The Network Company Blog

We Keep you Connected

The Network Company Blog

Worm-Like Attack
Later months of postmortem investigation, Fujitsu now says the malware that affected its techniques in a cyberattack ultimate March used to be now not ransomware as in the past speculated — and famous that the binary self-propagated, worming its method during the corporate’s inner networks in Japan. In its rundown of the investigative findings this moment, the patron electronics and networking gigantic showed that the malware first established a beachhead on one in every of
Jul 11, 2024NewsroomCyber Espionage / Network Security The China-linked advanced persistent threat (APT) group codenamed APT41 is suspected to be using an “advanced and upgraded version” of a known malware called StealthVector to deliver a previously undocumented backdoor dubbed MoonWalk. The new variant of StealthVector – which is also referred to as DUSTPAN – has been codenamed DodgeBox by Zscaler ThreatLabz, which discovered the loader strain in April 2024. “DodgeBox is a loader that proceeds
CISA and FBI Release Secure by Design Alert
Today, CISA and FBI are releasing their newest Secure by Design Alert in the series, Eliminating OS Command Injection Vulnerabilities, in response to recent well-publicized threat actor campaigns that exploited OS command injection defects in network edge devices (CVE-2024-20399, CVE-2024-3400, CVE-2024-21887) to target and compromise users. These vulnerabilities allowed unauthenticated malicious actors to remotely execute code on network edge devices. OS command injection vulnerabilities have long been preventable by clearly separating user input from the contents of a
Shopify Data Leak
Millions of online shoppers may be at risk after a data leak allegedly compromised customer information on Shopify, a leading e-commerce platform trusted by many businesses worldwide. Reports suggest nearly 180,000 users — 179,873 rows of users’ information — were impacted, with details like names, emails, and even purchase history potentially exposed. This incident highlights a growing concern in the e-commerce world: the security of user data entrusted to these platforms. While the news of
mercenary spyware attacks to iPhone users
Maria Diaz/ZDNET Apple is sounding a new round of alarm bells over a wave of sophisticated and destructive spyware attacks against specific people across 92 countries. As spotted by TechCrunch on Wednesday, Apple sent an email warning individuals in the crosshairs that they “are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID.” The email also listed the specific ID for each individual who
WordPress Plugins
Millions of WordPress websites are under threat after a critical security breach involving several popular plugins. Security researchers discovered malicious code injected into these plugins, granting hackers the ability to create unauthorized administrator accounts. This compromise can lead to severe consequences for website owners, including data breaches and total website takeovers. The specific number of affected plugins and websites is still under investigation. However, initial reports suggest prominent plugins with thousands of active installations might
Jun 28, 2024NewsroomSoftware Security / DevOps GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run continuous integration and continuous deployment (CI/CD) pipelines as any user. The weaknesses, which affect GitLab Community Edition (CE) and Enterprise Edition (EE), have been addressed in versions 17.1.1, 17.0.3, and 16.11.5. The most severe of the vulnerabilities is CVE-2024-5655 (CVSS score: 9.6), which could permit a malicious actor to
  Jonathan Raa/NurPhoto via Getty Images One of the biggest complaints about ChatGPT is that it provides information, but the accuracy of that information is uncertain. Those complaints exist because ChatGPT doesn’t provide sources, footnotes, or links to where it derived information used in its answers. While that is true for the GPT-3.5 model, the GPT-4 and GPT-4o models provide more citation resources. While GPT-4 is only for paid subscribers, GPT-4o is available to both
Jun 28, 2024NewsroomNetwork Security / Data Protection A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad that could be used to remotely infer a user’s web activity. “SnailLoad exploits a bottleneck present on all Internet connections,” the researchers said in a study released this week. “This bottleneck influences the latency of network packets, allowing an attacker to infer the current network activity on someone
AI
What is artificial general intelligence?
Creating AGI roughly falls into two camps: sticking with current approaches to AI and extending them to greater scale, or striking out in new directions that have not been as extensively explored. The dominant form of AI is the “deep learning” field within machine learning, where neural networks are trained on large data sets. Given the progress seen in that approach, such as the progression of OpenAI’s language models from GPT-1 to GPT-2 to GPT-3
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD
Orca Security’s CWPP dashboard.
Cloud data security refers to the practice of ensuring the safety of digital information stored or processed in cloud settings. It protects data from threats, human error, and unauthorized access using cloud tools, security rules, and access controls. This includes safeguarding data at rest and in motion, minimizing data theft and corruption, and maintaining confidentiality while allowing data access only to the authorized users. Why Should Organizations Prioritize Cloud Data Security? Organizations switching to cloud-based
Executive Summary China launched an offensive media strategy to push narratives around US hacking operations following a joint statement by the US, UK, and EU in July 2021 about China’s irresponsible behavior in cyberspace. Some PRC cybersecurity companies now coordinate report publication with government agencies and state media to amplify their impact. Allegations of US hacking operations by China lack crucial technical analysis to validate their claims. Until 2023, these reports recycled old, leaked US
The remote access software company TeamViewer is warning that its corporate environment was breached in a cyberattack yesterday, with a cybersecurity firm claiming it was by an APT hacking group. “On Wednesday, 26 June 2024, our security team detected an irregularity in TeamViewer’s internal corporate IT environment,” TeamViewer said in a post to its Trust Center. “We immediately activated our response team and procedures, started investigations together with a team of globally renowned cyber security
Jun 21, 2024NewsroomMalware / Threat Intelligence A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign primarily targeting government entities across Asia and EMEA (Europe, Middle East, and Africa) with SugarGh0st malware since at least August 2023. “SneakyChef uses lures that are scanned documents of government agencies, most of which are related to various countries’ Ministries of Foreign Affairs or embassies,” Cisco Talos researchers Chetan Raghuprasad and Ashley Shen said

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE