Skip to content

CyberLink Announces the Release of FaceMe® Platform, a Complete API Solution for Facial Recognition

As a member of the FIDO Alliance, CyberLink commits to developing and supporting new biometrics-based authentication standards through FaceMe®, its facial recognition technology

TAIPEI, TAIWAN — April 21, 2022 — CyberLink Corp. (5203.TW), a pioneer of AI and facial recognition technologies, announces it became an Associate Member of the FIDO Alliance, an open industry association focused on authentication standards and device attestation. CyberLink joins hundreds of industry players in developing and implementing new authentication specifications and standards, including facial recognition, that will better protect user privacy.

The FIDO Alliance is an industry association centered on advancing authentication standards to decrease dependence on passwords, which can be easily stolen or hacked. These new standards make authentication simpler for consumers to use and easier for service providers to manage. The Alliance’s rich membership comprises stakeholders that include government agencies, service providers, technology players and financial services industry leaders.

Technology industry member CyberLink is dedicated to providing encrypted biometric authentication through its FaceMe AI facial recognition solutions. With its facial recognition expertise, CyberLink is well-positioned to help the Alliance promote the adoption of biometric technologies that will deliver to our society more secure and convenient authentication alternatives to those with inherent flaws that are generally used today.

“We are excited to welcome our newest Associate Member CyberLink,” said Andrew Shikiar, Executive Director and CMO of the FIDO Alliance. “The FIDO vision of universal strong authentication promises better security, enhanced privacy, more commerce and expansion of services throughout digital industries. CyberLink’s addition to our Alliance supports our industry goal to make user authentication easier and safer for all parties.”

“As privacy and protection are increasingly critical imperatives of our society’s reliance on technology in every facet of life, users deserve stronger yet more intuitive authentication methods,” said Dr. Jau Huang, CEO of CyberLink. “I have no doubt that CyberLink’s biometrics authentication expertise, cemented through FaceMe, our facial recognition technology, will benefit the FIDO Alliance in establishing and providing safer authentication methods for end-users.”

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About CyberLink
Founded in 1996, CyberLink Corp. (5203.TW) is the world leader in multimedia software and AI facial recognition technology. CyberLink addresses the demands of consumer, commercial and education markets through a wide range of solutions, covering digital content creation, multimedia playback, video conferencing, live casting, mobile applications and AI facial recognition.  CyberLink has shipped several hundred million copies of its multimedia software and apps, including the award-winning PowerDirector, PhotoDirector, and PowerDVD.  With years of research in the fields of artificial intelligence and facial recognition, CyberLink has developed the FaceMe® Facial Recognition Engine. Powered by deep learning algorithms, FaceMe® delivers the reliable, high-precision, and real-time facial recognition that is critical to AIoT applications such as smart retail, smart security, and surveillance, smart city and smart home. For more information about CyberLink, please visit the official website at www.cyberlink.com

You want to know whether a dangerous stranger has your passwords?

We already live in a post-apocalyptic future that has nothing to envy to great franchises like Mad Max or Blade Runner.

Proof of this are pollution, pandemics and the fact that your most intimate secrets can be violated because your most impenetrable slogans are in a database of leaked passwords.

Do you feel that pinch? It’s fear and cruel reality knocking at your door at the same time.

But, well, let’s stand by. Just as Mel Gibson or Harrison Ford would do in their sci-fi plots. Let a hard guy grimace get drawn on your face, adjust your pistol grip and put on comfortable shoes. Help us and help yourself answer this question:

Are you in a database of leaked passwords?

You already know that periodically, the security of large companies that store hundreds of data, including your passwords, is violated with total impunity.

We have repeated it countless times: No one is free from evil because, friends, evil never rests. And on top of that, there are no superheroes for these things.

That is why we will try to guide you to check, in a simple way, whether you and your passwords are in a database of leaked passwords.

That way you will find out whether you are safe or you already have to start thinking about coming up with new and original passwords.

