The Network Company Blog

We Keep you Connected

The Network Company Blog

Businesses Defend Themselves Against Cyberthreats
Today, all businesses are at risk of cyberattack, and that risk is constantly growing. Digital transformations are resulting in more sensitive and valuable data being moved onto online systems capable of exploitation, thus increasing the profitability of a successful breach. Furthermore, launching a cyberattack is becoming more accessible. Exploit kits and malware-as-a-service offerings are getting cheaper, while open-source AI tools are making masquerading as a trusted executive and exploiting vulnerabilities easier. TechRepublic consolidated expert advice
May 10, 2024NewsroomMalware / Cyber Espionage The North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-based malware dubbed Durian as part of highly-targeted cyber attacks aimed at two South Korean cryptocurrency firms. “Durian boasts comprehensive backdoor functionality, enabling the execution of delivered commands, additional file downloads and exfiltration of files,” Kaspersky said in its APT trends report for Q1 2024. The attacks, which occurred in August and November 2023,
  Hiroshi Watanabe/Getty Images Evidence suggests generative artificial intelligence (AI) can perform work tasks well and many employees fear the emerging technology will replace them. However, a new study shows that professionals who use AI to their advantage could be more marketable. On Wednesday, Microsoft released its annual Work Trend Index in partnership with LinkedIn, surveying 31,000 people across 31 countries to provide an in-depth look at the impact of AI on employment. The results show
AI
  Eugene Mymrin/Getty Images As many as 83% of decision-makers expect to increase investment in artificial intelligence (AI) during the next year, according to research from Salesforce. The sixth edition of the tech company’s State of Service report surveyed over 5,500 service professionals globally to discover: how service organizations adapt to rising customer expectations, which metrics and channels are most important to high-performing service leaders, and how AI is reshaping roles and operations. The respondents came
Critical Bug Could Open 50K+ Tinyproxy Servers to DoS, RCE
Round 50,000 cases of an viewable supply proxy server worn for mini networks are uncovered to denial-of-service (DoS) assaults or even doubtlessly far flung code execution (RCE), by means of a flaw that may be exploited through an HTTP request. A use-after-free flaw tracked as CVE-2023-49606 is found in Tinyproxy variations 1.11.1 and 1.10.0; it lets in attackers to ship a easy, specifically crafted HTTP Connection header to cause reminiscence corruption that may motive DoS,
May 01, 2024NewsroomNational Security / Insider Threat A former employee of the U.S. National Security Agency (NSA) has been sentenced to nearly 22 years (262 months) in prison for attempting to transfer classified documents to Russia. “This sentence should serve as a stark warning to all those entrusted with protecting national defense information that there are consequences to betraying that trust,” said FBI Director Christopher Wray. Jareh Sebastian Dalke, 32, of Colorado Springs was employed
Cyberattacks on SMBs
Cybercriminals are vipers. They’re like snakes in the grass, hiding behind their keyboards, waiting to strike. And if you’re a small- and medium-sized business (SMB), your organization is the ideal lair for these serpents to slither into. With cybercriminals becoming more sophisticated, SMBs like you must do more to protect themselves. But at what price? That’s the daunting question many SMBs are forced to ask. Amidst your everyday challenges, the answer seems obvious: forgo investing
Tinyproxy
May 06, 2024NewsroomVulnerability / Server Security More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet that’s vulnerable to a critical unpatched security flaw in the HTTP/HTTPS proxy tool. The issue, tracked as CVE-2023-49606, carries a CVSS score of 9.8 out of a maximum of 10, per Cisco Talos, which described it as a use-after-free bug impacting versions 1.10.0 and 1.11.1, which is the latest version. “A specially
Citrix Addresses High-Severity NetScaler Servers Flaw
Citrix seems to have quietly addressed a vulnerability in its NetScaler Utility Supply Regulate (ADC) and Gateway home equipment that gave far flung, unauthenticated attackers a approach to download probably delicate data from the reminiscence of affected methods. The computer virus was once just about similar to — however now not as critical as — “CitrixBleed” (CVE-2023-4966), a important zero-day vulnerability in the similar two applied sciences that Citrix disclosed utmost moment, consistent with researchers
cyber security Red Team vs Blue Team vs Purple Team
Red, blue, and purple teams are designated security sub-teams that simulate cyberattacks and responses to test an organization’s cybersecurity readiness. Red teams simulate or actually conduct pentesting and threat hunting attacks to test organizations’ security effectiveness. Blue teams defend organizations from attacks and simulate incident response processes. Purple teams blend both roles as a mixed team or facilitate collaboration between the other two. Focus Tasks Red Team Think and behave like a threat actor to
VPN Problems
screenshot by Lance Whitney/ZDNET Another Windows update, another glitch. In an all-too-familiar refrain, Microsoft has acknowledged that its latest update for Windows 11, Windows 10, and Windows Server may break a key capability on which many users depend. Rolled out last month, the April 2024 update could prevent your VPN from connecting. The problem can be triggered by either the KB5036893 security update or an April 2024 non-security preview update. Also: Windows 11: Do these
For years, the Cybersecurity and Infrastructure Security Agency (CISA) has worked to defend federal, state, local tribal, and territorial governments as well as our private sector partners from malicious cyber activities emanating from the People’s Republic of China (PRC). According to the latest annual report by the Office of the Director of National Intelligence, “China remains the most active and persistent cyber threat to U.S. Government, private sector, and critical infrastructure networks.” Recently, CISA and
Muddling Meerkat
A previously undocumented cyber threat dubbed Muddling Meerkat has been observed undertaking sophisticated domain name system (DNS) activities in a likely effort to evade security measures and conduct reconnaissance of networks across the world since October 2019. Cloud security firm Infoblox described the threat actor as likely affiliated with the People’s Republic of China (PRC) with the ability to control the Great Firewall (GFW), which censors access to foreign websites and manipulates internet traffic to
Critical Endpoint Security Tips
In today’s digital world, where connectivity is rules all, endpoints serve as the gateway to a business’s digital kingdom. And because of this, endpoints are one of hackers’ favorite targets. According to the IDC, 70% of successful breaches start at the endpoint. Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT teams needing to protect more endpoints—and more kinds of endpoints—than ever before, that perimeter has become more challenging to defend. You
CISA released eight Industrial Control Systems (ICS) advisories on April 25, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-116-01 Multiple Vulnerabilities in Hitachi Energy RTU500 Series ICSA-24-116-02 Hitachi Energy MACH SCM ICSA-24-116-03 Siemens RUGGEDCOM APE1808 Devices Configured with Palo Alto Networks Virtual NGFW ICSA-24-116-04 Honeywell Experion PKS, Experion LX, PlantCruise by Experion, Safety Manager, Safety Manager SC ICSA-23-143-03 Mitsubishi Electric MELSEC Series CPU Module (Update D) ICSA-23-157-02

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE