Monday, September 25, 2023

Network virtualization: the power of software-defined networking

network virtualization

NetworkTigers on the power of software-defined network virtualization.

Network virtualization is the transformation of a network from hardware-dependent to software-based. Network virtualization allows network control, hardware and software resource allocation, and other functions to be delivered via software instead of hardware. A virtual network can also be created to consolidate multiple existing hardware-based networks into a single system that can be managed as one.

Network virtualization lifts functionality from a system’s physical architecture into a centralized software pane. This allows network administrators to take a high-level look at all of the components encompassed in their system, allowing for a comprehensive look at a network’s configuration, management, and overall functionality.

As organizations continue to move their IT technology to the cloud and adopt hardware-free approaches to networking, virtualization will only become more commonplace.

How network virtualization can benefit your business

Network management simplified

By using a singular virtual platform, network administration is simplified. With centralized control, IT professionals can configure settings, prioritize traffic patterns, and allocate resources quickly and more efficiently. Administration is significantly streamlined by reducing the time and thought it takes to focus on each network component independently and providing greater visibility.

Easier segmentation

Network segmentation has many benefits, from better security to streamlined resource usage. A virtual network is easier to break up than a physical one. It can be divided as needed or even put back together with ease. A virtualized network is highly configurable. 

Better security

Virtual networks offer more options with regard to security, thanks to the ease with which they can be segmented and isolated.

Containerization, a process that sees the operating system create isolated spaces for every application, is also possible with network virtualization. Containerization allows all apps to function as if they are the only ones in use. By preventing one application from seeing or communicating with other running programs, the potential impact of an attack or intrusion is lessened.

Because virtual networks can be intensely monitored, any abnormalities or suspicious activity can be detected faster.

Network virtualization makes migrating easier

A virtualized network is easy to relocate. Because it is not connected to the physical components of your system, it can be moved to other locations or data centers without issue. This tremendous security benefit allows an IT team to recover from a disaster quickly.

Headache-free scaling

From running endless cables to ensuring proper configuration at the device level, physically scaling a network is time-consuming and demanding. A virtualized network can be expanded as needed. Administrators can add virtual networks or modify their systems to accommodate business needs, adapt to traffic influxes, and take advantage of increased agility.

Superior performance and reliability

A virtualized network creates redundancy, whereas a hardware-based network can be brought to its knees if a component crashes. A failure can be accommodated automatically in a virtual environment by switching to an alternative device. This allows for less downtime in the event of equipment breakdown.

Network virtualization saves money

Network virtualization can help your organization’s bottom line by requiring less hardware. A software-based network can encompass equipment and devices from a wide range of manufacturers, removing obstacles introduced by hardware that otherwise demands proprietary compatibility or is expensive to purchase. 

For example, network services such as firewalls, VPNs, and load balancers can be packaged as virtual machines or containers on commodity hardware.

By purchasing refurbished networking equipment and creating a virtual network, your business can create robust architecture and still remain within budget.

Better security

Virtual networks offer more options with regard to security, thanks to the ease with which they can be segmented and isolated.

Containerization is also possible with network virtualization. This process sees the operating system create isolated spaces for every application. This allows all apps to function as if they are the only ones in use. By preventing one application from seeing or communicating with other programs running, you can reduce the potential impact of an attack or intrusion.

Because virtual networks are easier to monitor, any abnormalities or suspicious activity can be detected faster.

Network virtualization challenges

While virtualization increases efficiency and yields many long-term benefits, moving from a hardware-based network is not without its hurdles.

Network virtualization demands a plan

Making a network-wide overhaul has to be undertaken carefully and with a tremendous degree of preparation and planning. From allocating CPU resources to rolling out your virtualization in a way that keeps business moving along, evolving incrementally and intelligently is key to preventing your plans for improvement from becoming a disaster.

New skills are needed

There is a learning curve to network virtualization, as it adds an overlay atop traditional hardware implementation, maintenance, and deployment. IT staff must be trained to fully understand how to reap the benefits of a virtualized network and properly man the helm.

New communication is needed

IT administrators are traditionally compartmentalized into skill silos with different teams or individuals having specialized expertise areas. Because a virtual network results in overlapping many of these areas, it’s more important than ever for team members to understand what everyone is doing and work together as a unit. 

Automation still requires administration

While the possibilities for greater automation within a virtualized network can improve efficiency significantly, great care must be taken to monitor these processes to ensure success. Because a virtual network uses a centralized pane to address the entire architecture, multiple components must work in perfect unison to prevent bottlenecks or conflicts downstream. 

To accommodate this, administrators need to take their attention away from the minute tasks that are now automated and adopt a more holistic look at the automation processes themselves.

Monitoring requires careful setup

In a traditional network, components can be physically examined and inspected. A virtual network allows for much deeper visibility but must be configured appropriately. Additionally, visibility is not just a convenience but a necessity due to the multitude of components and processes within a virtual network that needs to work in concert.

Cybersecurity news weekly roundup August 7, 2023

roundup August 7

SAN MATEO, CA, August 7, 2023 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.

Highly active hacktivist collective “Mysterious Team Bangladesh” exposed

Researchers at Group-IB have pulled back the curtain on a hacktivist collective called “Mysterious Team Bangladesh.” The group has been present since 2020 but only came into focus in 2022 after a series of attacks targeting high-profile victims in India, Israel, and other nations. Research shows that the group has carried out more than 750 DDoS attacks and over 70 website defacements within a year. The group’s leader is a threat actor who goes by D4RK_TSN and the collective is linked to several other like-minded hacktivist groups. With a focus on disrupting “financial and government entities,” researchers predict that the group will continue its high activity level and expand its targeting to include victims in Europe and beyond. Read more.

IT pros in the crosshairs of fake VMware vSphere vConnect modules

Research has revealed that IT professionals are being targeted by a threat actor that uploaded a malicious package that mimics the VMware vSphere connector module “VMConnect” to the Python Package Index. The package had been downloaded 237 times before its removal on August 1st. An investigation into the matter unveiled two other malicious packages. “All three malicious packages featured the functionality of the projects they mimicked, which could trick victims into believing they are running legitimate tools and prolong the duration of an infection.” The packages were expertly crafted to the point that “developers would’ve only been able to discover the illicit activity if they had noticed the projects’ short history, low download counts, hidden code within some files, and package names resembling, but not exactly matching those of the legitimate projects.” Read more.

Recently patched critical Ivanti EPMM flaw still vulnerable to attack via bypass

A vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that was recently fixed has been found to still be accessible via a bypass discovered by security researchers at Rapid7. According to Ivanti, “this vulnerability enables an unauthorized, remote (internet-facing) actor to potentially access users’ personally identifiable information and make limited changes to the server.” The issue has received a CVSS score of 10.0 and makes for three critical security flaws issued by Ivanti over two weeks. The bypass has not been witnessed in the wild and users are urged to update their systems immediately. Read more.

Scammers exploit Salesforce zero-day, target Facebook users with advanced phishing campaign

Guardio Labs researchers have shared a report regarding their observation of a Facebook phishing campaign that uses a zero-day bug in Salesforce’s email services that allows “threat actors to craft targeted phishing messages using the company’s domain and infrastructure.” The emails look as though they come from Meta but are sent from a domain and intend to fool victims into clicking a link related to their account being investigated. “What makes the attack notable is that the phishing kit is hosted as a game under the Facebook apps platform using the domain apps.facebook[.]com.” The campaign succeeds because it slips through detection using a legitimate email address and links to Facebook. Read more.

Canon issues security warning regarding disposed of printers

A security advisory from Canon warned users about the sensitive information and wifi settings preset on printers that do not have their data wiped adequately before disposal or sale. “There is always some risk when a third party is working on hardware, or hardware is sold or repurposed, that some sensitive data may be recovered from the device,” Mike Parkin, senior technical engineer at Vulcan Cyber, wrote in an emailed statement. Canon has provided a list of affected printers and instructions on how to adequately wipe your settings from their devices before leaving them in the possession of a third party. Read more.

NodeStealer targets Facebook and crypto wallets with new Python variant

Palo Alto Network Unit 42 researchers have discovered a Python variant of NodeStealer designed to take control of Facebook business accounts and steal cryptocurrency. Previous versions of the malware have been written in JavaScript. The current campaign is initiated with “bogus messages on Facebook that purportedly claim to offer free ‘professional’ budget tracking Microsoft Excel and Google Sheets templates, tricking victims to download a ZIP archive file hosted on Google Drive” that contains malicious code. NodeStealer is part of a “growing trend” of Vietnamese threat actors that work to steal Facebook accounts and use them to propagate malware. Read more.

