The Network Company Blog

We Keep you Connected

The Network Company Blog

May 24, 2024NewsroomMalvertising / Endpoint Security Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices. “Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devices from cyber attacks,” Trellix security researcher Gurumoorthi Ramanathan said. The list of websites is below
Apache Flink Security Vulnerability
May 23, 2024NewsroomThreat Intelligence / Vulnerability, The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, the open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2020-17519, the issue relates to a case of improper access control that could allow an attacker to read any file on the local filesystem of the JobManager through its REST interface.
Sample shared responsibility model from AWS.
Cloud security best practices help enterprises protect their cloud infrastructure by adhering to industry standards and utilizing cloud security solutions. Although these measures might not prevent every attack, these practices shore up your business defenses to protect your data. You can improve your cloud security posture by following the top tips and understanding the biggest cloud security issues, plus how to overcome them. Featured Cybersecurity Software Understand Your Shared Responsibility Model The shared responsibility model
Chinese Espionage
May 23, 2024NewsroomCyber Espionage / Network Security The China-linked threat actor known as Sharp Panda has expanded their targeting to include governmental organizations in Africa and the Caribbean as part of an ongoing cyber espionage campaign. “The campaign adopts Cobalt Strike Beacon as the payload, enabling backdoor functionalities like C2 communication and command execution while minimizing the exposure of their custom tools,” Check Point said in a report shared with The Hacker News. “This refined
May 23, 2024NewsroomEndpoint Security / Vulnerability Ivanti on Tuesday rolled out fixes to address multiple critical security flaws in Endpoint Manager (EPM) that could be exploited to achieve remote code execution under certain circumstances. Six of the 10 vulnerabilities – from CVE-2024-29822 through CVE-2024-29827 (CVSS scores: 9.6) – relate to SQL injection flaws that allow an unauthenticated attacker within the same network to execute arbitrary code. The remaining four bugs — CVE-2024-29828, CVE-2024-29829, CVE-2024-29830, and
Personal Assistant powered by Co-Pilot
Following the announcements of Copilot+ enabled AI PCs at the Microsoft Build developer event on May 20, Microsoft released new developer tools, enhancements to Microsoft Azure AI and new enterprise options for Copilot. GitHub Copilot received a lengthy list of new capabilities enabled by first- and third-party services. Meanwhile, reactions to the AI memory feature Recall include some backlash against its observation of all of the user’s activity. Recall, announced at Microsoft Build on May
SaaS Security
Since the first edition of The Ultimate SaaS Security Posture Management (SSPM) Checklist was released three years ago, the corporate SaaS sprawl has been growing at a double-digit pace. In large enterprises, the number of SaaS applications in use today is in the hundreds, spread across departmental stacks, complicating the job of security teams to protect organizations against evolving threats. As SaaS security becomes a top priority, enterprises are turning to SaaS Security Posture Management
GitHub Enterprise Server Flaw
May 21, 2024NewsroomVulnerability / Software Development GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication protections. Tracked as CVE-2024-4985 (CVSS score: 10.0), the issue could permit unauthorized access to an instance without requiring prior authentication. “On instances that use SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, an attacker could forge a SAML response to provision
Businesses Defend Themselves Against Cyberthreats
Today, all businesses are at risk of cyberattack, and that risk is constantly growing. Digital transformations are resulting in more sensitive and valuable data being moved onto online systems capable of exploitation, thus increasing the profitability of a successful breach. Furthermore, launching a cyberattack is becoming more accessible. Exploit kits and malware-as-a-service offerings are getting cheaper, while open-source AI tools are making masquerading as a trusted executive and exploiting vulnerabilities easier. TechRepublic consolidated expert advice
May 10, 2024NewsroomMalware / Cyber Espionage The North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-based malware dubbed Durian as part of highly-targeted cyber attacks aimed at two South Korean cryptocurrency firms. “Durian boasts comprehensive backdoor functionality, enabling the execution of delivered commands, additional file downloads and exfiltration of files,” Kaspersky said in its APT trends report for Q1 2024. The attacks, which occurred in August and November 2023,
  Hiroshi Watanabe/Getty Images Evidence suggests generative artificial intelligence (AI) can perform work tasks well and many employees fear the emerging technology will replace them. However, a new study shows that professionals who use AI to their advantage could be more marketable. On Wednesday, Microsoft released its annual Work Trend Index in partnership with LinkedIn, surveying 31,000 people across 31 countries to provide an in-depth look at the impact of AI on employment. The results show
AI
  Eugene Mymrin/Getty Images As many as 83% of decision-makers expect to increase investment in artificial intelligence (AI) during the next year, according to research from Salesforce. The sixth edition of the tech company’s State of Service report surveyed over 5,500 service professionals globally to discover: how service organizations adapt to rising customer expectations, which metrics and channels are most important to high-performing service leaders, and how AI is reshaping roles and operations. The respondents came
Critical Bug Could Open 50K+ Tinyproxy Servers to DoS, RCE
Round 50,000 cases of an viewable supply proxy server worn for mini networks are uncovered to denial-of-service (DoS) assaults or even doubtlessly far flung code execution (RCE), by means of a flaw that may be exploited through an HTTP request. A use-after-free flaw tracked as CVE-2023-49606 is found in Tinyproxy variations 1.11.1 and 1.10.0; it lets in attackers to ship a easy, specifically crafted HTTP Connection header to cause reminiscence corruption that may motive DoS,
May 01, 2024NewsroomNational Security / Insider Threat A former employee of the U.S. National Security Agency (NSA) has been sentenced to nearly 22 years (262 months) in prison for attempting to transfer classified documents to Russia. “This sentence should serve as a stark warning to all those entrusted with protecting national defense information that there are consequences to betraying that trust,” said FBI Director Christopher Wray. Jareh Sebastian Dalke, 32, of Colorado Springs was employed
Cyberattacks on SMBs
Cybercriminals are vipers. They’re like snakes in the grass, hiding behind their keyboards, waiting to strike. And if you’re a small- and medium-sized business (SMB), your organization is the ideal lair for these serpents to slither into. With cybercriminals becoming more sophisticated, SMBs like you must do more to protect themselves. But at what price? That’s the daunting question many SMBs are forced to ask. Amidst your everyday challenges, the answer seems obvious: forgo investing

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE