Skip to content

How to find systems impacted by CVE-2024-3094 (XZ Utils backdoor) with runZero

Latest CVE-2024-3094 (XZ Utils backdoor) coverage 

Andres Freund discovered a malicious backdoor in a recent revision of the XZ Utils package. This backdoor was introduced by a threat actor who spent years building trust in the open source community before taking over maintenance of the XZ Utils project. After gaining access as a maintainer, the threat actor introduced the malicious code in multiple obfuscated steps. This backdoor could allow the threat actor to run arbitrary commands without authentication through the OpenSSH daemon.

CVE-2024-3094 is rated critical with CVSS score of 10.0.

An overview of this issue can be found at ArsTechnica.

Russ Cox published a detailed timeline.

What is the impact?

Successful exploitation of this backdoor would allow the actor responsible to run arbitrary system commands without authentication.

Anthony Weems built a fantastic proof-of-concept and demo kit for reproducing the backdoor.

Are updates or workarounds available?

This backdoor was enabled when a build was run on an x86_64 (amd64) system that was building a Debian “DEB” or Red Hat “RPM” package. The issue was caught prior to widespread release and the list of affected distributions is small as a result.

The following distributions shipped a combination of packages that resulted in a backdoored SSH daemon:

Additional information about this issue can be found across the web and in various distribution-specific trackers:

How to find potentially affected systems with runZero

The runZero team is investigating whether a direct check against SSH is possible.

In the meantime, we suggest using this runZero Service Inventory query:

_asset.protocol:ssh protocol:ssh (banner:="SSH-2.0-OpenSSH_9.6" OR banner:="SSH-2.0-OpenSSH_9.6p1%Debian%" OR banner:="SSH-2.0-OpenSSH_9.7p1%Debian%")

This query is based on the following logic:

1. Identify any instances of Fedora Rawhide or OpenSUSE Tumbleweed & MicroOS in your environment. The easiest way to find potentially affected installations is to look for OpenSSH servers running version 9.6, which is a recent release specific to those rolling distributions.

2. Identify any instances of Debian or Kali rolling builds. The easiest way to do this is by looking for recently-released (9.6 & 9.7) Debian-flavored OpenSSH services, as these packages were shipped in the Debian unstable and Kali Linux rolling releases.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

Scaling affiliate marketing: Top tips from Nord Security’s Jonas Kupreščenkovas

Nord Security’s affiliate partnership manager, Jonas Kupreščenkovas, shares a few tips on how to scale affiliate marketing and what to keep in mind when venturing deeper into the affiliate marketing model.Strategic planning is of the essence here, not to mention a deep understanding of the product, the niche, and audience. 

Affiliate marketing has been gaining traction in recent years as a digital marketing strategy and has become one of the more popular ways to generate passive income for affiliates. Affiliate marketing is growing at a 10% rate year over year. It’s important both for potential affiliates and businesses to understand affiliate marketing and the many ways to scale to fully utilize this advertising model. Quick definition: Affiliate marketing is when third-party publishers (affiliates) are compensated for promoting products and services from an advertiser (brand). For each sale or lead made via their channel, the affiliate receives a commission.

1. Narrow your focus on specific niche

A niche is a specialized market segment when it comes to a particular service or product. Keep in mind: Niches are not made equal. What is more general may be easier to market but also has bigger competition. What is more difficult to market has the challenge of being able to reach the target audience. However, choosing a less popular niche doesn’t mean you won’t be able to sell; it just means that you’ll have your work cut out for you.

It may sound redundant, but if you’re starting from scratch, pick something you’re interested in. Not only will you be able to add to your content from personal experience, it will also be easier to build the niche further on. Having specific knowledge on a topic is an advantage.

Moreover, if you choose products to promote based on your niche and interest, it will be more genuine and to the point rather than choosing everything that comes your way.

2. Understanding what your audience wants

One of the main key points when it comes to affiliate marketing is understanding your audience. While some may encourage covering many different topics, products, and services, it is highly important to understand what kind of audience you have. What are their needs and pain points? Also, what kind of platform you run and what your primary topic or field of expertise is.

If you’re selling cybersecurity products and talk only about that, would it make sense to your audience if you started selling socks? The ability to personalize and deepen your audience’s preferences is the ability to effectively maintain their attention. Building an audience that wants to come back and considers you an authoritative source is the most important thing here.

3. Quality content is still king

A flashy thumbnail or ad might draw people to you but quality content is what makes them stay. Therefore, the previously mentioned niche selection and the knowledge of your audience are extremely important. Your audience knows when you understand the topic and provide valuable information rather than just trying to fill a gap. Expertise and genuine interest goes a long way here, and proving it in your content is the first step to gaining substantial visitorship and an audience that keeps coming back for more.

Don’t forget to mix and match when it comes to different content types – informational vs. sales-focused content . Informational content may not earn you millions, but it will strengthen your authority and give you a better chance to rank on SERPs, while various guides, “best” articles, keywords including “review”, “alternatives”, “X vs X” are also great to target those who already have buyer’s intent. SEO knowledge is a big advantage when it comes to driving an audience to your content as it improves the visibility of your website. Close to 80% of affiliate marketers use SEO to bring traffic to their website.

Anything content-related should be of high quality, engaging, and relevant to your niche and audience. Avoiding overly promotional content is recommended; Balance is key, as long as you’re not being spammy or providing empty and useless content, you should be fine.

4. Diversifying your traffic

Want to bring more people to your site and have more stability in your website traffic? Diversification of content is crucial here, not to mention that it will help with scaling your efforts. Paid advertising, social media, and newsletters can help you reach a wider audience. Over 65% of publishers use social media to reach their target audience. From personal experience, we at NordVPN saw recent success with sports teams like Atlético de Madrid, Hibernian FC, and Ipswich Town. Pushing a dedicated newsletter to fans saw significant growth in performance and partnership visibility. A similar situation played out on X, where a single post announcing a partnership drew in almost 200,000 views.

Tailoring your content across a variety of traffic sources works best; don’t forget to A/B test and experiment with content to find what works on certain channels and sources. Depending on your niche, you can find many opportunities, but do some research beforehand to find where your target audience spends time.

If you’re feeling brave, you can expand to new markets and adapt your content as well as affiliate marketing tactics based on the preferences of foreign audiences. However, it’s important to understand that you not only will need to localize your content but also research the buying habits of your target markets. Selling to different countries is not easy and requires an understanding of local market conditions and dynamics. For example, Facebook, X and other well known social networks may not be as popular in Asia, where WeChat and QQ are better known.

5. Tracking your performance

Don’t just slap everything together in the hope that it will work the first time around. Test and track, test and track. Try different promotional strategies, content layouts, and such to see what (or who) works best. Track main metrics like clicks, conversion rate, and impressions to have a better grasp on what works and what doesn’t. Maybe your new theme is confusing? Maybe the radical changes made in content tone put off the audience? Check data and make data-driven decisions to ensure long-term success.

It’s a continuous effort to find what works best, and it’s never set in stone. Constant campaign tracking, conversion rate and content optimization are a must. Why put so much effort into this? To about 30% of web publishers affiliate marketing is one of the top revenue sources. Affiliate marketing keeps you on your toes, and that is one of the most exciting things about it.

6. Working together with your affiliate partnership manager

A dedicated affiliate partnership manager can provide you with valuable information and insights when it comes to scaling. They can provide you with the unique selling points of products and services, come up with various strategies to elevate your marketing efforts, and more. Also, at NordVPN, being up to speed on key global events and time sensitive topics are key for any affiliate strategy. If you’re the first to work with partners on a topic that’s starting to trend, you’re bound to see the best results and the largest chunk of the traffic compared to those that jump on the opportunity second or not at all. Therefore, it’s important both for the affiliate partnership manager and the publisher to always track and be on top of various news and trends.

Affiliate marketing managers are always ready to help you as they want you to succeed in your endeavors and can provide feedback, content opportunities, visuals, and more. Most will provide you with tips and guides that will help you build your content accordingly.

To conclude, scaling affiliate marketing demands a constant thirst for information on part of the content creator, as well as consistent improvement, optimization, and a deep understanding of your niche and audience. These tips can help you out to create a good income source though it all comes down to you and your ability to adapt to constantly shifting trends, new social media appearances, and changes in the marketing and consumer landscape.

 

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

How to prevent phishing attacks: best strategies

The term ‘sandworm’ might make many people think of the ‘Dune’ movie. Yet, it is also the name of a group actively involved in manipulating elections. 

Over the years, Sandworm has meddled with elections to sway outcomes and interrupt political processes. This includes the 2016 US Presidential Election, the 2017 French Presidential Election, and various electoral processes in Ukraine.

Sandworm often begins its attacks with phishing. This technique isn’t just for tricking people into giving away their credit card information on fake websites. It’s a significant threat to businesses and, by extension, to national security, as companies can sometimes be the weaker link.

Learning about phishing is crucial. Let’s discuss it in a way that’s clear, easy to remember, and practical to use.

Key takeaways

  • Phishing comes in various forms, such as email phishing, spear phishing, whaling, smishing, and vishing.

  • To identify a phishing attempt, look for signs such as suspicious email addresses, generic greetings, spelling and grammar errors, urgent language, requests for sensitive information, and dubious links or attachments.

  • Educating your employees about anti-phishing techniques and promoting a culture of security awareness are crucial steps.

  • Enforce multi-factor authentication (MFA) to add a layer of security, making stolen credentials insufficient for accessing sensitive data.

  • Phishing simulation exercises can test your team’s detection skills and significantly improve your anti-phishing defenses.

  • Develop a response plan that outlines clear steps for reporting phishing attempts.

  • NordLayer helps mitigate phishing attacks by assisting in implementing the Zero Trust Network Access (ZTNA) framework and offering Threat Prevention features, which strengthen your organization’s defenses against phishing.

Types of phishing attacks

Phishing attacks come in various forms, each with its own tactics to trick victims into sharing sensitive information.

Common types of phishing attacks

  • Email phishing is the most common, where attackers send fraudulent emails, mimicking legitimate organizations to steal personal data.

  • Spear phishing targets specific individuals or companies, using tailored information to seem more convincing.

  • Whaling focuses on high-profile targets like company executives, using sophisticated social engineering techniques.

  • Smishing and vishing involve sending text messages and making phone calls, respectively, to lure victims into revealing information or downloading malware.

Real-life examples of phishing

Phishing continues to be a significant problem. Recent studies show that phishing attacks have hit 94% of organizations, and 96% of them experienced negative impacts from the attacks. Adopting strong anti-phishing strategies is still very important.

  1. In June 2023, a North Korean threat actor launched a sophisticated phishing attack on JumpCloud, a platform for identity management. They tricked a software engineer, which led to a security breach. This gave the attacker access to JumpCloud’s systems, which allowed them to interfere with operations. The team quickly noticed the unusual activities and immediately took steps to limit the damage, including changing credentials and rebuilding systems. However, JumpCloud has not shared details about whether any information was leaked from the affected devices.

  2. In February 2023, Reddit showed how to handle a phishing attack effectively. The company was the target of a phishing attempt that fooled employees with fake alerts, leading them to a website designed to look like Reddit’s own intranet. This phishing attempt obtained some employees’ credentials, which gave unauthorized access to Reddit’s internal documents and source code. Quickly reporting the incident by an employee who got phished was key to Reddit’s swift action and investigation. This situation highlights the importance of quickly reporting phishing emails to mitigate phishing attacks. It also shows how spam filters and multi-factor authentication prevent phishing attacks and protect sensitive information.

  3. In 2019, Magellan Health, a company that provides managed care services in the U.S., experienced a phishing attack. This incident exposed the personal and health-related information of about 270,000 people. It seems an employee, without realizing it, gave away their login details to the attackers. This mistake led to unauthorized access and the spread of spam emails. Magellan Health has decided to settle the claims for $1.43 million, although they don’t admit any fault and state there’s no proof that the information was actually misused.Biggest-data-breaches-of-2023

How to identify phishing attacks

The arrival of generative AI has made spotting phishing attempts tougher. These advanced tools create very convincing messages, so staying alert is more important than ever. However, looking out for specific warning signs is still an essential way to guard against phishing attempts.

