The Network Company Blog

We Keep you Connected

The Network Company Blog

CatDDOS Threat Groups Sharply Ramp Up DDoS Attacks
Researchers have noticed a up to date surge in task involving a Mirai disbursed denial-of-service (DDoS) botnet variant referred to as CatDDoS. The assaults have centered organizations throughout a couple of sectors and come with cloud distributors, conversation suppliers, building firms, medical and analysis entities, and academic establishments in america, France, Germany, Brazil, and China. A couple of Variants The malware first surfaced utmost August and used to be a somewhat prolific warning in September
AI
How to use ChatGPT to build your resume
Sabrina Ortiz/ZDNET Graduation season is here, which means students will be in a frenzy of applying for jobs to secure their first role out of college. Whether you’re seeking to launch your career or have been in the labor market for decades, there’s one thing we can all agree on — creating a resume that attracts the eye of recruiters is a tough challenge. How to use ChatGPT to write:  Cover letters | Code | Excel formulas
May 29, 2024NewsroomEnterprise Security / Vulnerability Check Point is warning of a zero-day vulnerability in its Network Security gateway products that threat actors have exploited in the wild. Tracked as CVE-2024-24919, the issue impacts CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark appliances. “The vulnerability potentially allows an attacker to read certain information on Internet-connected Gateways with remote access VPN or mobile access enabled,” Check Point said. Hotfixes are available
A never-before-seen North Korean threat actor codenamed Moonstone Sleet has been attributed as behind cyber attacks targeting individuals and organizations in the software and information technology, education, and defense industrial base sectors with ransomware and bespoke malware previously associated with the infamous Lazarus Group. “Moonstone Sleet is observed to set up fake companies and job opportunities to engage with potential targets, employ trojanized versions of legitimate tools, create a malicious game, and deliver a new
AI Voice Generator App Used to Drop Gipy Malware
Gipy, a newly came upon marketing campaign the usage of a pressure of infostealer malware, is concentrated on customers in Germany, Russia, Spain, and Taiwan with phishing lures promising an AI expression converting utility. Researchers at Kaspersky mentioned Gipy malware first emerged in early 2023 and, as soon as delivered, lets in adversaries to scouse borrow information, mine cryptocurrency, and set up spare malware at the sufferer’s machine. Warning actors on this example are luring
6 Facts About How INTERPOL Fights Cybercrime
It takes a posh coordination of regulation enforcement, judicial processes, and technical functions to bring to really disrupt cybercrime. What’s extra, all of this paintings has in an effort to snip throughout limitations of language, tradition, and geopolitical divides. Such a lot of cybercriminal process as of late is administered by way of very mature felony gangs who perform customery world organizations that don’t have any recognize for rules or borders. This is the reason
May 24, 2024NewsroomMalvertising / Endpoint Security Threat actors have been observed making use of fake websites masquerading as legitimate antivirus solutions from Avast, Bitdefender, and Malwarebytes to propagate malware capable of stealing sensitive information from Android and Windows devices. “Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devices from cyber attacks,” Trellix security researcher Gurumoorthi Ramanathan said. The list of websites is below
Apache Flink Security Vulnerability
May 23, 2024NewsroomThreat Intelligence / Vulnerability, The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, the open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2020-17519, the issue relates to a case of improper access control that could allow an attacker to read any file on the local filesystem of the JobManager through its REST interface.
Sample shared responsibility model from AWS.
Cloud security best practices help enterprises protect their cloud infrastructure by adhering to industry standards and utilizing cloud security solutions. Although these measures might not prevent every attack, these practices shore up your business defenses to protect your data. You can improve your cloud security posture by following the top tips and understanding the biggest cloud security issues, plus how to overcome them. Featured Cybersecurity Software Understand Your Shared Responsibility Model The shared responsibility model
Chinese Espionage
May 23, 2024NewsroomCyber Espionage / Network Security The China-linked threat actor known as Sharp Panda has expanded their targeting to include governmental organizations in Africa and the Caribbean as part of an ongoing cyber espionage campaign. “The campaign adopts Cobalt Strike Beacon as the payload, enabling backdoor functionalities like C2 communication and command execution while minimizing the exposure of their custom tools,” Check Point said in a report shared with The Hacker News. “This refined
May 23, 2024NewsroomEndpoint Security / Vulnerability Ivanti on Tuesday rolled out fixes to address multiple critical security flaws in Endpoint Manager (EPM) that could be exploited to achieve remote code execution under certain circumstances. Six of the 10 vulnerabilities – from CVE-2024-29822 through CVE-2024-29827 (CVSS scores: 9.6) – relate to SQL injection flaws that allow an unauthenticated attacker within the same network to execute arbitrary code. The remaining four bugs — CVE-2024-29828, CVE-2024-29829, CVE-2024-29830, and
Personal Assistant powered by Co-Pilot
Following the announcements of Copilot+ enabled AI PCs at the Microsoft Build developer event on May 20, Microsoft released new developer tools, enhancements to Microsoft Azure AI and new enterprise options for Copilot. GitHub Copilot received a lengthy list of new capabilities enabled by first- and third-party services. Meanwhile, reactions to the AI memory feature Recall include some backlash against its observation of all of the user’s activity. Recall, announced at Microsoft Build on May
SaaS Security
Since the first edition of The Ultimate SaaS Security Posture Management (SSPM) Checklist was released three years ago, the corporate SaaS sprawl has been growing at a double-digit pace. In large enterprises, the number of SaaS applications in use today is in the hundreds, spread across departmental stacks, complicating the job of security teams to protect organizations against evolving threats. As SaaS security becomes a top priority, enterprises are turning to SaaS Security Posture Management
GitHub Enterprise Server Flaw
May 21, 2024NewsroomVulnerability / Software Development GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication protections. Tracked as CVE-2024-4985 (CVSS score: 10.0), the issue could permit unauthorized access to an instance without requiring prior authentication. “On instances that use SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, an attacker could forge a SAML response to provision
Businesses Defend Themselves Against Cyberthreats
Today, all businesses are at risk of cyberattack, and that risk is constantly growing. Digital transformations are resulting in more sensitive and valuable data being moved onto online systems capable of exploitation, thus increasing the profitability of a successful breach. Furthermore, launching a cyberattack is becoming more accessible. Exploit kits and malware-as-a-service offerings are getting cheaper, while open-source AI tools are making masquerading as a trusted executive and exploiting vulnerabilities easier. TechRepublic consolidated expert advice

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE