2024 Archives - Page 39 of 86 - Version 2 Limited

End-of-life assets: managing risks in outdated technology

Make new friends, but keep the old: one is silver, the other gold.

Despite enormous advances within information technology, security practitioners are still plagued by common problems. Advances in cybersecurity defenses and overall security awareness are helpful, but organizations still struggle with end-of-life (EOL) assets scattered across the attack surface. This can be a surprisingly difficult problem to solve and, most importantly, from the attacker’s perspective, EOL assets still provide easy footholds into an environment.

End-of-life is not the end

All of the system hardening and security patches in the world cannot protect a system that is not updated to use those features. System vendors generally provide patches and updates for a limited timespan. After that point, end users must invest in an upgrade to a newer version of the system or fend for themselves and hope for the best with an EOL, outdated asset lurking on the attack surface.

EOLed systems often stick around for years, mostly forgotten but still part of an organization’s infrastructure and, therefore, its attack surface. New vulnerabilities are still discovered and exploited in these outdated systems as the April 2024 D-Link NAS issue illustrated. Despite the known exposure, being EOL means that fixes will not be forthcoming.

While this may seem like an academic exercise, EOLed systems are surprisingly common. Our findings show many still-active EOLed operating systems in various environments.

Operating system end-of-life

Operating systems typically have multiple phases of vendor support, referred to as a support lifecycle. The duration of the lifecycle and services provided in various stages vary from vendor to vendor, usually tapering off with fewer updates and patches in later stages.

The two phases we are most concerned with are:

Mainstream support during which vendors release patches that may add new features, fix bugs, or mitigate security vulnerabilities.
Extended support during which only critical bugs and vulnerabilities are addressed.

While some vendors’ terminology and phases may slightly differ, generally speaking, most support lifecycles can be broadly mapped to these two phases.

When a vendor stops providing upgrades for non-critical issues, the product is considered in an “End-of- Life” (EOL) status. There may be an additional period known as “Extended-End-of-Life” (EEOL) during which the vendor continues to provide updates for critical issues. EOL and EEOL can happen concurrently or separately depending on the system and the vendor. Most importantly, after EOL, systems no longer receive critical updates or security patches, and thus become much greater risks to keep around.

But around they are! Systems have a long tail: if they still work, replacing them with a supported alternative may be more trouble than it’s worth. In some cases, the responsible staff can’t or won’t; in others, the system may host critical functions that are not supported on newer systems. Uptime guarantees and financial considerations may also play a role.

When we look at our sample data for operating systems that are past their extended EOL dates, we see that chart toppers are a pretty even split between Windows and various Linux distributions:

FIGURE 1 – Top OS past extended EOL.

The presence of Ubuntu 18.04 isn’t surprising as it only reached Extended EOL just over a year ago in June of 2023. Ubuntu is often a go-to Linux distribution for businesses and home users alike as well as very popular in cloud environments. Windows Server 2012 R2 is also unsurprising; it reached extended EOL only very recently, in October of 2023. While running an OS a year past extended EOL is unfortunate, it’s not unusual for server migrations to drag on past EOL dates due to logistical and compatibility concerns.

The next major group is composed of various Windows 10 releases that, were they combined, would dominate the chart at 21.55%. Most of these are running the Windows 10 21H2 which reached extended EOL very recently in June 2024. Windows 10 was originally released in July of 2015. Microsoft has generally released two major updates for it every year since. Typically, updates released in the first half of the year are supported for 18 months and those released in the second half are supported for 30 months. There are some variations on this theme, with Long-Term Servicing Channel (LTSC) editions, for example, having longer lifespans. Windows 10 22H2 is the final version of Windows 10 and will reach extended EOL in October 2025.

FIGURE 2 – Windows 10 past extended EOL.

Exposed systems past extended EOL

While operating systems outside of their extended lifespans are always worth looking into, those with exposure to an external attack surface are particularly worrisome. Of all systems exposed to an external attack surface and for which EOL data was available, 15.99% were past their extended EOL dates. That means that roughly 16% of all devices exposed to external attackers are probably not receiving security updates.

For server operating systems specifically, when we group them by family, we see that the largest block are Windows hosts. The percentage may be higher than expected based on Figure 1 above. This is due the long tail of various Windows Server versions going back to Server 2008 R2.

FIGURE 3 – Server operating systems with external attack surface exposure, past extended EOL.

Case study: the Boa web server

The Boa webserver is an open source web server designed to have low resource requirements for users and to be compatible with embedded applications. The last official release of the Boa webserver, version 0.94.14rc21, was in February of 2005. For comparison, the Colts have won a Super Bowl more recently than the latest release of the Boa web server, and the Colts haven’t won a Super Bowl since 2007!

There are known vulnerabilities in Boa that have been exploited in critical infrastructure in the past. For example, in November 2022, Microsoft disclosed that Boa web servers in Internet-of-Things (IoT) devices were a common attack vector against power grids in India.

While it is relatively easy for an administrator to determine if a server is running Boa, it is much harder to detect in an embedded device. Boa is common in embedded devices like security cameras and IP phones that are widely deployed in enterprise networks. Therefore, curating an accurate inventory of an organization’s embedded devices, not just servers, that are running Boa is critical for protecting these networks.

FIGURE 4 – Boa web server version distribution in runZero data.

Embedded devices running Boa
Network-attached camera	92.3%
Media & telephony devices	5.5%
Environmental control devices	0.9%
Network devices	0.9%
Industrial control devices	0.3%

FIGURE 5 – Device types still running Boa in sample runZero data.

New-Old Friends

We’d be remiss if we didn’t mention common operating systems that will reach extended EOL soon. If any of these operating systems are running in your environment, we strongly recommend that you start planning for replacement or mitigation sooner rather than later.

FIGURE 6 – Common OS approaching extended EOL.

Final Thought

The prevalence of EOL systems within organizational networks remains a significant security concern. Despite advancements in security technology and practices, these outdated assets continue to provide attackers with easy entry points. Addressing this issue requires a proactive approach to asset discovery, exposure mitigation, and vigilant attack surface management to ensure that all components of your network, regardless of age, are secure and up-to-date.

runZero customers can find assets that are past their extended EOL by using the Policy: Extended End-of-Life operating systems canned query. You may need to add the OS EOL Ext. column in the Asset inventory in order to view the value.

Don’t forget to download the runZero Research Report to learn more about the state of asset security.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

runZero 2024

Subnets. What is a subnet? How does it work?

Subnetting is the process of dividing a network into several smaller, independent subnets. Each subnet is a portion of the core network that follows a specific logic. We know the definition of the use of subnets in local networks that we could use in our company, y, since the benefits of using subnetting are several:

Increase of network performance: The amount of data traffic on a network with subnets is reduced, as traffic can be directed only to the necessary subnet. This also decreases broadcast traffic (packets that are sent to all devices on the network), being able to send them only to specific subnets.
Improved network security: Subnets may be isolated from each other, making it easier to establish boundaries between different network segments by means of a firewall.
Ease of network management: Having multiple subnets increases flexibility in network management compared to working with a single network.