Phishing signs

  1. Email addresses that look slightly off are often the first sign of a phishing attack. Attackers mimic legitimate company addresses with small changes that are easy to miss. For example, getting an email from “support@amaz0n.com” instead of “support@amazon.com” is a clear warning sign.

  2. When an email uses a generic greeting like ‘Dear Customer’ instead of your name, it might be a phishing attempt. Real companies know your name and use it to talk to you directly, making communication more personal.

  3. Mistakes in spelling and grammar are telltale signs of phishing emails. Authentic companies make sure their messages are error-free. An email full of errors should make you pause and think. Also, spotting things like ‘[enter the name]’ or typical ChatGPT commands in an email should alert you. These signs can indicate the email may not be trustworthy.

  4. Phishing emails often use urgent language to make you feel panicked. If an email pressures you to act fast to avoid negative consequences, like losing access to your account, be skeptical.

  5. Requests for sensitive information through email should always be a red flag. Genuine organizations won’t ask for your passwords, Social Security numbers, or credit card details in this way.

  6. Be cautious with links and attachments in emails. Checking where a link goes before clicking on it and being careful with unexpected attachments are smart ways to avoid phishing traps.

  7. Differences in links and domain names can expose a phishing email. If these elements don’t match up with the actual company, it’s likely a scam.

  8. If you get an email from someone you know that doesn’t seem right, like asking for odd things, it could mean their email is part of a phishing scam. This is a tactic to catch you off guard.

How to prevent phishing attacks in your organization

Phishing attacks are common yet serious threats to steal organizations’ sensitive information. To protect against these attacks, combining education, technology, and vigilance into a comprehensive strategy is essential.

Phishing prevention best practices

Educate your employees

Teaching your team about phishing techniques is crucial. Stress the importance of checking for email misspellings, the dangers of clicking on unknown links or attachments, and how to report anything suspicious. Building a security-aware culture helps everyone play a part in preventing phishing attacks.

For example, lately, Business Email Compromise (BEC) has become a major cybersecurity concern. This scam involves sending targeted phishing emails to steal money or data from companies. A typical example is CEO fraud, where scammers, pretending to be the company’s CEO, ask employees for urgent money transfers. These requests could be for settling invoices, closing deals, or even buying gift cards, often urging quick action or demanding secrecy.

Some BEC attempts are easily recognized, like the one our colleague got:

Phishing email example

Other attacks can be quite sophisticated. For instance, in 2016, a scam involving a fake CEO of FACC led to a $47 million loss.

Now, the risk is even greater with generative AI, allowing scammers to create realistic deepfake videos or audio of executives. So, remind your employees to be cautious when fending off BEC threats. Encourage people to confirm any urgent requests for money or important information claimed to be from the CEO by directly calling the CEO or messaging them on a different platform.

Implement advanced email filtering

Email filters are crucial in stopping phishing emails before they get to your team. These systems look for clues that an email might be a phishing attempt, and they learn from new threats, greatly reducing the likelihood of a successful attack.

Google has shared that its AI-driven security in Gmail blocks over 99.9% of spam, phishing, and malware, keeping almost 15 billion unwanted emails away from users every day. Keeping these filters up-to-date and properly set up is essential in staying one step ahead of phishers.

Enforce MFA

Multi-factor authentication offers a solid layer of protection, even when other defenses might not work as well. MFA could require something like a code from your phone or your fingerprint. This way, it makes sure that just having stolen credentials isn’t enough to get into your data.

Once, Google aimed to cut down on phishing risks, so they required all their employees to use physical Security Keys, leading to no account takeovers being reported. The company found physical security keys so effective that it introduced its own in 2018. To help with the security of the US election, they also gave out thousands of these keys for free.

Regularly update and patch systems

Updating software is key to phishing prevention. These updates patch security holes that threat actors might use to sneak malware into innocent-looking requests.

They also add new anti-phishing features, like better detection of fake websites, making it harder for phishing attempts to succeed. Plus, keeping software current ensures businesses meet data protection standards and supports the latest defenses against phishing, such as improved email filters and browser warnings.

Conduct phishing simulation exercises

Phishing simulations test how well your team can spot a phishing attempt. For example, Uber tackles cybersecurity risks, including phishing simulations, with a trio of strategies.

