因應IE最新零時差漏洞 微軟釋出緊急修補更新

 
微軟於去年(2018)12月下旬發布了一項緊急安全更新,以修補惡意攻擊者正在利用入侵Windows電腦的Internet Explorer(IE)Web瀏覽器中的零時差漏洞。
 
此安全漏洞被歸類為遠程執行代碼漏洞,編號為CVE-2018-8653,該漏洞存在於IE的腳本引擎處理記憶體中物件的方式,開採該漏洞可造成記憶體損毀,並讓駭客以使用者權限執行任意程式,假設使用者以管理員權限登入,那麼駭客就能掌控系統,並安裝程式、檢視/變更/刪除檔案,或是建立一個具備完整使用者權限的帳號。駭客只需透過電子郵件或其它方式,誘導IE用戶造訪一個可開採該漏洞的網站便能執行攻擊。
 
影響的版本包括Windows 7、10和Windows Server 2012、2016和2019的Explorer 11、Explorer 10 for Windows Server 2012以及Explorer 9 for Windows Server 2008。
 
ESET資安專家建議,雖然Internet Explorer已經不再獲得微軟的繼續開發,不過現在仍有不少使用者或機構採用,故需定期注意微軟的安全更新,以防駭客入侵或網路攻擊;還有不管是Internet Explorer瀏覽器、其他瀏覽器或是其他應用程式,都應該保持在最新版本並特別注意網路釣魚攻擊。
 

 

No More Ransom, a global anti-ransomware initiative, announces ESET as new partner

ESET – a global leader in information security software – has been announced as the latest partner of No More Ransom, an international initiative between Europol, the Dutch National Police and major cybersecurity organizations in the fight against ransomware. The collaborative project helps victims of ransomware attacks recover their personal data and has so far managed to decrypt the infected computers of 72,000 victims worldwide. 

With its 130 partners, the No More Ransom online portal hosts a collection of 59 free decryption tools from multiple security software vendors, covering 91 ransomware families. Users from around the world can access the tools for free in order to recover data held hostage by ransomware attacks. Launched in 2016, No More Ransom decryption tools have so far kept around USD 22 million out of the pockets of cybercriminals. 

ESET has long been helping ransomware victims recover encrypted data, its decryption tools having previously been downloaded over 250,000 times. Now two of these tools will also be available to a wider audience through the free, centralized and user-friendly platform of No More Ransom. 

Ransomware has grown to become one of the largest cyberthreats facing businesses and consumers, and the rise of GandCrab and SamSam in 2018 has shown how the threat continues to grow and adapt. One report recently revealed 40% of all successful malware-based attacks involve ransomware

The No More Ransom project recognizes that the fight against ransomware requires a joint effort, and ESET’s involvement represents its ongoing commitment to partner with law enforcement to fight cybercrime and allow everyone to enjoy safer technology.

ESET has previously collaborated with law enforcement agencies in large takedowns of malicious infrastructure, including the disruption of the Gamarue malware family. This global collaboration between the public and private sectors involved Microsoft, the FBI, Interpol and Europol. ESET also worked with various international organizations to uncover Operation Windigo, a widespread cybercriminal operation that seized control of tens of thousands of Unix servers. And most recently, the company partnered with law enforcement bodies and Google in the disruption of 3ve, a major online ad fraud operation.

ESET’s latest partnership will continue its commitment to collaborating with law enforcement and industry partners to create a safer digital world. Visit No More Ransom’s website for more information about the project, and find out more about ESET at https://www.eset.hk.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

GREYCORTEX JOINS MICROSOFT CYBERSECURITY TECH ACCORD

On January 18, GREYCORTEX joined the Microsoft Cybersecurity Tech Accord along with 10 other companies. This brings the total to 79 signatories committed to improving the security of cyberspace. Together, GREYCORTEX and the rest of the Tech Accord members pledge to protect users and customers everywhere. GREYCORTEX joins a global expansion, contributing to the increasingly diverse reach of the signatory community – further broadening the dialogue around cybersecurity with signatories from Argentina, Bulgaria, Chile, the Czech Republic, Germany, Luxembourg, The Netherlands, Slovakia, and the United States, expressing a commitment to a more secure cyberspace. This expansion continues to deepen the group’s expertise, adding to the variety of sectors and technologies that characterize the organization.
“As a company focused on the development of network security solutions, we couldn’t agree more strongly that defense, regardless of the type or goal of the threat, is essential to defend the world from cyberattacks. Moreover, we firmly believe that governments and enterprise should act defensively, and that such defense should be both simple and complete. We are happy to be part of the Cybersecurity Tech Accord,” said Petr Chaloupka, GREYCORTEX CEO.
By joining the agreement, the signatories agree to four key commitments:
a stronger defense against cyberattacks – pledging to protect all customers globally regardless of the motivation for attacks online;

  1. a stronger defense against cyberattacks – pledging to protect all customers globally regardless of the motivation for attacks online;
  2. taking no offense by choosing not to help governments launch cyberattacks against innocent citizens and enterprises and will protect against tampering or exploitation of their products and services through every stage of technology development, design and distribution;
  3. doing more to empower developers and the people and businesses that use their technology, by helping them build and improve capacity for protecting themselves; and
  4. building on existing relationships and taking collective action together to establish new formal and informal partnerships with industry, civil society and security researchers. The goal being to improve technical collaboration, coordinate vulnerability disclosures, share threats and minimize the potential for malicious code to be introduced into cyberspace.

Since forming the Cybersecurity Tech Accord, the signatories have supported initiatives on email and routing security, implemented Domain-based Message Authentication, Reporting and Conformance (DMARC) in their own operations, participated in global requests for comments on the UN’s new High Level Panel on Digital Cooperation, and endorsed the Paris Call for Trust and Security in Cyberspace as an early supporter. Additionally, the group has coordinated with like-minded organizations such as the Global Cyber Alliance, the Internet Society, and the Global Forum on Cyber Expertise (GFCE).

有關終止24小時技術支援熱線服務的通知

由 2019 年 2 月 1 日起,本公司將終止24小時技術支援熱線服務。技術支援熱線 (電話號碼: +852 2893 8186) 的服務時間將更改為星期一至六上午9時30分至下午6時30分 (公眾假期除外)。顧客亦可電郵至 support@version-2.com.hk 尋求技術支援協助。

謹此通知
Version 2 Limited

 

With effect from 1 Feb 2019, our 24-hour Technical Support Hotline Service will be terminated. Service hours of Technical Support Hotline (Tel no.: +852 2893 8186) will be changed to 9.30 a.m. to 6.30 p.m. from Monday – Saturday (except Public Holidays). Customer can also seek for help on technical issue by email to support@version-2.com.hk

Yours sincerely,
Version 2 Limited