Content:

Definition of subnets
Process for creating subnets
Subnet-to-subnet communication
IPv6 Subnets
Creating an IPv6 Subnet
Point-to-point networks
Point-to-point subnets
Subnet disadvantages and limitations
What do the different parts of an IP address mean?
Importance of subnets
What is a subnet mask?
Conclusion

Process for creating subnets

Before you start creating subnets, it is important to know three key concepts:

Original IP Address: This is the base IP address from which you will start to create the necessary subnets. IPv4 addresses are divided into classes (A, B, C, D and E). In LAN networks, Class A (10.0.0.0 – 10.255.255.255), Class B (172.16.0.0 – 172.31.255.255), or Class C (192.168.0.0 – 192.168.255.255) addresses are generally used.
Subnet Mask: It indicates which part of the IP address corresponds to the network and subnet number and which part corresponds to hosts. In addition, it also tells devices to identify whether a host is within a local subnet or comes from a remote network.
Broadcast address: It is the highest address of a subnet and allows simultaneous traffic between all nodes of a subnet. A packet sent to the broadcast address will be sent to all subnet devices.

Once these concepts are clear, you may begin to calculate the subnets.

Choosing the source IP address: The choice of this source IP for a local network will usually be class A, B or C and will depend on the number of hosts you need on your network. For the example, we will use the class C address 192.168.1.0/24.
Determining the number of subnets: You need to decide how many subnets you wish or need to create. The more subnets, the fewer IP addresses will be available to hosts. In our example we will create 4 subnets.
Subnet Mask Calculation: Starting from the IP 192.168.1.0/24, where /24 indicates that we use 24 bits for the subnet, which leaves 8 bits for the hosts. This translates to binary as:
11111111.11111111.11111111.00000000
subnet bits (24) host bits (8)
Borrowing bits for subnets: To create subnets, take bits from those available for hosts. The formula to calculate how many bits you need is:
2^n >= N
Where N is the number of subnets (4 in our example) and n is the number of bits needed. Here, n equals 2, since: 2^2 >= 4
New Subnet Mask: By taking 2 bits from hosts, the new subnet mask will be:
11111111.11111111.11111111.11000000
subnet bits (26) / host bits (6)
This translates to /26 or 255.255.255.192.
Assigning source IP addresses for each subnet: Using the two borrowed bits, you get the following combinations:
192.168.1.0/26
192.168.1.64/26
192.168.1.128/26
192.168.1.192/26
Calculating IPs for each subnet: For each subnet, calculate the first and last usable IP address and broadcast address:
- Subnet 192.168.1.0/26:
  - First IP: 192.168.1.1
  - Last IP: 192.168.1.62
  - Broadcast address: 192.168.1.63
- Subnet 192.168.1.64/26:
  - First IP: 192.168.1.65
  - Last IP: 192.168.1.126
  - Broadcast address: 192.168.1.127
- Subnet 192.168.1.128/26:
  - First IP: 192.168.1.129
  - Last IP: 192.168.1.190
  - Broadcast address: 192.168.1.191
- Subnet 192.168.1.192/26:
  - First IP: 192.168.1.193
  - Last IP: 192.168.1.254
  - Broadcast address: 192.168.1.255

Summarizing in a table:

Subnet	First IP	Last IP	Main IP	Broadcast IP
192.168.1.0/26	192.168.1.1	192.168.1.62	192.168.1.0	192.168.1.63
192.168.1.64/26	192.168.1.65	192.168.1.126	192.168.1.64	192.168.1.127
192.168.1.128/26	192.168.1.129	192.168.1.190	192.168.1.128	192.168.1.191
192.168.1.192/26	192.168.1.193	192.168.1.254	192.168.1.192	192.168.1.255

To make the task of performing these calculations easier, there are online calculators such as this one.

Subnet-to-subnet communication

Although subnets may be part of the same local network, let us not forget that now each subnet is a different network. A router is required for devices on different subnets to communicate. The router will determine whether the traffic is local or remote using the subnet mask.
Each subnet connects to a router interface, which is assigned an IP from those available for hosts. This address will be the default gateway that we will set on the computers in that subnet. All computers must have the same subnet mask (255.255.255.192 in our example).

IPv6 Subnets

Creating IPv6 subnets is different and often less complex than IPv4 ones. In IPv6 there is no need to set aside addresses for a network or broadcast address. Considering that IPv4 sets aside addresses for the main network and the broadcast address in each subnet, these two concepts do not exist in IPv6.

Creating an IPv6 Subnet

An IPv6 Unicast address has 128 bits in hexadecimal format. These 128 bits are divided into the following elements:

Global Routing Prefix: The first 48 bits indicate the portion of the network assigned by the service provider to a client.
Subnet ID: The next 16 bits after the global routing prefix are used to identify the different subnets.
Interface ID: The last 64 bits are the equivalent of the host bits of an IPv4 address. This allows each subnet to support up to 18 quintillion host addresses per subnet.

To create IPv6 subnets, just incrementally increase the subnet ID:
Example:

Global routing prefix: 2001:0db8:000b::/48
Subnets:
- 2001:0db8:000b:0001::/64
- 2001:0db8:000b:0002::/64
- 2001:0db8:000b:0003::/64
- 2001:0db8:000b:0004::/64
- 2001:0db8:000b:0005::/64
- 2001:0db8:000b:0006::/64
- 2001:0db8:000b:0007::/64

Point-to-point networks

A point-to-point network is a particular type of network that directly communicates between two nodes, making communication between them easier, since each data channel is used to communicate only between those two devices.

Point-to-point subnets

A point-to-point subnet is a type of subnet with a /31 mask, which leaves only two addresses available to hosts. A broadcast IP is not needed in this type of configuration, as there is only communication between two computers.
These types of networks are usually used more in WAN than in LAN, and have the particularities that they are very easy to configure and at low cost, but they are not scalable nor their performance is the best, since all devices may work as client and server in a single link.

Subnet disadvantages and limitations

Although subnets provide several advantages, they also have limitations:

Network design complexity: The initial design and configuration may be challenging, and it is necessary to maintain a clear outline of the whole network for proper maintenance.
Waste of IP addresses: Each subnet needs to set aside two IPs (primary address and broadcast address) that cannot be assigned to devices. In addition, if subnets are isolated and all have the same size, unused addresses in one subnet cannot be used in another.
Appropriate router required: A router capable of handling the infrastructure is required, increasing complexity in routing tables.

Despite these limitations, the benefits of subnetting often outweigh the disadvantages, making it a common practice for many companies to improve the performance and security of their networks.

What do the different parts of an IP address mean?

This section focuses on IPv4 addresses, which are presented as four decimal numbers separated by periods, such as 203.0.113.112. (IPv6 addresses are longer and use letters and numbers.)
Each IP address has two parts. The first part indicates to which network the address belongs. The second part specifies the device on that network. However, the length of the “first part” changes depending on the network class.
Networks are classified into different classes, labeled A through E. Class A networks can connect millions of devices. Class B and class C networks are progressively smaller. (Class D and Class E networks are not commonly used).

Network Class Breakdown

Class A Network: Everything that goes before the first point indicates the network, and everything that goes after specifies the device on that network. If you use 203.0.113.112 as an example, the network is indicated with “203” and the device with “0.113.112.”
Class B Network: Everything that goes before the second point indicates the network. If you use 203.0.113.112 again as an example, the network is indicated with “203.0” and the device within that network with “113.112.”
Class C Network: In class C networks, everything that goes before the third point indicates the network. If you use the same example, “203.0.113” indicates the class C network, and “112” indicates the device.

Importance of subnets

Building IP addresses makes it relatively easy for Internet routers to find the right network to direct data to. However, on a Class A network, for example, there may be millions of devices connected, and the data may take time to find the right device. That is why subnets are useful: subnets limit the IP address for use within a range of devices.
Since an IP address is limited to indicating the network and address of the device, IP addresses cannot be used to indicate which subnet an IP packet should go to. Routers on a network use something known as a subnet mask to classify data into subnets.

What is a subnet mask?

A subnet mask is like an IP address, but only for internal use within a network. Routers use subnet masks to direct data packets to the right place. Subnet masks are not indicated within data packets traversing the Internet: those packets only indicate the destination IP address, which a router will match to a subnet.

Subnet Mask Example

Suppose an IP packet is addressed to the IP address 192.0.2.15. This IP address is a class C network, so the network is identified with “192.0.2” (or technically, 192.0.2.0/24). Network routers forward the packet to a server on the network indicated by “192.0.2.”
Once the packet reaches that network, a router on the network queries its routing table. It performs binary mathematical operations with its subnet mask of 255.255.255.0, sees the address of the device “15” (the rest of the IP address indicates the network) and calculates which subnet the packet should go to. It forwards the packet to the router or switch responsible for delivering the packets on that subnet, and the packet arrives at IP address 192.0.2.15.
In short, a subnet mask helps routers classify and route traffic efficiently within a large network, thereby improving network performance and organization.

Conclusion

Subnetting is a kay technique for dividing large networks into more manageable subnets, thereby improving network performance, security, and management. Although the process can be complex, online tools and calculators can make it significantly easier. Understanding and effectively applying subnetting is essential for any network administrator.

Olivia Díaz

Market analyst and writer with +30 years in the IT market for demand generation, ranking and relationships with end customers, as well as corporate communication and industry analysis.

Analista de mercado y escritora con más de 30 años en el mercado TIC en áreas de generación de demanda, posicionamiento y relaciones con usuarios finales, así como comunicación corporativa y análisis de la industria.

Analyste du marché et écrivaine avec plus de 30 ans d’expérience dans le domaine informatique, particulièrement la demande, positionnement et relations avec les utilisateurs finaux, la communication corporative et l’anayse de l’indutrie.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Pandorafms 2024

What NordPass can do that OS-specific password managers can’t

It’s not about the name – it’s about functionality

Apple recently made headlines with the launch of Apple Passwords, a new password management app currently in beta for iOS 18 users. Although this is significant news, this isn’t the first time a major tech player has ventured into password management. Microsoft introduced its Windows Credential Manager with Windows XP back in 2001, and it has been a part of every version of Windows since then, continuously updated.

When a big name like Apple releases a new product, there’s always a buzz about it aiming to be the best in its category. However, a big brand name doesn’t always guarantee the best option available—though it doesn’t mean the product is bad either.

So, when it comes to choosing the right password manager, it’s important to look beyond the brand and focus on functionality. To help with that, let’s compare the features of these OS-specific password managers with NordPass and highlight the elements that stand out.

OS-specific password managers vs. NordPass

When comparing NordPass to platform-specific password managers, two key factors to consider are security and ease of use. Let’s dive into these aspects in detail:

Security

Although the core function of all password managers is to keep all passwords safe in one place, it is not that all password managers provide the same level of protection.

Password storage

Microsoft Credential Manager stores passwords locally on your device and encrypts them using the Windows Data Protection API (DPAPI). This setup is convenient for Windows users, but it relies on the security of the Windows operating system itself. Apple Passwords, in contrast, stores passwords in the iCloud Keychain, allowing secure access across all Apple devices.

NordPass takes a slightly different approach by keeping all passwords and other sensitive data in an encrypted cloud vault that can be accessed from any device. Moreover, NordPass uses XChaCha20, an encryption standard known for its exceptional security and performance, to encrypt the data before it is uploaded to the cloud. This ensures that all the information stored in the vault remains fully secure.

The zero-knowledge architecture

The term “zero-knowledge architecture” describes a design where a product is built so that the provider cannot access the user’s data stored in the system or service. Microsoft Credential Manager doesn’t fully follow this approach. Although it encrypts passwords, the encryption keys and processes are managed by Windows, which means Windows itself could potentially decrypt the data.

Apple Passwords uses a version of zero-knowledge with end-to-end encryption. This setup ensures that Apple can’t access your passwords because only your device holds the decryption keys.

NordPass goes all in with zero-knowledge architecture, with encryption and decryption occurring only on the user’s device to ensure that no one—including the NordPass team—can access their passwords.

Safe credential sharing

Microsoft Credential Manager doesn’t offer a built-in way to share passwords, so you have to do it manually, which can be quite risky. Apple Passwords makes sharing easier and more secure by using AirDrop and iCloud, with encryption to protect your credentials during transfer. NordPass, however, offers secure password-sharing features directly in the app, allowing you to share passwords with trusted contacts through encrypted channels.

Ease of use

The ease of use for password managers largely depends on their compatibility with your devices and how simple it is to use and manage your stored passwords. Let’s look at how these aspects compare among the OS-specific solutions and NordPass.

Compatibility

Windows Credential Manager is well-integrated with the Windows system but is limited to Microsoft environments. It only supports browser extensions for Internet Explorer and Microsoft Edge, which might be inconvenient for users who prefer other browsers.

The Apple Passwords app works seamlessly across Apple devices like iPhones, iPads, and Macs, and integrates well with various Apple services. It also offers browser extensions for Safari, providing a smooth experience for users within the Apple ecosystem. However, its support for non-Apple platforms and browsers is highly limited.

NordPass offers broad compatibility across multiple operating systems, including Windows, macOS, Linux, iOS, and Android. It also provides extensions for popular browsers like Chrome, Firefox, and Edge, ensuring a consistent experience regardless of the platform or browser you’re using.

Login experience

Microsoft Credential Manager does a decent job with autofill and autosave for Windows apps, but it’s quite basic compared to other options. Apple Passwords excels at autofill and autosave features within the Apple ecosystem. It automatically fills in login details and saves new passwords across Safari and other supported apps, making it easy for users to manage their credentials on Apple devices.

NordPass offers robust autofill and autosave features across various browsers and applications. It ensures that your credentials are automatically filled in and saved as you browse, making password management effortless. NordPass also provides seamless integration with its mobile and desktop apps, enhancing the overall user experience.

Additional features

Some modern password managers do more than just help you manage your passwords – they offer extra features that can boost your cybersecurity and make navigating the online world somewhat easier. However, this isn’t true for all of them.

OS-specific solutions

Microsoft Credential Manager mainly focuses on handling credentials without offering much beyond that. Its key extra feature is support for Windows Hello, which allows you to log in using biometric authentication.

Apple Passwords, on the other hand, provides a wider range of features. It can detect weak, reused, and compromised passwords, generate strong new ones, and sync credentials across Apple devices. It also integrates with two-factor authentication, generating and autofilling verification codes for supported accounts. These features make Apple Passwords a more optimal choice for Apple customers.

NordPass

NordPass includes the features of Apple Passwords, such as password health checks, secure credential sharing, two-factor authentication (2FA), password generation, and data breach alerts. But it also offers some additional benefits:

Email Masking: This feature lets users create temporary email addresses for signing up for services or newsletters so that they don’t have to share their real email addresses.
Activity Log: With NordPass, businesses can keep an eye on all account access activity across their organizations, making sure that only the right people are getting into the right resources.
Data Breach Scanner: Apple Passwords can alert you if your passwords are compromised, and so can NordPass. But NordPass goes a step further with its advanced data breach monitoring tool for businesses. It scans the dark web for any mentions of a company’s credentials and sends instant alerts if its business information is at risk.
Company-Wide Settings: NordPass also lets organizations set and enforce a strong password policy for all employees. This ensures everyone uses secure passwords, enhancing overall security.

Additionally, by making it easy to onboard and offboard members, and featuring a user-friendly design that’s easy to navigate, NordPass provides a comprehensive solution that covers a lot of cybersecurity ground. This allows both individual users and organizations to protect themselves more effectively and enjoy greater freedom online.

