoins as possible from its victims while staying under the radar. ESET named the threat KryptoCibule, and according to ESET telemetry the malware seems to primarily target users in the Czech Republic and Slovakia.

This malware is a triple threat in regard to cryptocurrencies. It uses the victim’s resources to mine coins, tries to hijack transactions by replacing wallet addresses in the clipboard and exfiltrates cryptocurrency-related files, all while deploying multiple techniques to avoid detection. KryptoCibule makes extensive use of the Tor network and the BitTorrent protocol in its communication infrastructure.  

“The malware, as written, employs some legitimate software. Some, such as Tor and the Transmission torrent client, are bundled with the installer; others are downloaded at runtime, including Apache httpd and the Buru SFTP server,” says Matthieu Faou, ESET Researcher who uncovered the new malware family.

ESET has identified multiple versions of KryptoCibule, enabling us to trace its evolution all the way back to December 2018; it remains active. New capabilities have regularly been added to the malware over its lifetime, and it is under constant development.

Most of the victims were in Czech Republic and Slovakia, and this reflects the user base of the site on which the infected torrents are found. Almost all the malicious torrents were available on uloz.to, a popular file sharing site in the two countries. Additionally, KryptoCibule specifically checks for ESET, Avast and AVG endpoint security products; ESET is headquartered in Slovakia, while the other two are owned by Avast, which is headquartered in the Czech Republic.

“KryptoCibule has three components that leverage infected hosts in order to obtain cryptocurrencies: cryptomining, clipboard hijacking and file exfiltration,” explains Faou. “Presumably the malware operators were able to earn more money by stealing wallets and mining cryptocurrencies than what we found in the wallets used by the clipboard hijacking component. Alone, the revenue generated by that component does not seem enough to justify the development effort observed,” he adds.

For more technical details about KryptoCibule, read the blogpost “KryptoCibule: The multitasking multicurrency cryptostealer” on WeLiveSecurity. Make sure to follow ESET research on Twitter for the latest news from ESET Research.

KryptoCibule components and tools

 

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×