Skip to content

Graylog 7.1: May the Logs Be With You

2025-12-22   A log correlation engine automates the process of linking fragmented event data across diverse systems, transforming raw logs into real-time, actionable insights. By normalizing data and applying correlation rules, it reduces alert fatigue, accelerates incident detection (MTTD), and enables faster root cause analysis for improved security and operational efficiency.

Continue reading

runZero 4.9: IT/OT Topology & Attack Path Mapping

In converged IT/OT environments, visibility is the foundation of defense. runZero 4.9 moves beyond asset lists to provide a unified source of truth, visualizing reachability and highlighting the risks that matter most.
Strategic Insight: 30% of OT assets are typically only one hop away from an internet-exposed device. runZero identifies these hidden “bridges” before attackers do.
 

Attack Path Mapping

Visualize 2D and 3D trajectories from initial compromise to operational shutdown. Identify high-risk pivot points and harden your choke points.

 

Sub-Asset Discovery

Peer behind protocol gateways like Modbus and BACnet to enumerate the PLCs and fieldbus devices that were previously invisible.

 

Bridge Detection

Automatically surface “multi-homed” devices connected to multiple networks, bypassing your firewall and segmentation strategies.

 

Operationalizing the Air-Gap

Stop relying on the “Segmentation Illusion.” runZero 4.9 ensures your air-gap is a reality by unmasking “insecure by design” protocols and identifying the forgotten workstations that turn minor IT breaches into catastrophic operational failures.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Portnox Connect for Windows: Frictionless Security

Portnox Connect for Windows

Eliminating the Onboarding Friction in Secure Access

Onboarding users to a secure, certificate-based network has traditionally been a logistical challenge. Portnox Connect for Windows removes the complexity, allowing organizations to maintain the highest security standards while providing a “two-click” experience for the end user.
Why Automation Matters: Manual certificate installation and network configuration are prime sources of misconfiguration. By automating these tasks, Portnox reduces support tickets and eliminates the human error that leads to vulnerabilities.
 

Operational Impact

For IT Teams: Reduced helpdesk volume, faster hardware rollouts, and guaranteed policy compliance across all endpoints.
For End Users: A clean, intuitive onboarding wizard that handles security configurations in the background.
 

Zero Trust Ready

In modern, perimeter-less environments, consistent verification is essential. Portnox Connect ensures that every Windows device is properly provisioned and verified before gaining network access—seamlessly aligning your fleet with a Zero Trust security framework.

2026 MSP Threat Report Summary

The era of the “break-in” is over. Attackers are now leveraging valid credentials and session tokens to bypass traditional perimeters. The latest telemetry from Guardz highlights a shift toward quiet, identity-driven campaigns.

89%
SMBs with confirmed credential compromise
2,000%
Spike in Google Workspace OAuth abuse
25:1
Non-human to human identity ratio
 

The Evolution of Stealth: BEC 3.0

Attackers are moving away from loud malware and toward “living-off-the-land” techniques. By monitoring legitimate email threads for weeks, adversaries use AI-generated voice and context-aware messaging to authorize fraudulent transactions without ever triggering a security flag.

 

RMM: The New Command & Control

RMM tool abuse now accounts for 26.2% of all endpoint threats. By exploiting legitimate tools like ScreenConnect and NinjaRMM, attackers create encrypted channels that are indistinguishable from authorized MSP traffic.

 

Immediate Operational Priorities

  • Phishing-Resistant MFA: Standardize on FIDO2/Passkeys to prevent session hijacking.
  • OAuth Governance: Audit application grants and enforce admin-level approval requirements.
  • Behavioral Monitoring: Monitor inbox rules and non-human identity patterns in real-time.
  • Kill Legacy Auth: Disable outdated protocols via Conditional Access to prevent MFA bypass.

Download the full 2026 State of MSP Threat Report

Healthcare Guide: HIPAA-Compliant Remote Access

In an era where healthcare professionals work across diverse locations, the traditional network perimeter has dissolved. Protecting electronic Protected Health Information (ePHI) requires more than just a password; it requires a comprehensive Zero Trust strategy.

Market Insight: In 2025, the average cost of a healthcare data breach rose to $7.42 million, marking the 14th consecutive year the industry has held the highest breach costs.

The Core Compliance Framework

Administrative

Managing the human element: risk assessments, incident response plans, and continuous training.

Physical

Hardening the environment: Device encryption and secure workstation management.

Technical

The digital vault: Multi-factor authentication (MFA) and AES-256 bit data encryption.

The Business Associate Agreement (BAA)

Compliance is a shared mandate. Before any vendor handles patient data, a BAA must be executed. This contract ensures that third-party partners implement the same rigorous security standards as the provider. Organizations like NordLayer offer a HIPAA BAA to streamline this legal and technical requirement.