What are the risks associated with using an OS-specific password manager?

First off, using a password manager tied to a specific OS, like Apple Passwords, can cause issues if you want to sync or access your passwords across different devices, unless they’re all from Apple. This could lock you into one vendor’s ecosystem and make it difficult to switch platforms later without losing access to your passwords. There are also potential security risks if the OS updates, which could affect how the password manager works and lead to compatibility issues or vulnerabilities.

For companies, the problems can be even bigger. Employees on different operating systems might face inefficiencies because there’s no unified solution, leading to downtime and decreased productivity. IT departments would need to manage multiple systems, which can be more complex and require more time to support and maintain. This might also mean extra training, which adds to the costs.

Additionally, since it’s uncommon for all employees to use the same brand of device, enforcing consistent security policies for multiple password managers becomes challenging. This can create security gaps and make it harder to meet some industry standards and data privacy regulations.

Give NordPass a try and form your own opinion

We could go on to explain the differences between NordPass and OS-specific password managers, and point out how we think NordPass excels in terms of security and usability. However, it’s always better to feel the difference rather than just hear about it.

Therefore, we encourage you to try our 14-day free trial for the Business plan (30 days for Premium) and see for yourself how NordPass offers an enhanced password management experience beyond what you might expect from similar tools. We’d be interested to hear your thoughts!

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Nord Security NordPass 2024

Understanding the differences between DORA and NIS2

Are you prepared for the new cyber storm on the horizon? Major regulatory changes are coming that will impact many European organizations. With the rise of cyber threats in recent years, European governments have introduced new regulations to strengthen the cybersecurity requirements for organizations across industries.

Two major upcoming directives—DORA and NIS2 from the European Union—aim to bolster cyber resilience for essential services. Strengthening defenses is crucial, yet sorting through shifting security rules and standards can feel overwhelming.

While both address improving cyber defenses, these regulations differ in scope and requirements. This guide is here to help you navigate the changes with clarity. We’ll explore the key details of each directive, compare their differences, and discuss how to prepare your organization for compliance.

What is DORA?

The Digital Operational Resilience Act (DORA) is an EU regulation aimed at ensuring the financial sector within the EU can withstand, respond to, and recover from all types of ICT-related disruptions and threats. It focuses specifically on financial entities like banks, investment firms, and others that provide critical financial services.

The primary goal of DORA regulation is to enhance operational resilience and manage risks associated with third-party service providers. Set to take effect in January 2025, DORA will significantly impact financial sector organizations operating within the European Union.

What is NIS2?

The Revised Network and Information Systems (NIS2) Directive is an updated EU cybersecurity law that expands the scope of its 2013 predecessor. NIS2 broadens the categories of “important” and “essential” entities subject to the regulation beyond just operators of critical infrastructure like energy, transport, banking, financial market infrastructures, and health.

The directive also imposes new requirements for supply chain security, risk assessments, incident reporting, and third-party risk management. The NIS2 Directive will be enforced starting in October 2024 and apply to any essential service provider operating within the EU.

Why are NIS2 and DORA important?

Attacks can disrupt essential functions and compromise privacy as more services and personal data move online. To mitigate cyber risks, both NIS2 and DORA aim to increase operational resilience and security practices across crucial sectors.

Therefore, the two directives are crucial for businesses due to several compelling reasons:

Enhanced cybersecurity. DORA focuses on the financial sector, emphasizing operational resilience and risk management, ensuring financial entities can withstand and quickly recover from cyber incidents. NIS2 applies to a broader range of essential service providers, significantly bolstering their cybersecurity measures.
Regulatory compliance. Both directives set strict regulatory requirements. Non-compliance can lead to hefty fines, sanctions, and damage to a company’s reputation. Ensuring compliance helps businesses avoid these financial and legal risks, maintaining a positive standing with regulators and customers.
Customer trust & confidence. Compliance with NIS2 and DORA demonstrates a business’s commitment to protecting personal and financial data, fostering trust and confidence among customers. This trust can translate into customer loyalty and a competitive edge in the market.
Operational resilience. Both directives aim to enhance the resilience of critical infrastructure. DORA ensures that the financial sector can continue operating smoothly during cyberattacks, whereas NIS2 focuses on ensuring the continuity of services provided by essential entities across various sectors.
Supply chain security. NIS2 requires businesses to assess and manage risks associated with their third-party vendors, mitigating potential vulnerabilities. DORA also includes provisions for third-party risk mitigation, ensuring robust measures are in place to manage risks from external service providers.
Incident reporting & response. Both NIS2 and DORA mandate comprehensive incident reporting and response mechanisms, ensuring businesses can promptly detect, respond to, and recover from cyber incidents. Regular breach reporting and analysis help improve overall cybersecurity strategies.
Harmonized standards. These directives aim to harmonize cybersecurity standards across the EU, creating a more consistent and secure digital environment. This simplifies compliance efforts and ensures businesses operate at the highest security standards across all regions.
Future-proofing. As cyber threats evolve, regulatory requirements are likely to become more stringent. By complying with DORA and NIS2, businesses position themselves ahead of the curve, proactively adopting best practices to adapt to future regulatory changes.

Key differences between NIS2 and DORA

Even though NIS2 and DORA directives may seem similar, there are some key differences organizations should be aware of. While both frameworks aim to bolster security, their scopes, sectors, compliance dates, and requirements vary.

Scope: DORA applies to financial sector entities within the EU, while NIS2 Directive covers all essential service providers across the EU
Sectors: DORA targets the financial sector, whereas NIS2 expands to industries like health, energy, and more
Compliance date: DORA is set to take effect in January 2025, while NIS2 Directive goes into effect in October 2024
Requirements: DORA regulation emphasizes operational resilience, whereas NIS2 includes comprehensive supply chain reviews and stringent reporting obligations
Non-compliance penalties: Entities found non-compliant with DORA may face fines up to 2% of annual global turnover or €1 million for individuals, whereas NIS2 establishes larger fines of up to €10 million or 2% of turnover—whichever is higher—for non-compliance

By recognizing these distinctions, businesses can better navigate their compliance strategies, ensuring they meet the necessary standards and improve their cybersecurity defenses.

Preparing for increased compliance

To effectively prepare for NIS2 and DORA compliance, businesses should take the following steps:

Conduct risk assessments

Perform thorough vulnerability assessments to identify potential vulnerabilities and threats. Evaluate the impact of identified risks on your organization and prioritize mitigation strategies.

Review third-party relationships

Assess the security posture of all third-party vendors and partners and ensure that third-party risk mitigation practices, including regular audits and reviews, are in place.

Develop and document incident response plans

Create detailed incident response plans outlining steps to take during a cybersecurity event; ensure these plans are well-documented and accessible to all relevant personnel.

Implement reporting procedures

Establish clear procedures for reporting security incidents to regulators and stakeholders. Ensure these procedures comply with the requirements of NIS2 and DORA.

Train staff regularly

Conduct regular training sessions on cyber hygiene, focusing on password management and recognizing phishing attempts—provide specialized training on spear phishing and other targeted attack methods.

Document compliance efforts

Maintain thorough documentation of all compliance-related activities and efforts. This documentation demonstrates diligence and can be beneficial during regulatory reviews.

Outsource to experts

Consider outsourcing functions like cloud infrastructure management, security monitoring, or compliance auditing to specialized service providers. Leveraging expert services can reduce the burden on in-house teams and ensure higher compliance standards.