Tabletop exercises are like role-playing games for security scenarios, helping leaders practice decision-making and boost their understanding of cybersecurity. Red team operations are more like realistic mock battles, where a team plays the role of attackers to test how well Uber can defend against real threats. Lastly, atomic simulations are bite-sized tests focusing on specific security measures and how quickly the team can respond. Together, these strategies keep the team better prepared for different sorts of cyber challenges.

Develop a response plan

Developing a response plan is essential in the fight against phishing attacks. Start by outlining clear steps that your team should follow when they detect a phishing attempt, including who to notify and how to report the incident. Make sure everyone understands the common phishing techniques and the importance of quick action to minimize damage. Regularly review and update your anti-phishing policies to adapt to new phishing scams. Practice your response plan through drills to ensure that when a real phishing attack occurs, your organization is prepared to act swiftly and effectively.

Use Secure Web Gateways and DNS Filtering

Using Secure Web Gateways (SWG) and DNS filtering is a powerful step in your anti-phishing strategy. These tools act as a first line of defense by blocking access to malicious websites known for phishing attacks before they can do harm. They scan and filter internet traffic to prevent phishing techniques and scams from reaching your network or your team’s devices. Setting up SWG and DNS filtering helps ensure only safe, approved web content gets through, significantly reducing the risk of phishing attempts.

Hold regular security checks and assessments

Regular security checks and assessments help identify vulnerabilities that could be exploited by phishing techniques. By consistently reviewing your security measures, you can stay one step ahead of attackers and adapt to new phishing scams. Incorporating anti-phishing drills and tests into these assessments can strengthen your team’s ability to recognize and respond to threats. Make it a priority to schedule these checks periodically.

Build a culture of reporting

It’s important to make employees feel comfortable reporting any suspected phishing. If people worry they’ll get in trouble or feel embarrassed, they might not report things that could warn you about a phishing threat. Showing that reporting can stop attacks before they happen helps everyone understand why it’s so crucial. Making it easy to report, like having a special email address or a simple button in email programs, encourages reporting. Saying thank you to those who report phishing helps build a culture where everyone wants to keep the organization safe.

How to mitigate phishing attacks with NordLayer

NordLayer offers a straightforward solution to mitigate phishing attacks effectively. It guides businesses in implementing the Zero Trust Network Access (ZTNA) framework smoothly, often without the need for external tech specialists.

ZTNA works on the principle of trusting no one by default, whether they are inside or outside your network. Access is given only after detailed verification, greatly lowering the risk of phishing attacks by making sure only verified users can get into your network resources.

Besides helping with the ZTNA framework, NordLayer has direct features aimed at phishing prevention. The Threat Prevention tool actively spots and stops potential threats, protecting your devices and important data from complex phishing methods and scams.

Using NordLayer’s complete security tools gives your organization strong anti-phishing protection. To find out how NordLayer can help prevent phishing attacks in your organization, feel free to contact sales.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

XZ Vulnerability

You drink tap water every day, right? Do you know who invented the filtering mechanism that makes water pure and clean?… Well, do you actually care?

Do you know that this mechanism is exactly the same in all the taps of all the houses of any country? Do you know that this specialized piece is the work of an engineer who does it just because? Can you imagine what could happen if this person had a bad day?

Let’s talk about the XZ Utils library and why it is not a good idea to depend on a single supplier and make them angry. Let’s talk about the XZ Utils library and its latest developer, Jia Tan.

Yes, open source software can offer a series of benefits in terms of prices (because it is actually “free”), transparency, collaboration and adaptability, but it also entails risks regarding the security and excessive trust that we place as users.

Content:

What happened?

On March 29, Red Hat, Inc. disclosed the vulnerability CVE-2024-3094, with a score of 10 on the Common Vulnerability Scoring System scale, and, therefore, a critical vulnerability, which compromised the affected SSH servers.

This vulnerability affected the XZ Utils package, which is a set of software tools that provide file compression and decompression using the LZMA/LZMA2 algorithm, and is included in major Linux distributions. Had it not been discovered, it could have been very serious, since it was a malicious backdoor code, which would grant unauthorized remote access to the affected systems through SSH.

The vulnerability began in version 5.6.0 of XZ, and would also affect version 5.6.1.

During the liblzma building process it would retrieve an existing camouflaged test file in the source code, later used to modify specific functions in the liblzma code. The result is a modified liblzma library, which can be used by any software linked to it, intercepting and modifying data interaction with the library.

This process of implementing a backdoor in XZ is the final part of a campaign that was extended over 2 years of operations, mainly of the HUMNIT type (human intelligence) by the user Jia Tan.

User Jia Tan created his Github account in 2021, making their first commit to the XZ repository on February 6, 2022. More recently, on February 16, 2024, a malicious file would be added under the name of “build-to-host.m4” in .gitignore, later incorporated together with the launch of the package, to finally on March 9, 2024 incorporate the hidden backdoor in two test files:

  • tests/files/bad-3-corrupt_lzma2.xz
  • tests/files/good-large_compressed.lzma

How was it detected?

The main person in charge of locating this issue is Andres Freund.

It is one of the most important software engineers at Microsoft, who was performing micro-benchmarking tasks. During testing, they noticed that sshd processes were using an unusual amount of CPU even though the sessions were not established.

After profiling sshd, they saw a lot of CPU time in the liblzma library. This in turn reminded them of a recent bizarre complaint from Valgrind about automated testing in PostgreSQL. This behavior could have been overlooked and not discovered, leading to a large security breach on Debian/Ubuntu SSH servers.

As Andres Freund himself claims, a series of coincidences were required to be able to find this vulnerability, it was a matter of luck to have found it.

What set off Freund’s alarms was a small delay of only 0.5 sec in the ssh connections, which although it seems very little, was what led him to investigate further and find the problem and the potential chaos that it may have generated.

This underscores the importance of monitoring software engineering and security practices. The good news is that, the vulnerability has been found in very early releases of the software, so in the real world it has had virtually no effect, thanks to the quick detection of this malicious code. But it makes us think about what could have happened, if it had not been detected in time. It is not the first nor will be the last. The advantage of Open Source is that this has been made public and the impact can be evaluated, in other cases where there is no such transparency, the impact can be more difficult to evaluate and therefore, remediation.

Reflection

After what happened, we are in the right position to highlight both positive and negative points related to the use of open source.

As positive points we can find transparency and collaboration between developers from all over the world. Having a watchful community, in charge of detecting and reporting possible security threats, and have flexibility and adaptability, since the nature of open source allows adapting and modifying the software according to specific needs.

As for the disadvantages, we find the vulnerability to malicious attacks, as is the case with the action of developers with malicious intentions. Users trust that the software does not contain malicious code, which can lead to a false sense of security. In addition, due to the number of existing contributions and the complexity of the software itself, it can be said that it is very difficult to exhaustively verify the code.

If we add to all of that the existence of libraries maintained by one person or a very small group of people, the risk of single point of failure is greater. In this case, that need or benefit of having more people contributing is what caused the problem.

In conclusion, while open source software can offer us a number of benefits in terms of transparency, collaboration and adaptability, it can also present disadvantages or challenges in terms of the security and trust we place in it as users.ing.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Cybersecurity firm ESET welcomes new member of the Board

BRATISLAVA — March 27, 2024 —  ESET, a global leader in digital security for more than 30 years, today announces that Jan Hrubý has joined the company’s Board of Shareholders, effective March 11, 2024, representing the joint ownership interests of himself and sister Elena Hrubá. Mr. Hrubý takes the seat after his father ESET co-founder Rudolf Hrubý who sadly passed away in December 2023. 

“We warmly welcome Jan to the ESET Board of Shareholders at an exciting time for the company,” said Peter Paško, Chair of the Board. “As consumers, businesses and governments alike are increasingly reliant on security solutions to enable them to focus on their own progress and innovation, ESET continues to expand its offering accordingly, with growth expected for years to come.”

ESET, a privately held company, is guided by the Board of Shareholders which is comprised of the company’s owners: Miroslav Trnka, Peter Paško, Maros Grund, Richard Marko, Anton Zajac and, now, Jan Hrubý and Elena Hrubá.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×