Categories
Current Partner News

ZIMBRA Daffodil a sneak peak



Coming soon, Zimbra Daffodil a sneak peak

Zimbra Daffodil comes with new beginnings.

Our goal is to meet customers’ needs with an agile roadmap.

With Zimbra Daffodil (Version 10), you get the freedom of choice. The technology agility and capabilities help you to be more future-resistant, just like the enterprises, governments and financial institutions we work with.

Read more here!


Categories
Current Partner News

Zabbix is now ISO27001 certified



Zabbix receives ISO/IEC 27001:2013 certificate for information security.

Riga, Latvia – The open-source monitoring software company Zabbix receives ISO/IEC 27001:2013 international certificate for information security. This certificate assures that Zabbix protects all its information related to the company and its customers. This certificate is issued for four Zabbix offices: Zabbix LLC (USA), Zabbix SIA (Latvia), Zabbix Japan LLC (Japan) and Zabbix Servicos de Software LTDA (LATAM Brazil). .

Although security measures within the company have always been held to a high standard, the certificate serves as official proof of commitment towards prioritizing information security best practices within the organization.

“ISO 27001:2013 is an international standard, whose implementation will provide a stable framework for information security management by identifying existing information security risks and by providing the necessary measures to prevent them and to reduce their impact in the future.” as stated from “BM certification” – the company that guided Zabbix certification process and issued the certificate.


Categories
Current Partner News

Fosdem Config Management Camp 2023


After 2 years of only having a Virtual Devroom at Fosdem, I`m happy to be able to invite all of you again to Ghent for the next edition of Config Management Camp 2023. As always we are catering for the Open Source Infrastructure Automation Crowd. Cloud(less), Container(less), or Server(less) , doesn’t matter to us.

Right after #fosdem I hope to see a lot of you back in Ghent That’s from the 6th to the 8th of february 2023 !

Our CFP is open https://lnkd.in/eQSi5g9Q

And we’ll be opening Registration (FREE) soooon ..



Categories
Current Partner News

Zabbix Conference Benelux 2023!


You are invited to Zabbix Conference Benelux 2023!

We present you the Zabbix Conference Benelux 2023 – the event that will gather Zabbix Community members from the Benelux and neighbor countries.

We are excited and pleased to know that Zabbix Conferences have a big success and are popular within the circles of local Zabbix users throughout the world. In 2023 Zabbix conferences will be organized in the Benelux, Germany, China and Japan.

This year we will hold already the 3rd Zabbix Conference Benelux in a row. Let’s meet and discuss Zabbix-related topics, share the experience and ideas, as well as have a good time all together.

The conference will be held in English.

Register here!!!

📍 Antwerp, Belgium
📅 April 14-15, 2023
🌐 The event will be conducted in English



Categories
Current Partner News

SoftIron Manufacturing Facility Officially Inaugurated



Today is a huge day for SoftIron: the SoftIron Manufacturing Facility Officially Inaugurated at Botany in Sydney, Australia.

Part funded by the Australian Department of Defence via a Sovereign Industrial Capability grant, the facility is the country’s first advanced manufacturing hub to produce IT products. It will be producing components for our ground-breaking HyperCloud Intelligent Cloud Fabric, the world’s first complete technology for building clouds

Australia is now one step closer towards developing its first sovereign capability in the area of critical technology, and we’re proud to be playing a critical role in this development.

We’d like to extend our heartfelt gratitude to all of our employees, customers and strategic partners in the region who have helped bring this momentous milestone to life.

Read more in the press release below, and stay tuned for more exciting news from down under!


Categories
Current Partner News

0ctapus: A Sophisticated Phishing Campaign



Phishing attacks are nothing new. This type of social engineering has, in fact, been around since the rise of the Internet – targeting unsuspected victims with legitimate-looking emails and texts engineered to steal their credentials and access valuable enterprise resources.  Thus 0ctapus: A Sophisticated Phishing Campaign.

Just a few months ago, we saw a new, successful attack campaign. Employees of various industries, such as software, BI, telecom, and financial services, received a message linking to a phishing site that mimicked the Okta authentication page. Before anyone could notice, thousands of user accounts had been hacked. So, what exactly is 0ktapus, and how can your organization prevent falling victim to phishing attacks such as this?

What is 0ktapus?

We don’t know who’s behind 0ktapus (other than a Twitter account adopting the name “X”), but we now understand how the attackers managed to steal Okta identity credentials and Two-Factor Authentication codes from over 130 organizations. 

The raid was well-planned and executed; the cybercriminals sent text messages to various employees, prompting them to click on a link. The only problem was that the page didn’t belong to IAM leader Okta but was a phishing site that mimicked its authentication. As soon as victims entered their credentials, providing their 2FA codes, the site sent the compromised data to Telegram. From there, those behind 0ktapus were able to easily exfiltrate sensitive and private information. 

The 0ktapus campaign is a prime example of a malicious social engineering effort – one with which we’ve become familiar. All the attackers needed to do was to create a fake page and trick employees into using it. Unfortunately, this is a common threat that all companies should be aware of. 

How 0ktapus Worked

It’s believed that the 0ktapus campaign was able to target 169 unique domains in multiple industries. Most of them were located in the United States and Canada, where the attackers were able to fulfill their ultimate goal of gaining access to corporate services.

If we look at the phishing site the cybercriminals used, we can quickly see why so many employees were tricked into providing their username and password (there were actually two pages on the site; the first to gather login details, and the second to ask for the 2FA code). The website genuinely looked like an Okta authentication page. 

This phishing site, however, was static. Attackers could not interact with their victims in real-time, but by sending the codes to Telegram, they were able to quickly access the compromised data themselves. The 0ktapus threat actors were probably using these credentials as soon as they received them. 

The data analysis sheds some light on the potential impact of this phishing campaign. Most of the companies 0ktapus targeted were providing IT, cloud, and software development services. The first goal was, likely, to access private data, internal documents, and corporate email from them. However, there was a second motivation; because several compromised businesses were in the financial sector, it’s suspected the fraudsters were also trying to access investment tools and crypto assets, too.

Why a Phishing Attack?

The goal of this phishing attack was, as we mentioned, to access data, steal money, and see private conversations. In many cases, attackers then use this information as business intelligence, asking the victims for a ransom or simply reselling it to competitors.

Phishing emails and text messages can reach millions of users directly, so any company (no matter its size) can be the target of such a mass campaign. In a lot of cases, these attacks are not designed with a specific company in mind but rather try to collect as many passwords or private data as possible. However, something that begins as a generalized phishing attempt can result in a targeted attack later (something usually referred to as “spear phishing”).

These kinds of exploits can be hard to identify by users, as the emails and messages can look authentic. Many phishing attacks also use complex social engineering, where people can be psychologically compelled to perform actions such as opening attachments and clicking on links, especially when a sense of urgency typically accompanies them. Many phishing attacks then develop into ransomware situations, where cybercriminals lock files away and refuse to provide company access until they make a large payment. Unfortunately, this type of strike is as dangerous as it is common.  

Phishing remains a method of choice to infect computers all around the world. Corporate employees, in particular, are vulnerable because they can be an entry into sensitive data. So, what can your business do to prevent the damage that something like 0ktapus can cause them?

Preventing Threats: Best Ransomware Backup Strategies

Maintaining your organization secure requires constant vigilance, so the best way to thwart phishing attacks is to use a multilevel approach. 

The first layer is to ensure you train your employees so they can identify threats as soon as they see them. The second is to make it more difficult for cyber-criminals to reach your users and your organization. And the last, to be able to respond quickly to any incidents.

There are many ways in which you can protect your backup servers in the case of a ransomware attack. For instance:

  • Use unique credentials for each backup storage.
  • Use offline storage as part of your backup and recovery strategy.
  • Beware of using storage snapshots as your only backup strategy.
  • Create multiple backup copies to help mitigate potential risks.
  • Always use the 3-2-1-1 rule (have three distinct copies of your data. Store two in different media and make one of these offline).
  • Use an enterprise-grade solution instead of many different file systems.

Bacula Enterprise is a backup and recovery solution that can help protect your organization’s data. The company uses the best practices listed above, ensuring all customers are covered by a robust, highly-secure, and modern backup and recovery solution. Bacula Enterprise is an especially secure and robust backup solution – which is critical from the perspective that backup and recovery is the least bastion of defense for any organization’s business continuity strategy; secure backup is often the difference in a company’s survival – or not – in the event of a cyber attack that seeks to deny an organization of its own business systems. Bacula also offers a unique licensing model that can help you keep costs down; you don’t need to pay for license fees or data volume. Download your free 30-day trial and explore all of the platform’s functionality today.