Audit & update regularly

Schedule regular internal audits to review compliance status and identify areas for improvement. Stay updated on changes in regulatory requirements and adjust your strategies accordingly.

Engage with regulatory bodies

Maintain open communication with relevant regulatory bodies to stay informed about compliance expectations. Seek guidance and clarification on any aspects of DORA and NIS2 that may be unclear.

How NordLayer can help achieve compliance

As a network security provider, NordLayer offers tools and services tailored to help organizations achieve compliance with both directives:

Secure access management: Utilize our business VPN for encrypted connections with masked identities, and implement Always-On VPN and Multi-Factor Authentication (MFA) to ensure safe and controlled access to your network. Secure access technologies ensure compliance with DORA’s emphasis on thorough access control practices, in addition to fulfilling many of the access governance standards outlined in NIS2.
Network segmentation: Enforce stringent security policies using a robust Cloud Firewall and advanced access control features like Network Access Control (NAC).
Continuous visibility & monitoring: A network visibility solution ensures comprehensive monitoring of network activity and devices. It fuses activity information, Server Usage Analytics, and Device Posture Monitoring to track traffic and performance in real-time. Ensure secure network access through features such as DNS filtering and Device Posture Security checks that verify endpoint security posture before network entry. Such visibility is crucial for meeting regulatory requirements, facilitating audits, and demonstrating practical usage of security controls.
Protection of sensitive information: Comply with data sovereignty requirements through comprehensive NAC solutions like VPN gateways, dedicated servers, Cloud Firewall, and Device Posture Security, as well as advanced user authentication methods, such as MFA, biometrics, SSO, and user provisioning—addressing DORA’s and NIS2’s mandates for data protection.
Manage vendor risks: Our solutions isolate third-party access to only needed resources. Additionally, NordLayer can be trusted to comply with customers’ vendor security requirements and international standards.

With NordLayer, businesses can simplify infrastructure security management and meet the stringent requirements of both the NIS2 and DORA directives. Contact us to discuss how we can assist with your compliance journey.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Nord Security NordLayer 2024

How Minecraft and game modding can undermine your security

ESET Research has revealed a concerning fact — gamers are being targeted by cybercriminals, and it’s no mystery why they are such meaty targets.

The gaming industry is huge — some games generate millions in monthly revenue, satisfying gamers and executives simultaneously. However, in some cases, gaming can present some very real dangers that are a bit more severe than getting a virtual arrow in your knee.

I wanna be, the very best

How far will a person go to excel in their game?

With the advent of online gaming, more and more people are playing together in real-time, leading to more social interactions than ever before. This can lead to a lot of pressure, especially when playing online games with a player vs. player (PVP) aspect like multiplayer shooters or battle arenas.

When you want to be the best, you will focus on improving your skills, right? Well, quite a few people would rather cheat their way to the top of the rankings, raking in the gain without the pain.

Cybercriminals know this, which is why when venturing online, gamers can find a multitude of interesting cheats like wall hacks or aimbots for better visibility and accuracy to help up their game. What they don’t know is that these cheats are often loaded with malware, hence cheating your way to the top can lead to someone else taking a peek at your personal data via infostealers such as RedLine Stealer or Lumma Stealer, which ESET Research’s telemetry confirm as quite active.

What is an infostealer?

An infostealer is a piece of malware that, after infecting your computer, starts exfiltrating (stealing) information from the compromised device. Such data can include credentials saved in browsers, financial information, browser cookies, crypto wallets, or others.

These are often sold as a service, with RedLine Stealer costing just $150 per month. To make matters worse, like home automation software, RedLine works through a simple dashboard, making its deployment to victims hassle-free.

The game has just begun

However, cheats are not the only attack vectors for infostealers to infiltrate your device.

When you really like a game, like Minecraft, for example, you might want to go beyond what the developer offers with the default set of assets and gameplay scenarios. For example, players of the Java version of Minecraft often modify their worlds by adding additional creatures, building blocks, or more ways to use redstone, leading to creations such as functional computers inside the game (the creativity is limitless, really).

While it is great that players seek more creative ways to redefine their game experiences, cybercriminals also abuse this. You see, mods (game modifications) are usually available as downloads —– for Minecraft, typically on web pages like Planet Minecraft or Minecraft Mods. These are all publicly available platforms, hence why cybercriminals try to exploit such places with their nefarious prospecting by updating modifications and injecting them with malicious code. Such was the case reported by Bleeping Computer, when hackers compromised several accounts on modding platforms to distribute infostealers, hijacking existing projects.

Sadly, sometimes not even official resources are free of exploitation due to various vulnerabilities, as was the case when 50,000 Minecraft accounts were infected due to skins injected with malware capable of reformatting hard drives and deleting backups plus system programs, offered as a download on the game’s website.

Since it’s usually kids (based on 2021 stats) who play Minecraft, they probably do so on shared family computers and home networks, hence the resulting damage can spill over to their parents. What’s worse, instead of an infostealer, a computer could get infected with ransomware, but that is more of a concern for gaming companies, who are targeted for monetary reasons.

Did you know?

Ransomware is a threat shared by people and businesses alike. In the world of gaming, a famous example is the 2023 Rhysida ransomware attack on Insomniac Games, the developer behind games such as Spider-Man and the Ratchet and Clank series. As a result of the attack, terabytes of data on both their past projects, as well as net-new, have been leaked.

Nothing is true; everything is permitted

Apart from infostealers, phishing is also trendy in gaming circles. As pictured below, gaming placed No. 10 in the top phishing website category by ESET Research.

Source: ESET Threat Report H1 2024

To paint a picture of how this happens, consider when a gamer is playing an online MMO like World of Warcraft or a game with virtual currency such as Fortnite.

Character skins and various XP boosts might require you to purchase them with said virtual currency. In WoW’s case, for example, there’s the WoW token. You either purchase one with in-game gold for gametime or Battle.net balance (enabling real currency purchases), or do the opposite and purchase one for an influx of in-game gold with real money. Imagine it as a foreign exchange of sorts.

Similarly, in Fortnite, V-Bucks are used to purchase outfits, emotes, and Battle Passes. All these are rather tempting for various reasons, especially when you want to stand out among an online crowd.

Kids, teenagers, and even adults don’t know better sometimes. Via the chat functions in these games (unless disabled or if the account has a parental lock), gamers can be tempted by fellow players to visit certain websites to receive either currency for free! Just insert your login details and you’ll immediately receive an influx of your desired virtual cash/token. Or, more likely, your credentials and account will get stolen, since now you’ve been successfully phished by a cybercriminal.

Infostealer detections

ESET telemetry continues to detect threats like RedLine Stealer and Lumma Stealer, with the former achieving localized detection peaks coming mostly from states such as Germany, Spain, and Japan.

Source: ESET Threat Report H1 2024

On the other hand, Lumma switched its malware to a new variant, leading to a growing trend in its detections as Win/Spy.Agent.QLD.

Source: ESET Threat Report H1 2024

Both infostealers have been detected in payloads of files masking themselves as cheating tools or video game cracks (game executables bypassing copy protection). All in all, infostealers have seen a slight rise compared to the previous period (4% increase) globally.

Global infostealer detections. This also includes non-gaming-related ones.
(Source: ESET Threat Report H1 2024)

ESET has also detected Epsilon Stealer (as JS/PSW.Agent trojan variants .CH and .CI). It was recently present in a popular mod of Slay the Spire, pushed through the Steam update system, after having breached the developer accounts on Steam and Discord. Once installed, Epsilon looks to exfiltrate cookies, saved passwords, and credit card details from web browsers, plus login info for Steam, Windows, and other accounts.

Stay awhile and listen

To protect against infostealers and other malicious threats, your best bet is to raise your protection with strong next-gen security software like ESET Home Security, and thanks to ESET telemetry and ESET LiveSense security layers, it can assure a strong safety net in case a modpack gets infected or If someone downloads an infected executable that had already been caught by one of our global sensors.

The same software also offers anti-phishing protection and secure browsing to block suspicious websites or emails, and to guarantee a safe browsing experience while socializing online.

As for account security, use diverse passwords (we recommend using the ESET Password Generator to ensure their strength), store your credentials in password managers (instead of browsers), and use app or biometrics-based multi-factor authentication instead of SMS to add another layer to your account’s security, keeping threat actors at bay.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET 2024

How to change or reset your Instagram password

Why reset your Instagram password?

Most people don’t think about changing their login details unless they forget them, but there are several reasons why you should know how to reset your Instagram password.

The primary concern when you’re online is security. For most users, Instagram’s private messenger is now one of its main appeals. Many also depend on the app to promote their business, which makes maintaining security even more essential.

Hackers are always looking for new ways to steal data, and social media accounts are tempting targets. These days, Instagram scams are rampant. Bad actors are increasingly becoming more sophisticated in the way they act. One of the best ways to combat this threat is by changing your password regularly or using a password manager.

Using the same details for multiple sites increases the risk of password cracking. The hack could spread if one account is compromised unless you can quickly change passwords elsewhere.

What happens if your Instagram is hacked?

We usually worry about attackers spying on emails or stealing banking information, but a hacked Instagram account can also be a real problem. Once a malicious actor takes control of the profile, they can change the password and lock the user out.

For many of us, Instagram is one of our main messaging services, through which we share personal photos, talk to our friends, and keep in touch with family. Would you want a stranger to access your inbox?

As we mentioned before, for many businesses and entrepreneurs, Instagram provides an essential platform for promotion and direct sales. Losing control of that account could mean a disruption in revenue and, even worse, the loss of a critical marketing channel.

Being able to change your login details is a must. You can reset Instagram passwords through a web browser if you don’t have access to your phone or directly through the app on your device.

How to change your Instagram password on the app

The process of resetting your Instagram passwords is essentially the same whether you use an iOS or Android device. Here are the steps that you should follow:

Open your Instagram app.
Click the account icon in the lower-right corner.
Click the three horizontal lines at the top right of the screen.
Click “Settings.”
Click “Security.”
On the Security page, click “Password.”
Input your current password.
Input your new password and click “Save” or the checkmark.

How to change your Instagram password on the desktop website

Navigate to the Instagram site on your web browser.
Click the account button in the top-right of the window and click “Profile.”
Click the “gear” button to the right of Edit Profile.
Click “Change Password.”
Input your current password.
Input your new password and click “Change Password.”

How to reset a forgotten Instagram password

You can reset a forgotten password through a browser or directly through the app.

Navigate to the login page, either in-app or through a browser.
Click “Forgot password?” or “Get help logging in.”
Input your username or email address. Depending on how you’ve set up your account, you may also be able to use your phone number.
Instagram will send instructions to your associated email address, which you can follow to confirm your identity and reset the password.

How to reset your password using your Facebook account

If your Instagram account is linked to your Facebook profile, you can use your Facebook account to reset your Instagram password. Here’s how to do it:

Open the Instagram app.
Click on “Forgot password?” on the login interface.
Select “Log in with Facebook.” This will take you to a Facebook login screen if you’re not already logged in to Facebook on your device.
Log in to Facebook.
Follow the instructions provided to reset your Instagram password.

Additionally, if you need instructions on how to reset your Facebook password, check out our blog on the subject.

Password protection

Changing your login credentials regularly is an integral part of password best practice. To secure your accounts online, a password manager will ensure that you never get locked out of your Instagram account again.

NordPass generates complex passwords that hackers will struggle to crack, storing them in encrypted vaults. The service auto-fills forms and login interfaces, so you don’t need to worry about remembering your details.

It’s a simple solution that will strengthen your data security and make accessing social media the stress-free experience it should be.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Nord Security NordPass 2024

Conclusion

By addressing these key areas in your RFP, you’ll be better equipped to evaluate vendors and select a ransomware recovery solution that meets your organization’s specific needs. This comprehensive approach will help ensure the robustness and reliability of your data protection strategies. Ultimately, understanding your overall security structure will help you understand which tools you’ll need to use.

This blog article is part of a series of articles on ransomware resilience and the key role data protection plays in ensuring business continuity. Below are the three other related articles in the series for further reading.

To continue learning more about ransomware backup protection, watch our on-demand webinar.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.

Keepit 2024

Understanding SIEM and Data Security Management: Essential Knowledge for MSPs

By mastering key PAM elements, implementing effective approaches, and understanding pricing models, MSPs can strengthen client security and thrive in the competitive cybersecurity landscape. This guide equips you with the knowledge to elevate your PAM services, protect clients more effectively, and drive business growth.

The Power of SIEM for MSPs

Security Information and Event Management (SIEM) is a cornerstone of modern cybersecurity strategies. For MSPs, implementing SIEM solutions can significantly enhance your ability to protect clients from evolving threats. Here’s why SIEM is essential:

Centralized security monitoring: SIEM aggregates data from various sources, providing a unified view of your clients’ security landscapes.
Real-time threat detection: By correlating events across multiple systems, SIEM enables faster identification of potential security incidents.
Automated incident response: Many SIEM solutions offer automated responses to common threats, reducing manual workload for your team.
Compliance support: SIEM helps in meeting regulatory requirements by providing detailed logs and reports.

Key Components of SIEM

A robust SIEM solution typically includes:

Log collection and aggregation
Real-time event correlation
Security incident and event management capabilities
Threat intelligence integration
Reporting and alerting features

By offering SIEM as part of your MSP services, you can provide clients with advanced security information and event management, enhancing your value proposition.

Unified Threat Management and SIEM: A Powerful Duo

While SIEM focuses on data analysis and correlation, Unified Threat Management (UTM) offers a comprehensive security solution. By combining SIEM with UTM, MSPs can provide clients with:

Enhanced threat detection and prevention
Streamlined security management
Improved incident response capabilities
More comprehensive security reporting

This integration allows you to offer a more robust security and management solution to your clients.

Privileged Identity Management: Securing the Keys to the Kingdom

Privileged Identity Management (PIM) is a critical component of a comprehensive security strategy. As an MSP, incorporating PIM into your offerings can help clients:

Control access to sensitive systems and data
Monitor and audit privileged user activities
Enforce least privilege principles
Streamline compliance efforts

Integrating PIM with SIEM allows for more effective security incident and event management, particularly for detecting and responding to insider threats.

Data Security Management: The Holistic Approach

While SIEM is powerful, it’s essential to view it as part of a broader data security management strategy. As an MSP, consider offering:

Data classification and discovery services
Access control and encryption solutions
Data loss prevention (DLP) implementation
Regular security assessments
Employee security awareness training

By providing comprehensive data security and management services, you can position your MSP as a one-stop shop for clients’ security needs.

Implementing SIEM for Your Clients: Best Practices

When implementing SIEM solutions for your clients, consider the following best practices:

Tailor the solution to each client’s specific needs and industry requirements
Ensure proper integration with existing security tools and infrastructure
Regularly update and fine-tune the SIEM system to address emerging threats
Provide clear, actionable reports to clients, highlighting the value of the SIEM service
Offer ongoing support and guidance to help clients maximize the benefits of SIEM

The Future of SIEM and Data Security Management for MSPs

As cyber threats evolve, so too must our approaches to security and management. Stay ahead of the curve by preparing for:

Increased use of AI and machine learning in SIEM systems
Greater integration with cloud security solutions
Enhanced automation for incident response and remediation
Improved visualization and reporting capabilities

Conclusion

For MSPs, understanding and implementing SIEM as part of a comprehensive data security management strategy is crucial for staying competitive and providing value to clients. By offering advanced security information and event management services integrated with solutions like UTM and PIM, you can help your clients better protect their digital assets against the complex and ever-changing threat landscape.

Remember, as an MSP, your role in security incident and event management is ongoing. Regular assessments, updates, and client education are key to maintaining strong security postures for your clients.

By mastering SIEM and data security management, you can differentiate your MSP in a crowded market, build stronger client relationships, and drive business growth while contributing to a more secure digital ecosystem.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Guardz
Guardz is on a mission to create a safer digital world by empowering Managed Service Providers (MSPs). Their goal is to proactively secure and insure Small and Medium Enterprises (SMEs) against ever-evolving threats while simultaneously creating new revenue streams, all on one unified platform.

Guardz 2024

macOS Update & Patch Management: Ensuring Security and Efficiency

As Andrew Heller aptly put it, ‘Technology is like fish. The longer it stays on the shelf, the less desirable it becomes.’ This metaphor underlines the critical need for timely updates and patches to maintain the effectiveness and security of technology systems. In a world where devices play a pivotal role in daily operations, the importance of update and patch management cannot be overstated.

Patch Management on Mac — Patch Management for macOS

There is no need to second-guess the rapid evolution of technology. As it evolves constantly, so do the threats and vulnerabilities that target operating systems like macOS. To create a protective wall against these risks and ensure smooth operation, businesses must implement a proactive approach to update and patch their systems. This involves regularly applying critical updates, security patches, and feature enhancements to keep macOS environments secure, efficient, and compatible with the latest software advancements.

Scalefusion UEM, a powerful tool in this endeavor, provides centralized macOS management capabilities that help deploy and monitor updates across macOS devices, reducing downtime and ensuring consistent performance.

In this blog, we will explore the key features of Scalefusion UEM for macOS update and patch management. We will highlight how modern tools empower businesses to walk through the ever-changing technological framework and overcome the challenges of macOS patch management.

Challenges of macOS Update & Patch Management

Managing macOS updates and patches comes with several challenges that businesses often face:

Compatibility Issues: Ensuring updates are compatible with existing software and hardware configurations without causing disruptions or compatibility issues.

Testing and Validation: Thoroughly testing updates across various device configurations and software environments to ensure they do not introduce new issues or conflicts.

Security Concerns: Ensuring timely deployment of security patches to mitigate vulnerabilities and protect against emerging threats.

Regulatory Compliance: Ensuring update and patch management practices comply with industry regulations and organizational policies related to data security and privacy.

Challenges of macOS Update & Patch Management: Coordinating macOS updates within maintenance windows to minimize disruptions.

Key Features of Scalefusion macOS Update & Patch Management

Scalefusion supports patch management for a variety of Mac versions, ensuring comprehensive coverage and compatibility across different devices.

It supports the following macOS versions:

macOS 14 – Sonoma
macOS 13 – Ventura
macOS 12 – Monterey
macOS 11 – Big Sur
macOS 10.15 – Catalina
macOS 10.14 – Mojave
macOS 10.13 – High Sierra
macOS 10.12 – Sierra

Scalefusion includes the following key features for OS update and patch management:

1. Critical Updates

Critical updates in Scalefusion UEM address significant non-security-related bugs and issues within the macOS environment. By automating the distribution process, Scalefusion ensures devices are promptly equipped with the latest bug fixes.

This proactive approach enhances device reliability, mitigates potential performance issues, and supports a seamless user experience. IT admins benefit from centralized control and visibility, allowing them to prioritize critical updates.

2. Definition Updates

Definition updates are designed to keep the software’s definition database current with frequent additions. These updates are essential for enhancing the detection and prevention capabilities against evolving threats, including malware, viruses, and other security risks specific to macOS environments. Scalefusion automates the distribution of definition updates to ensure all managed macOS devices are equipped with the latest threat definitions.

By maintaining an up-to-date database, Scalefusion enhances the overall security posture of devices, reducing the risk of data breaches and virus attacks. Admins can rely on Scalefusion to manage and optimize patch management on Mac and update the Mac operating system, safeguarding sensitive information and maintaining compliance with industry standards.

3. Feature Packs

Feature packs introduce new functionalities and enhancements outside of major product releases. Scalefusion facilitates the distribution of feature packs across macOS devices, ensuring users benefit from enhanced capabilities and performance promptly.

By smoothening the deployment process, admins can deploy feature packs efficiently, optimizing device functionality and supporting evolving business needs.

4. Security Updates

Security updates are designed to address and mitigate security-related vulnerabilities specific to the macOS environment. Scalefusion ensures timely deployment of security updates across managed macOS devices, increasing the overall security stance of industries.

By automating update distribution and enforcement, Scalefusion enhances threat mitigation capabilities, minimizing the risk of security breaches and ensuring compliance with regulatory requirements.

5. Service Packs

Service packs provide a cumulative set of hotfixes, critical updates, and general updates within Scalefusion UEM. These packs consolidate multiple updates into a single deployment, simplifying the update process and ensuring consistent device performance and stability.

By consolidating updates, Scalefusion reduces complexity and minimizes disruption to users, ensuring devices remain up-to-date with the latest enhancements and fixes.

6. Tools

Scalefusion provides utilities and features to facilitate specific tasks and operations on macOS devices. These tools streamline Mac device management processes and support effective troubleshooting and maintenance.

Scalefusion increases productivity by simplifying routine tasks and improving responsiveness to IT issues. Admins can leverage these tools to streamline workflows, reduce downtime, and ensure seamless operation of macOS devices.

7. Driver Updates

Driver updates aim to keep device drivers up-to-date to ensure proper functionality and compatibility with macOS updates. These updates are essential for maintaining hardware performance and addressing compatibility issues. Scalefusion automates the deployment of driver updates across managed macOS devices, ensuring hardware components operate efficiently and reliably.

By keeping drivers current, Scalefusion reduces the risk of hardware malfunctions and benefits admins from simplified driver management, enabling them to optimize device performance and maintain hardware integrity effectively.

8. Deferred Updates

Deferred updates allow admins to delay the visibility of new macOS updates on end-user devices. This feature is crucial for giving IT teams the time needed to test updates and ensure they are compatible with the industry’s environment. Scalefusion makes it easy to configure deferred updates through its OS Deferral Settings. Admins can defer major software updates, minor software updates, and non-OS updates such as Safari and Xcode.

By leveraging deferred updates, Scalefusion ensures that updates are thoroughly tested before deployment, reducing the risk of compatibility issues and ensuring a smooth user experience. This approach helps maintain operational stability and minimizes disruptions, enabling IT admins to manage macOS updates more effectively.

9. Silent Updates

Silent updates aim to install macOS updates in the background without interrupting the end-user experience. These updates are essential for maintaining device performance and security without causing disruptions to the user’s workflow. Scalefusion automates the deployment of silent updates, ensuring that macOS devices are kept up-to-date.

By enforcing silent updates, Scalefusion minimizes downtime and enhances the overall user experience. This method ensures that critical updates are applied promptly and unobtrusively, allowing users to continue their tasks without interruption.