*Remember

No matter how far-fetched and armored it may seem, from time to time you will have to check if it has been leaked. We do not want anyone with bad intentions to use them and take advantage of some of the services you have hired or, directly, steal your information. 

To guide you in this search what we will do is start by checking your emails. We will check whether they are included in some of these databases of leaked passwords. That way we will not only reveal if these have been filtered, but also the rest of the accounts in which you repeat the same username and password over and over again.

Is all this necessary?

Between you and me, it’s easier to memorize a password than to try it with hundreds. That’s why you repeat the same one since your teenage days! Damn it… maybe even since you met messenger and Terra chat. 

But this is a very dangerous thing! If someone has already obtained your old hotmail email and the password you used in it, and that you may continue to use, what they will do is, apart from appropriating your email, is to use that information to enter other platforms or services where you continue to use the same username and password as in that hotmail. 

Once you know whether any of the credentials that you usually repeat have been leaked, you will have in your hand the option to change them both on the site that has been violated and in the rest of the places where you use them. 

How do we do it?

To find out whether the passwords of any of the websites in which you have registered have been violated and filtered, you just have to go to:

haveibeenpwned.com

A portal that is responsible for collecting information from password databases filtered throughout the Internet.

*The page is quite intuitive. It works as a search engine. As the main Google page. So calm down.

Let’s go with a small list of steps to follow:

  1. Enter haveibeenpwned.com.
  2. Go to the main text box. In there type the email account you want to verify. You will be immediately shown the accounts or platforms, linked to it, that have been breached.
  3. If after typing your email and pressing enter, the screen turns green, you are in luck, your email has not been involved in any massive leak.
  4. However, if the screen turns to a maroon shade… Shit! The password linked to that email has been leaked! What’s more, the very attentive page will tell you where. Below you will see a list of websites where you used to enter with that email and where the passwords have been stolen.
  5. Go change passwords! Both from your email and from all the pages that appeared to you. Well, and the rest where you may be using the same username and password that you used with the compromised accounts.

Conclusions

We know it’s a hassle to change passwords every once in a while, but so is it to have your account stolen and impersonate you by putting a horrible profile picture. This among many other unmentionable bad deeds that can be done. Now that you can check whether you’re in one of those leaked password databases, we leave it to you.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Ferragens Negrão took control of their data and fulfilled their regulatory obligations thanks to Safetica

Ferragens Negrão secures all of their company’s data with Safetica and is ready for data protection regulations. Safetica also helps control company hardware and the application of control rules for machines.

Problem: Ensure regulatory compliance and facilitate collaboration
Ferragens Negrão, a Brazilian agricultural and construction equipment distributor, wanted to prepare for the new Brazilian General Data Protection Law (LGPD). Furthermore, the company needed to control their data and thus facilitate collaboration amongst employees. The company chose Safetica to accomplish these goals.

Results: Control over data and LGPD-ready
Safetica helped the company keep track of their employees, both in their home offices and at company workplaces, and facilitated compliance with LGPD.

Safetica’s management reports presented Ferragens Negrão with a comprehensive overview of their data security situation, thus giving them the tools they needed to make better business decisions. Safetica provided the company with the ability to create machine-control rules, monitor activities and restrict risky behavior.

Safetica helped the company to have a better control of our users, both on home office and internal, and facilitated the fulfilment of demands coming from LGPD. Because of the management reports, Ferragens Negrão gained overview of the data security situation that supports better decision-making. Safetica lets create machine-control rules, their overview and control.

 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

Ponemon Institute Study 2022: Data incidents caused by insiders up 34 percent from 2020

Ponemon Institute released its ​2022 Ponemon Institute Cost of Insider Threats: Global Report commissioned by the security company ProofPoint.

The company surveyed over one thousand IT and IT security professionals from companies that experienced at least one insider caused incident. The companies were based in North America, Europe, Middle East, Africa, and Asia-Pacific regions.

The report concludes that over the last two years, the frequency and costs of insider data threats have increased across all three insider threat categories

  • careless or negligent employees/contractors
  • criminal or malicious insiders
  • cybercriminal credential theft.

The reason for this increase is the remote and hybrid work environment that led up to The Great Resignation, according to ProofPoint.

Main findings of the report

  • The number of incidents: up by 44 percent in just two years.
  • The frequency of incidents per company: 67% of companies experienced between 21 and 40 incidents per year (up from 60 percent in 2020).

 

Composition of the threat: A negligent insider is the root cause of most incidents.

  • 56% of reported insider threat incidents were the result of a careless employee or contractor (average cost $484,931 per incident).
  • Malicious or criminal insiders were behind 1 in 4 incidents (26%) (average cost per incident of $648,062).
  • Incidents including credential theft, stealing users’ credentials and accessing critical data represent 18% (almost double from the last study). At an average of $804,997 per incident, credential theft is the costliest to remediate.

Cost of the insider threats

  • Organizations impacted by insider threats spent an average of $15.4 million annually (up 34 percent).
  • It takes an average of 85 days to contain an insider incident (up from 77 days). The longer the incident takes to contain, the higher the price (more than 3 months – $17.19 million, less than 30 days – average of $11.23 million). The bigger the company, the higher the price (headcount of more than 75,000 – $22.68 million; headcount below 500 – $8.13 million).
  • The cost of insider threat is greatest in the North America and Europe ($17.53 million and $15.44 million).
  • Financial services and professional services have the highest average activity costs ($21.25 million and $18.65 million, respectively).

In a nutshell, insider threats continue to rise in frequency and remediation cost alike. The risk of malicious insider threats also continues to increase and the verticals that are affected the most are financial and professional services.

Source: ProofPoint.com

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

ESET Research reveals the workings of three teams behind TA410 and a new version of FlowCloud, their complex espionage tool

  • TA410 is an umbrella group comprised of three teams ESET researchers named FlowingFrog, LookingFrog and JollyFrog, each with its own toolset and targets.
  • ESET telemetry shows victims all around the world, mainly in the governmental and education sectors.
  • TA410 had access to the most recent known Microsoft Exchange remote code execution vulnerabilities, (e.g., ProxyLogon in March 2021 and ProxyShell in August 2021).
  • ESET researchers found a new version of FlowCloud, a complex and modular C++ RAT used by FlowingFrog with several interesting capabilities, including:
  1. Controlling connected microphones and triggering recording when sound levels above a specified threshold volume are detected.
  2. Monitoring clipboard events to steal clipboard content.
  3. Monitoring file system events to collect new and modified files.
  4. Controlling attached camera devices to take pictures of the compromised computer’s surroundings.

BRATISLAVA, MONTREAL — APRIL 27, 2022 — ESET Research reveals a detailed profile of TA410, a cyberespionage umbrella group loosely linked to APT10, known mostly for targeting US-based organizations in the utilities sector, and diplomatic organizations in the Middle East and Africa. ESET researchers believe this group consists of three different teams using different toolsets, including a new version of FlowCloud discovered by ESET. It is a very complex backdoor with interesting espionage capabilities. ESET will present its latest findings about TA410, including results from ongoing research, during Botconf 2022.

These teams, referred to as FlowingFrog, LookingFrog, and JollyFrog, have overlaps in TTPs, victimology and network infrastructure. ESET researchers also assume that these subgroups operate somewhat independently, but that they may share intelligence requirements, an access team that runs their spearphishing campaigns, and also the team that deploys network infrastructure.

Most TA410 targets are high-profile organizations in the diplomacy and education sectors, but ESET has also identified victims in the military sector, a manufacturing company in Japan, a mining company in India, and a charity in Israel. An element worth mentioning is that TA410 targets foreign individuals in China. According to ESET telemetry, this happened at least twice; for instance, one victim is a French academic, and another is a member of a diplomatic mission of a South Asian country in China.

