9 月 2022 - 頁2，共13

GREYCORTEX Mendel 3.9.1. Now Available

September 20, 2022 – We have released GREYCORTEX Mendel 3.9.1 which brings minor improvements and bug fixes.

Enhancements

Event visibility level store its configuration on the user level (keep the last state before logout)

Improved performance and reliability for Failsafe mode

Improved subnet filtering by substring search in filter

Fixed issues with

Performance in the network capture module
Invalid license during Sensor&Collector upgrade
Default firewall configuration for an asset discovery tool
Checkpoint firewall rule policies
Detecting TOR traffic by IDS signatures
Resizing LVM storage on AWS
Two or more DNS servers on the management interface
Empty subnet graph for subnets filtered by tag(s)
User permissions
SSL configuration for Fortigate firewall plugin
Invalid CSV header in subnet import
Malformed input for network parsers

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About GREYCORTEX
GREYCORTEX uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

MENDEL, GREYCORTEX’s network traffic analysis solution, helps corporations, governments, and the critical infrastructure sector protect their futures by detecting cyber threats to sensitive data, networks, trade secrets, and reputations, which other network security products miss.

MENDEL is based on 10 years of extensive academic research and is designed using the same technology which was successful in four US-based NIST Challenges.

TAKING CONTROL OF TEST EXECUTION: CUSTOMIZING THE EXECUTOR

Test execution is the process of running tests to verify a specific functionality in a system. It’s a great way for us to find bugs in our applications, but over time we realized that we needed to improve the speed and efficiency of our test execution method. Here’s how we did it.

The story so far
After four years of automated test development, we now have a significant collection of tests we can run. These tests can be organized and executed on demand and provide us with valuable data about the current state of our system.

Most popular automated test development platforms offer us some level of control over test execution: parallel suites, for example, to reduce execution times. Some platforms even allow us to dynamically inject test cases during runtime, depending on the current system state.

But what if it’s not enough? What if we need even more control over execution? What if we want to use mixed-type pipelines and dynamically change test data or execution pool thread capabilities?

The problem
We execute tests from several different IPs because some of the functionality can be tested only while using a specific tunnel connection. This brings us to Cloudflare accessibility problems, request limit issues, and, occasionally, authentication errors.

Some more complex scenarios require the alteration of test data. This can only be done via microservice-based endpoints. Some of those endpoints are only accessible from an internal network. After a tunnel connection is established with an external server, a test execution bot can no longer reach the internal resources required for this test run.

Another problem is the number of requests being generated during test runs. For security purposes, all environments have strict request limits, but our test activity can easily reach those limits. Dynamic IPs prevent us from whitelisting IP addresses, and it becomes impossible to execute all test collections from one IP address.

The solution
After several solutions failed, we finally came up with a test strategy that involved modifying test data upfront.

If access cannot be gained from specific IP, we get access tokens before making the connection. If the alteration of test data via internal endpoints is needed, we execute this before the test run. We also bypassed request limits by switching IPs during the test run.

All of this would be impossible if we did not design a more sophisticated test executor.

The executor
We had to design a system that allowed full control of dynamic test execution. The project goal was to have control over the parallel and serial execution of tasks, bound with one executor.

First, data gathering and alteration happen via internal endpoints. A tunnel connection is established, and then parallel test execution takes place to minimize execution time.

Some test suites generate more requests than others, so we must be aware of how many requests are being made and how many suites are in parallel segments. At some point, the IP address has to change, and a new set of test suites are executed again in parallel. This pipeline continues until all tests have been executed.