Strategic Implementation

  • Zero Trust Network Access (ZTNA): Verifies every connection attempt based on user identity, device health, and context.
  • Principle of Least Privilege: Grants users access only to the specific clinical systems required for their role.
  • Continuous Auditing: Maintains immutable logs of all remote sessions to ensure audit readiness for the HIPAA Security Rule.

Penta Security Achieves Triple Recognition at 2026 Globee Awards

CVE-2026-3854: GitHub Enterprise Server RCE

Risk Impact: Successful exploitation allows for complete system compromise. Immediate patching is required.

Required Updates

BranchPatch Version
3.14.x3.14.25+
3.15.x3.15.20+
3.16.x3.16.16+
3.17.x3.17.13+
3.18.x3.18.7+
3.19.x3.19.4+

 

Network Hunting

Use the following query in your runZero Software Inventory to locate all GHES installations:

vendor:=GitHub AND product:="Enterprise%"

Post-Mortem: Defeating Conversational Phishing

Phishing has evolved. Today’s most dangerous attacks don’t use malware—they use social engineering. By mimicking the tone of professional security researchers, attackers are attempting to hack your sense of responsibility rather than your network.

The Core Lesson: Security tools are designed to surface risk, but human intuition is required to validate it. Defense-in-depth is only effective when technology and training act in concert.

 

The Anatomy of the Attack

The threat actor utilized a classic “responsible disclosure” lure. By addressing our leadership directly and requesting to report a “critical vulnerability,” they manufactured a professional obligation that encouraged us to engage. Crucially, the email contained no malicious links or attachments—it was designed purely to initiate a conversation.

 

The Defense Strategy

We avoided compromise through a two-layered defense:

  • Layer 1 (Technical): Our email filter correctly applied a “First-time sender” yellow warning banner, serving as the initial trigger for caution.
  • Layer 2 (Human): A security-trained team member utilized the five-minute verification rule: researching the sender’s digital footprint, the authenticity of the consultancy, and cross-referencing industry patterns.

 

Building a Culture of Readiness

To defend against modern social engineering, security awareness must shift from static presentations to dynamic, ongoing habits:

  • Continuous Training: Replace annual presentations with regular, short-burst sessions on emerging threats.
  • Real-World Simulations: Test your team with spoofed meeting invites and urgent alerts to build operational instincts.
  • Inclusivity: Executive and administrative staff are prime targets; ensure your program covers them comprehensively.

The attackers are patient and professional. Your best defense is not a better spam filter, but the disciplined pause before hitting Reply.

ESET introduces Cloud Workload Protection for ESET PROTECT customers

 

ESET launches Cloud Workload Protection and AI enhancements for ESET PROTECT customers

Protect your cloud infrastructure across AWS, Azure, and GCP with AI-powered, multilayered security. ESET’s Cloud Workload Protection prevents malware, blocks threats early, and reduces downtime to keep workloads secure and available.

It feeds VM data into the ESET PROTECT XDR platform for improved visibility and control. Unlike many competitors, this capability is included at no extra cost for ESET PROTECT customers (excluding Entry), making advanced cloud security more accessible and cost-effective.

LEARN MORE

Explore ESET Cloud Workload Protection benefits

Block Targeted Attacks

ESET leverages global threat intelligence to prioritize and block new threats before widespread delivery.

Managed from a Unified Console

Managed from a Unified Console

Manage all ESET cloud VMs, endpoints, and mobile devices through the unified ESET PROTECT console.

Block Targeted Attacks

ESET leverages global threat intelligence to prioritize and block new threats before widespread delivery.

Ransomware Shield & Remediation

Adds ransomware protection with automated rollback and seamless file restoration from secure backups.

Advanced Multilayered Technology

Decades-built AI-powered ESET technology delivers award-winning detection engine and globally trusted protection core.

Seamless Integration

Activate security on cloud VMs in clicks via ESET PROTECT integrations with AWS, Azure, GCP.

Extended Visibility and XDR

Cloud telemetry feeds ESET PROTECT XDR, enabling admins to control, automate response, and hunt threats.

ESET Cloud Workload Protection

Protect your cloud virtual machines (VMs) from advanced cyber-threats

REQUEST A DEMO
MAKE AN ENQUIRY

Penta Security: 2026 Globee Award Triple Win

2025-12-09  Real-time log encryption is now essential because logs contain sensitive data and serve as blueprints for sophisticated attackers like APTs and ransomware groups. Following incidents like the Salesforce third-party breach, organizations must treat logs as critical assets requiring protection from the moment they’re created. This proactive approach, exemplified by solutions like Penta Security’s D.AMO, neutralizes damage if storage is compromised and enhances threat detection by preventing attackers from analyzing unencrypted system architecture and account patterns.

Continue reading