Since 2018, ESET has seen various targets of TA410, as depicted on the map.

Map of countries and verticals targeted by TA410

Initial access to targets is obtained by exploiting vulnerable internet-facing applications such as Microsoft Exchange, or by sending spearphishing emails with malicious documents. “This indicates to us that their victims are targeted specifically, with the attackers choosing which entry method has the best chance of infiltrating the target,” explains ESET malware researcher Alexandre Côté Cyr. Even though ESET researchers believe that this version of FlowCloud, used by the FlowingFrog team, is still undergoing development and testing, the cyberespionage capabilities of this version include the ability to collect mouse movements, keyboard activity, and clipboard content, along with information about the current foreground window. This information can help attackers understand stolen data by contextualizing it.

FlowCloud can also gather information about things happening around the victim’s computer by taking pictures using connected camera peripherals and recording audio using a computer’s microphone. “This latter function is triggered automatically by any sound over a threshold of 65 decibels, which is in the upper range of normal conversation volume. Typical sound recording functions in cyberespionage malware are triggered either when an action on the affected machine is performed – for instance, when a videoconference app is run – or when a specific command is sent to the malware by its operators,” clarifies Côté Cyr.

TA410 has been active since at least 2018, and was first publicly revealed in August 2019 by Proofpoint in its LookBack blogpost. A year later, the then-new and very complex malware family called FlowCloud was also attributed to TA410.

For detailed technical analysis, read the blogpost “A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity” on WeLiveSecurity, and follow ESET Research on Twitter for the latest news from ESET Research. For YARA and Snort rules, consult ESET’s GitHub account.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Back Vicarius Unlocks Nmap for Vulnerability Remediation

Vicarius Unlocks Nmap for Vulnerability Remediation

Continue reading

Every Moment Secured on Your Android

Our mobile phones are an undeniable part of our lives in the 21st century. We use them to contact our nearest and dearest, check the news, access the internet, make online purchases and even log into accounts, ideally via multi-factor authentication (MFA). Using MFA can block up to 99% of automated attacks. Undeniably, MFA is important for safe mobile use; however, have you ever thought about which types of MFA are riskiest and why?

Many individuals as well as companies are using call- and SMS-based MFA. It may seem like a great way to authenticate the user. Everyone has a mobile phone they can use to take a secure phone call or receive an SMS. Well, it may not be as straightforward as it seems at first glance.

There are many reasons why you should consider replacing SMS-based MFA:

  • SMS and voice calls are not encrypted. Unfortunately, these are transmitted in cleartext, which makes them more vulnerable to attackers.
  • They are vulnerable to phishing attacks via open source and readily available phishing tools, such as Modlishka.
  • Employees of phone network companies may fall prey to a SIM-swapping attack. They can be tricked into transferring phone numbers to a threat actor’s SIM, allowing attackers to receive MFA codes instead of the victim.
  • Phone service failure. As authentication apps and security keys work offline, SMS needs the phone service to be available. Phone network companies are also exposed to changing regulations, which may also impact the availability of MFA.
  • It is likely that SMS and voice calls are not getting more secure any time soon.

It is not a surprise, then, that in 2020 Microsoft advised its users to stop using SMS- and voice call-based MFA and instead use an authentication app or a hardware key. This by no means suggests that you should completely abandon SMS MFA; it is still better than no MFA. Microsoft itself has kept the option for its users to continue to use SMS-based MFA, proving that it is more secure than not using any form of multifactor authentication.

Keeping Your Mobile Device Secure
If you choose to keep your SMS-based MFA, make sure your mobile device is as secure as it can be. A great way to start is with ESET Mobile Security on your Android mobile devices. It is a solution that ensures security against a multitude of mobile threats while securing users’ data.

ESET Mobile Security aims to provide a safe environment by leveraging its Anti-Phishing feature. It also aims to protect and secure your device from criminal activity using manipulation of users, known as social engineering, into gaining access to sensitive data such as bank account credentials, card numbers, PIN numbers, usernames and passwords.

The feature allows the products to scan its malware and phishing database and determine a website’s security—or not—thus making sure you do not fall prey to a phishing attack. The product’s Anti-Phishing feature integrates with the most common web browsers (Chrome and many others) available on Android devices to provide protection to any and all online activities you desire to carry out.

We recommend you keep Anti-Phishing enabled at all times. All malicious websites, listed in the ESET malware and phishing database, will be blocked and a warning notification will be displayed informing you of the attempted attack.

Other features of ESET Mobile Security include:

  • Antivirus – protection against malware: intercepts threats and cleans them from your device
  • Payment protection – lets you shop and bank safely online
  • App lock – requires extra authentication to access sensitive apps; protects content when you’re sharing a device
  • Anti-Theft – a powerful feature to help protect your phone and find it if it goes missing
  • Network inspector – scans your network and all connected devices to identify security gaps
  • Call filter – blocks calls from specified numbers, contacts and unknown numbers
  • Adware detector – identifies and removes apps that display ads unexpectedly
  • Real-time scanning – scans all files and apps for malware
  • Scheduled scans – checks your device every time you charge it, or whenever you want
  • Security audit – checks an app’s permissions
  • Security report – provides an overview of how secure your device is
  • USB on-the-go scanner – checks any connected USB device for threats
    Up to 5 devices – pay once, protect 5 devices associated with the same Google account

ESET Mobile Security makes your Android phones and devices easy to find and harder to steal, and it helps to protect your valuable data. ESET helps protect the Google Play store and is trusted by millions of users like you around the world, and is dedicated to the online safety and education of children and their parents. Click here to find out more.

If you want to protect your phone with ESET Mobile Security, you’re in luck! From April 25 to May 1, the premium version of ESET Mobile Security will be 50% off. No need for a promotional code; the discount will automatically be added to your checkout! It couldn’t be easier.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

SNMP monitoring: Tips to use the Simple Network Management Protocol

SNMP protocol, whose first version was officially released on 1990 and means Simple Network Management Protocol, is the easiest and simplest way a sysadmin has in order to manage and diagnose problems inside his network devices.

Let’s see what is, how snmp works and why this simple protocol is the essential key for a smooth network environment.

What is SNMP?

In the most general terms, network monitoring means the use of available communication protocols to collect information on the status of communication systems, whether they be routers, land line communications or cell phones. Among them, SNMP raises as the most used monitoring tool.


Do you want to know more about network monitoring?

Remote networks, unified monitoring, intelligent thresholds… discover network monitoring in Pandora FMS Enterprise version.


As we previously said, SNMP works as a mechanism of communication between network devices and a network administrator. Routers, switches, servers, printers…, most of every and each network device supports SNMP protocol. Not only with informative purposes, but also to perform different actions inside those devices (such as remote configuration).

How does SNMP work?

Belonging to the application layer (7th layer of the OSI model), allows communication between network devices. Those known as SNMP agents (request receivers) work in a set of predefined UDP ports, known as SNMP port or SNMP ports. Request receiving port (sent by any available port) is UDP 161 and UDP 162 is used to receive notifications (also known as SNMP trap port).

SNMP protocol works in two different ways: SNMP polls and traps. Polling consists of launching remote queries, either actively or on demand, carrying out operation queries synchronously. Traps, meanwhile, are messages sent by SNMP devices asynchronously, according to changes or events, to configured addresses.

To get the most out of SNMP monitoring, it’s best to use both modes when setting up a monitoring system.

SNMP versions

SNMP currently has three different protocol versions, gathered in different RFCs over time (since first ones on 1988, until today).