The result
Thanks to this solution, we can take full control of the test execution pool and execution sequence. In practice, that means we are able to adapt to ever-changing security measures and still provide valuable test execution reports. Our tests allow us to identify bugs faster than ever, enhancing the security and efficiency of all our applications.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

2022 Nord Security

The World’s Worst Hackers Have Flags

In several recent posts, I’ve been exploring how federal governments in the UK and Australia have funded national cybersecurity efforts. Cyber defense as a matter of national security is a fascinating and frankly quite frightening subject, so I wanted to take a closer look at how global powers are protecting themselves. In this post, I want to examine why countries are suddenly investing so much in cybersecurity…because of countries like Iran

Setting aside all ideological and geopolitical differences, Iran (along with countries like Russia and North Korea) has established itself as a malicious actor on the world’s cybersecurity scene. They’re the “bad guys” for all intents and purposes. Multiple groups with Iranian government backing have carried out attacks targeted at foreign infrastructure with the goal of disrupting public life and cultivating instability that Iran can use to its political advantage. Countries like Iran that not only allow but sponsor cyber attacks against foreign governments are exactly why the UK, Australia, and others are suddenly stressing cybersecurity like never before.

In response to the growing threat posed by Iran, the Cybersecurity & Infrastructure Security Agency (CISA) recently issued an alert to educate potential targets about what to be on guard for. That alert has some vital information about what Iran is doing, who’s a risk, and how to prop up defenses – it’s recommended reading for anyone involved with critical infrastructure. For everyone else, it’s a sobering look at why we need to keep investing (aggressively) in national cybersecurity – and what could happen if we don’t.

A Closer Look at Iran

The newest CISA alert comes shortly after a previous alert warning of Iranian cyber actors exploiting known vulnerabilities in Fortinet and Microsoft Exchange to carry out malicious activities like ransomware. Now, they’re exploiting VMware Horizon Log4j vulnerabilities as well.

This tactic of exploiting known vulnerabilities comes as no surprise (stick with what works) but nonetheless deserves highlighting. Iranian groups may have government support. But when their targets have so many vulnerabilities that are not just known but also widespread and unaddressed, it doesn’t take much to pull off an attack. This just shows us (once again) how cybersecurity needs to catch up to the threats it faces. Governments pouring billions into cybersecurity won’t make much difference if the targets are this easy.

Speaking of targets, Iranian hackers have not been selective about who they attack, primarily selecting targets with vulnerable security. In just the US they launched a ransomware attack against a police department; they encrypted the files of a large transportation company; they hijacked the computers of a municipal government for crypto mining; and they exfiltrated data from an aerospace company. As this list shows, both public and private entities can be targets, and financial gain is not necessarily the driving motivation. On the contrary, inflicting the most attacks and dealing the largest damage seems to be the motivation. To put it differently, Iran isn’t sponsoring these attacks to make money – they’re doing it to make a statement, “we can strike at anyone.”

Where Do We Go From Here?

Iran may be targeting low-hanging fruit right now, but make no mistake: the hackers behind these attacks have whatever resources they need in terms of talent, tools, time, and money. They’re wanting for nothing, and they have the means to attack (probably successfully) almost any target on earth. Don’t believe me? Just look at what the Russians pulled off with SolarWinds. Iran could do something similar – it just hasn’t happened yet.

Defense is an arms race – whoever spends the most tends to be the strongest. I think what we’re seeing right now – with countries spending more on cyber offense and defense – is simply the application of that defensive principle to national cybersecurity. Countries like Iran and Russia are spending more on cyber attacks, so countries like the UK and Australia are spending more on defenses. This is just the start of a trend that will grow (a lot) as international relations increasingly intersects with the digital realm. Soon, cyber won’t be an emerging defensive line item – it will be the primary sword and shield that countries hold in their hands.

Which means we should expect increases in attacks from countries like Iran, and increases in cybersecurity spending from the rest of the world. This is the new normal. My take: the sooner we adapt the better.

#Cybersecurity #Iran #Ransomware #CISA #UK #Australia #Log4J

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

vRx 2022

Pandora FMS becomes an M81 partner to make IBM i system monitoring easier

Pandora FMS, an international benchmark in system monitoring, becomes technology partner of the French company M81.

The French platform has extensive experience in the sector since its creation in 1988 and is currently considered one of the great experts when it comes to monitoring IBM i systems.

Thanks to this agreement, Pandora FMS will transfer this type of solutions to Spanish companies to improve IT management and the efficiency of the different work areas.

Pandora FMS and the French company M81 become partners

The alliance between Pandora FMS and M81 represents a notable developing point in the Spanish technology sector, since in recent decades no national company had been able to count on monitoring solutions for IBM i systems.

Formerly known as AS400, it is widespread among big companies with IT infrastructures that deal with large amounts of data.

The M81 monitoring software for IBM i, considered a legacy or outdated system, allows to improve the efficiency of the resources of companies that are based on large IT infrastructures.

In addition to increasing the ability to manage and organize internal data, it saves time for employees, who can devote their efforts to other company areas.

M81 was founded in 1988

Since then, it has been developing solutions for IBM i to become one of the world’s leading experts in these systems.

The French company works for large insurance companies such as the American Marsh & McLennan or AXA, for banks such as the German DZ Bank or the Portuguese Caixa Geral de Depósitos; for companies in the industry such as ArcelorMittal (considered the largest steelmaker in the world) and for logistics companies such as Heppner.

In addition, it is also established in the pharmaceutical, luxury and oil sectors.

The M81 solution ranges from advanced monitoring to the recovery of failed databases.

Despite being aimed at performing very complex tasks, its implementation is characterized by its simplicity and easy handling for teams, achieving the objective of reducing the workload of the workforce and reorienting those efforts in areas most in need.

M81 and Pandora FMS

After the agreement reached with Pandora FMS, this type of technology will be available for large Spanish and international companies that continue to use the IBM i system, also known as AS400 and considered a legacy system.

“The agreement is not only good for our company, but it means ending decades of delay in the Spanish sector that works with IBM i Systems,” says Sancho Lerena, CEO of Pandora FMS.

The Spanish company, a specialist in system monitoring, has taken its solutions to international giants such as Rakuten, Toshiba or Repsol.

Also Spanish reference companies such as El Pozo or Prosegur, in addition to working for public administrations such as the EMT or the Digital Madrid area.

In total, more than 50,000 installations in 53 different countries, a figure that will continue increasing now following the agreement reached with M81.

“M81 is a reference company in the sector, so the alliance reached is a success. But, in addition, it means opening a window for opportunities for companies that have IBM i because they will be able to reduce costs and improve their management following the steps of the great international brands “, explains Lerena.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Pandorafms 2022

CISAnalysis – September 23, 2022

And that’s a wrap for another week in cybersec! Phew! How did we make it through this one….first the Uber hack, then the Rockstar Games hack and now two vulns added to the ‘log amidst all the Mudge/Musk drama at Twitter! Another popcorn here! 🍿

Zoho RCE

First up is a remote code execution vulnerability in ManageEnginePAM360, Password Manager Pro, and Access Manager Plus. An attacker can obtain system level privileges with a successful exploit. You know what that means? Dun, dun, dunnnnnn 💀

As we know from last week’s additions, this vulnerability poses a significant amount of risk, given the nature of the resources available to system users. The vulnerability is currently being exploited in the wild and there is PoC publicly available. Zoho is one of the largest technology companies in the world with over 80 million users, so security engineers should not throw caution to the wind if they have products with the affected versions. The fix was released back in June, so it’s likely this has already been exploited. As is typical, the recommended action forward is to upgrade the instances of Password Manager Pro, PAM360 and Access Manager Plus stat.

Sophos code injection

The other vuln is a code injection vulnerability in the User Portal and Webadmin of Sophos Firewall. Although this is basic perimeter defense, the fact that remote code execution is possible means you can Frankenstein the situation from afar. Who wouldn’t want to execute random scripts from the comfort of their basement? Hotfixes have been published for version v19.0 MR1 and older. If you’re not rocking those, make sure you are not exposed to the WAN and get that VPN up and running before sunset.

#cisa #cisanalysis #zoho #sophos #rce #vulnerabilities

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.