Benefits of Scalefusion macOS Update & Patch Management

1. Enhanced Security

Scalefusion UEM ensures better security by facilitating the timely deployment of security patches across macOS devices. This approach mitigates vulnerabilities and safeguards against potential threats, ensuring robust protection for organizational data and systems.

2. Operational Excellence

Scalefusion UEM contributes to operational excellence by streamlining patch management on Macs. It reduces manual intervention, optimizes resource allocation, and minimizes downtime associated with update deployments. This efficiency boosts overall operational productivity and maintains continuity in business operations.

3. Enhanced User Experience

Scalefusion enhances the user experience by ensuring macOS devices receive timely updates. This approach minimizes disruptions caused by software bugs or security vulnerabilities, allowing users to maintain high productivity levels without interruptions.

Administer macOS Update & Patch Management with Scalefusion UEM

Scalefusion UEM streamlines and enhances the security, compliance, and operational excellence of your macOS devices. It automates the deployment of critical, security, and feature updates, ensuring your devices are always up-to-date without disrupting business operations.

By efficiently managing updates and patches, Scalefusion mitigates risks, maintains device performance, and enhances user experience. Through a centralized, automated approach to macOS update and patch management, Scalefusion helps you stay ahead of vulnerabilities and ensure compliance with industry standards.

Schedule a demo with our experts to see how macOS patch management works with Scalefusion. Sign up for a 14-day free trial!

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Scalefusion
Scalefusion’s company DNA is built on the foundation of providing world-class customer service and making endpoint management simple and effortless for businesses globally. We prioritize the needs and feedback of our customers, making sure that they are at the forefront of all decision-making processes. We are dedicated to providing comprehensive customer support services, and place emphasis on customer-centric thinking throughout the organization.

2024 Scalefusion

How to find Siemens devices on your network

Latest Siemens vulnerabilities: SCALANCE and RUGGEDCOM products

Siemens has disclosed multiple vulnerabilities for a variety of products and devices, including the SCALANCE and RUGGEDCOM product lines.

CVE-2024-41976 is rated high, with a CVSS score of 7.2, and allows an attacker to issue invalid VPN configuration data causing an authenticated attacker to execute arbitrary code.
CVE-2024-41977 is rated high, with a CVSS score of 7.1, and allows an attacker to escalate their privileges due to devices not properly enforcing user session isolation.
CVE-2024-41978 is rated high, with a CVSS score of 6.5, and allows an authenticated attacker to forge 2FA tokens of other users due to devices storing sensitive 2FA information in log files on disk.
CVE-2024-44321 is rated medium, with a CVSS score of 2.7, and allows an attacker to issue large input data causing an unauthenticated denial-of-service.

What is the impact?

Successful exploitation of this vulnerability would allow an authenticated attacker to remotely execute code, escalate their privileges, or forge other users credentials. The first three do require attacks be authenticated initially to exploit these vulnerabilities.

The last vulnerability is on the lower score, but would still require the device be restarted if the denial-of-service condition was triggered.

Are updates or workarounds available?

Siemens recommends upgrading all affected devices to firmware V8.1 or later. Additionally, users should ensure these devices are isolated in their own networks to prevent unwanted network traffic to the device.

How to find potentially vulnerable systems with runZero

From the Asset Inventory, use the following query to locate systems running potentially vulnerable software:

hw:"RUGGEDCOM" OR hw:"SCALANCE" OR hw:"LOGO"

CVE-2024-35292 – SIMATIC S7-200 SMART Devices (July 2024)

In July 2024, Siemens disclosed a vulnerability in their SIMATIC S7-200 SMART Devices.

CVE-2024-35292 is rated high, with a CVSS score of 8.2, and allowed attackers to predict IP ID sequence numbers as their base method of attack and eventually could allow an attacker to create a denial-of-service condition.

What was the impact?

Successful exploitation of this vulnerability would allow an attacker to issue a denial-of-service condition.

Are updates or workarounds available?

The only workaround was to restrict access to the network where the affected products were located by introducing strict access control mechanisms.

How runZero users found potentially vulnerable systems

From the Asset Inventory, runZero users applied the following query to locate systems running potentially vulnerable software:

hw:SIMATIC

SENTRON, SCALANCE, and RUGGEDCOM vulnerabilities (March 2024)

In March, 2024, Siemens released security advisories for a variety of products and devices, including the SENTRON, SCALANCE, and RUGGEDCOM product lines.

Several of the vulnerabilities had CVSS scores in the 7.0 to 8.9 range (high) and several more in the 9.0 to 10.0 range (critical).

For the full list of vulnerabilities, you can consult Siemens ProductCERT.

What was the impact?

Several of these vulnerabilities allowed for unauthenticated remote code execution, allowing for compromise of the vulnerable systems. Other vulnerabilities could lead to privilege escalation, information disclosure, or denial of service. Users were urged to upgrade as quickly as possible. Siemens released updates via a variety of channels. See Siemens ProductCERT for details.

How runZero users found potentially vulnerable systems

From the Asset Inventory, runZero users applied the following query to locate Siemens assets that were potentially vulnerable:

hardware:Siemens OR hardware:RuggedCom

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

runZero 2024

End-of-life is not the end

Operating system end-of-life

Exposed systems past extended EOL

Case study: the Boa web server

New-Old Friends

Final Thought

Process for creating subnets

Subnet-to-subnet communication

IPv6 Subnets

Creating an IPv6 Subnet

Point-to-point networks

Point-to-point subnets

Subnet disadvantages and limitations

What do the different parts of an IP address mean?

Importance of subnets

What is a subnet mask?

Subnet Mask Example

Conclusion

It’s not about the name – it’s about functionality

OS-specific password managers vs. NordPass

Security

Ease of use

Additional features

What are the risks associated with using an OS-specific password manager?

Give NordPass a try and form your own opinion

What is DORA?

What is NIS2?

Why are NIS2 and DORA important?

Key differences between NIS2 and DORA

Preparing for increased compliance

Conduct risk assessments

Review third-party relationships

Develop and document incident response plans

Implement reporting procedures

Train staff regularly

Document compliance efforts

Outsource to experts

Audit & update regularly

Engage with regulatory bodies

How NordLayer can help achieve compliance

Why reset your Instagram password?

What happens if your Instagram is hacked?

How to change your Instagram password on the app

How to change your Instagram password on the desktop website

How to reset a forgotten Instagram password

How to reset your password using your Facebook account

Password protection

Top 10 considerations for ransomware recovery solutions

1. Data encryption (at rest and/or in flight)

2. Ability to protect SaaS data

3. Ability to detect ransomware in data copies/backups

4. Integrated cloud services capabilities

5. Ability to recover to any point or location

6. Ability to protect endpoint devices

7. Ability to protect virtual machines

8. End-to-end recovery services

9. Protected/immutable data copies/backups

10. Continuous data protection/replication/journaling

Conclusion

Challenges of macOS Update & Patch Management

Key Features of Scalefusion macOS Update & Patch Management

1. Critical Updates

2. Definition Updates

3. Feature Packs

4. Security Updates

5. Service Packs

6. Tools

7. Driver Updates

8. Deferred Updates

9. Silent Updates

Benefits of Scalefusion macOS Update & Patch Management

1. Enhanced Security

2. Operational Excellence

3. Enhanced User Experience

Administer macOS Update & Patch Management with Scalefusion UEM

Latest Siemens vulnerabilities: SCALANCE and RUGGEDCOM products

What is the impact?

Are updates or workarounds available?

How to find potentially vulnerable systems with runZero

CVE-2024-35292 – SIMATIC S7-200 SMART Devices (July 2024)