Those versions are:

  1. SNMPv1 – defined in RFC 1155, 1156 and 1157, defines the way SNMP works.
  2. SNMPv2 – communication and security improvements of first version. It has two subversions, one on which security is community based (version SNMP2c, RFCs 1901 and 1908), and one on which security is user based (version SNMPv2u, RFCs 1909 and 1910).
  3. SNMPv3 – this third version, which includes and improves security and encryption, has struggled to find a market. The SNMP v3 is defined in RFC 3411 and 3418 and, since 2004, SNMPv3 is known as the actual standard protocol version.

SNMP alerts

Therefore, after knowing how SNMP protocol works, it is clear that one of its main uses are the alerts generated by all devices. Two types can be found in a SNMP monitoring network: synchronous alerts, those requested by an agent SNMP request (known as SNMP polling alerts), and asynchronous alerts, without agent request (known as SNMP traps or snmtraps).

This alert and notification system is the true key of SNMP protocol used in network monitoring tools base their operation of custom alerts. For example, in Pandora FMS we handle a wide range of custom alerts that can be triggered based on these SNMP alerts.

Now lets discuss in more detail what are and how monitoring works based on SNMP polling and SNMP traps.

SNMP trap monitoring

First configure your devices to send traps when specific circumstances are met, and secondly set up a tool that can collect the SNMP traps it receives, whether it be a machine with the necessary services, or a piece of monitoring software. How you configure the SNMP devices will depend on the manufacturer’s model and the device itself, and is carried out from a management interface accesible via a browser and its IP address.

Traps can be received in Linux by using the demon snmptrapd, installed as follows, e.g. on CentOS systems:

# yum install net-snmp-utils net-snmp-libs net-snmp

In our example we’re going to use Pandora FMS to receive and process the SNMP traps. If you already have a Pandora FMS server installed you won’t need any new dependencies, but you’ll have to enable it to receive the traps. Search for snmpconsole in the pandora_server.conf file and enable it as follows:

snmpconsole 1

Once the SNMP traps console is enabled Pandora FMS will be able to receive and process them and display them in the corresponding section:

snmp monitoring

To ensure the incoming traps are arriving correctly, you can consult the corresponding log file, usually at: /var/log/snmptrapd.log.

SNMP trap alerts

Alerts can also be configured via SNMP monitoring for the traps we prepared. In this case they won’t function in the same way as any other module, unlike with SNMP polling, but instead are based on filtering rules. Using these rules we can identify traps belonging to other devices, filter the contents of said trap, OID, etc..

In the next screenshot you can see various alerts created with different filtering options, and actions checking that everything is working fine:

snmp monitoring

SNMP polling monitoring

The protocol works by launching a query against an IP address and requires a specific parameter: the SNMP community string, an alphanumeric chain used to authorize the operation, and which adds an extra layer of security. When an SNMP check is launched against a compatible device, you get a list containing a lot of data that can be difficult to interpret at first:

# snmpwalk –v 1 –c public 192.168.50.14

snmp monitoring

monitorizacion snmp

Each line returned by snmpwalk has an OID (object identifier) and corresponds to a piece of data determined by the device. To better understand what the values returned by the SNMP check are, you can install the system manufacturer’s MIBs (management information base). MIBs are libraries that translate these numeric chains into a legible format allowing us to interpret the data.

Let’s look at some data we’ve got back after executing an SNMP check with the MIBs installed:

snmp monitoring

There are also web sites where you can consult any of these OIDs in case of doubt. If you know the OIDs you want to monitor, you can carry out the query like this by indicating the alphanumeric code that appears after the IP address in question:

monitorizacion snmp

# snmpwalk –v 1 –c public 192.168.1.50 IF-MIB::ifPhysAddress.2

snmp monitoring

Done like this, only the values of the SNMP object queried will be shown, so if you have a monitoring tool the data will be included in the different checks. In this case, we created a basic SNMP monitoring for a few devices using Pandora FMS, and the result is as follows:

snmp monitoring

snmp monitoring

SNMP polling alerts

Once data collection on modules via SNMP polling is being carried out, we can create alerts on Pandora FMS for those modules, executing actions proactively in function of the thresholds we’ve configured, and they work in the same way as any other alerts for any modules on Pandora FMS.

SNMP modules in Pandora FMS

We built Pandora FMS as a flexible monitoring software, capable of monitoring devices, infrastructures, applications, services and business processes. Among them, we have a complete SNMP module.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Protecting small businesses with multiple layers of defense

Post Russia unleashing its attack on Ukraine, there’s a high chance that if you’re working in the cybersecurity sector like me, you’re being asked a series of questions like: Do you think Russia will launch a cyberattack? Should I be worried? What can I do to protect my devices?

These questions are justified as the conflict prompted a series of alerts from government agencies and cybersecurity organizations, setting an expectation of a potentially devastating cyberattack on Ukraine and possibly on those supporting Ukraine. The messages keep coming. More recently on March 21, 2022, the White House issued a Statement by President Biden on our Nation’s Cybersecurity, warning that there is the potential of malicious cyberactivity by Russia against the United States in response to the economic sanctions imposed by western governments.

These messages continue to be broadcast and to encourage maintaining vigilance and ensuring that there are no weaknesses in existing cybersecurity operations and practices. Although the advice is especially targeted at organizations and businesses that fall into the critical infrastructure category, where a disruption can potentially cause chaos as witnessed in the case of Colonial Pipeline, all businesses should take heed and prepare accordingly. Malicious attacks can spread well beyond their intended targets, as has been seen with attacks utilizing the EternalBlue exploit, one of the tools chosen to deliver malicious payloads such as WannaCryptor and NotPetya, which caused unprecedented damage, disruption, and financial loss to victims.

The potential of a zero-day vulnerability being exploited as a cyberweapon is, unfortunately, a real risk. A book authored by Nicole Perlroth, This Is How They Tell Me the World Ends: The Cyberweapons Arms Race, published in February 2021, documents the thriving underground marketplace where governments are often the main customers of zero-day vulnerabilities and exploits.

Having set the scene with the need for preparedness, what technologies and actions should cybersecurity admins at small businesses consider? First, I refer you to an article I published on WeLiveSecurity regarding cyber-resilience and the US’s Cybersecurity and Infrastructure Security Agency (CISA) Shields Up campaign. The advice mentions ESET Dynamic Threat Defense, now known as ESET LiveGuard Advanced, a technology designed to detect zero-day exploits, which should be a priority given that the conflict in Ukraine is ongoing.

ESET LiveGuard Advanced can detect new and previously unknown threats by running them in a cloud sandbox. Detecting threats the first time they are encountered can sometimes demand more processing power and memory than is readily available on employees’ machines. ESET LiveGuard offloads the task of detecting such threats to more powerful machines in the cloud. Once these samples are in the cloud sandbox, they can be subjected to multiple machine learning models and robust detection techniques to classify them as clean, suspicious, or malicious. It’s a zero-day game changer.

Another area of focus should be the reduction of the attack surface to minimize the risk of a bad actor gaining access to your network and identifying a zero-day vulnerability to be exploited either now or in the future. Employee devices typically account for a significant portion of the attack surface, and with hybrid workforces being the new norm, revisiting the policies and technology used to protect endpoint devices will assist with reducing risk. To address the heightened need to protect corporate endpoints with multiple layers of defense, a combined package of protection, such as ESET PROTECT Complete or ESET PROTECT Advanced, is recommended.

If you’re a small business and believe you’re not in danger because you’re not as interesting to bad actors as large enterprises, consider the following statistics. According to ITRC’s 2021 Business Aftermath Report, 58% of small businesses suffered at least one security or data breach, and 44% paid between $250,000 and $500,000 to cover their breach costs.

Just like large enterprises, small businesses handle sensitive data and can become collateral damage from attacks aimed at other targets. Small businesses can also be seen as stepping-stones to attack large enterprises or critical infrastructure business partners. Indeed, no company is too small to be noticed by criminals and, therefore, no company should feel exempt from basic cybersecurity practices.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.