New WikiLoader malware remains hidden under layers of obfuscation

Proofpoint has discovered a malware called “WikiLoader,” used in multiple campaigns since December 2022. The loader gets its name from an “evasive play” it initiates in which it makes an HTTPS request to to “prevent it working in an automated environment.” Proofpoint explains that “the first stage of WikiLoader is highly obfuscated. Most of the call instructions have been replaced with a combination of push/jmp instructions to recreate the actions of a return without having to use the return instruction explicitly.” They report that WikiLoader also uses “indirect syscalls” to prevent endpoint detection as well as “packed downloaders.” At least three versions of the malware are under development. Read more.

Fake Android chat app used to steal Signal and WhatsApp user data

Researchers at CYFIRMA have stated that Indian APT hacking group Bahamut is behind a campaign in which a fake Android app, ironically called “SafeChat,” is being used to infect devices with spyware. The malicious software is a variant of Coverlm designed to steal data from apps such as Telegram, Signal, WhatsApp, Fiber, and Facebook Messenger. The app is carefully designed, with multiple registration processes that lend credit to its legitimacy. “One critical step in the infection is the acquisition of permissions to use the Accessibility Services, which are subsequently abused to grant the spyware more permissions automatically.” CYFIRMA believes that Bahamut is working in a state-sponsored capacity. Read more.

Abyss Locker ransomware now has Linux capabilities

Abyss Locker is a new ransomware operation, having only been launched in March of this year, but it has already been observed growing in capabilities. A Linux ELF encryptor for Abyss Locker has been discovered by MalwareHunterTeam security researchers, showing that the operators are now targeting VMware ESXi servers. The encryptor is believed to be based on one called Hello Kitty, although it is not known yet if Abyss Locker is a rebrand of that operation or if they are piggybacking their malware. Abyss Locker threat actors claim to have stolen as much as 700 GB from one of their victims. Read more.

Barracuda hack used new Submarine backdoor

CISA has reported that a recent attack on Barracuda security appliances used a newly discovered backdoor. Original findings by Mandiant called out Seaside, Saltwater, and Seaspy backdoors used in the hack. CISA, however, has revealed that a backdoor dubbed “Submarine” was also employed to “establish and maintain persistence.” The malware is said to be a “novel persistent backdoor executed with root privileges,” tucked away in a Structured Query Language database on the targeted Barracuda Email Security Gateway appliances. CISA says that “Submarine comprises multiple artifacts – including a SQL trigger, shell scripts, and a loaded library for a Linux daemon – that together enable execution with root privileges, persistence, command and control, and cleanup” and that it is a “severe threat for lateral movement.” Read more.

More cybersecurity news

What is endemic vulnerability?

endemic vulnerability

NetworkTigers discusses endemic vulnerability and how to deal with it.

Network managers should remain vigilant in the face of a cybersecurity landscape that is shifting and evolving and that generates explosive opportunities for cybercriminals.

What is endemic vulnerability?

Endemic vulnerability refers to the consistent susceptibility of a network, system, or device to cyberattack or unauthorized access. Endemic vulnerabilities can persist for years, or even indefinitely, and are often inherent to general networking.

Leading causes of endemic vulnerability

Unpatched apps and platforms

A significant cause of endemic vulnerability is software that has not been updated to current security standards. This can happen when automatic updates are not applied to an app, a program is forgotten by the administrator, or when an old version of a piece of software is allowed to remain in use to avoid having to make downstream adjustments that may result from an update.

Because cybersecurity hygiene and protocols vary from one organization to the next, it’s impossible to know that every instance of every bug has been addressed. This causes such vulnerabilities to exist persistently.

Legacy systems

Endemic vulnerability also exists when administrators continue to use products after the developer has ended their support.

Using legacy hardware, software, apps, and platforms creates several vectors through which network penetration, botnet enlistment, and other attacks can be launched. 

Whether to avoid rocking the boat or due to budget limitations, unsupported network components generate far-reaching threats to organizations, their customers, and any connected third parties.

A flaw within a widely used piece of software 

Some software becomes so ingrained into so many systems that it becomes almost ubiquitous, present in everything from enterprise companies to home networks. When software with this degree of popularity is found to harbor an exploitable flaw, every use of it all over the globe is suddenly at risk.

Even if patches are issued, not every instance of such widespread software can be expected to be addressed. If the product has been in circulation for years, there are undoubtedly cases that have long been unattended or even forgotten.

Threat actors know the software that has become deeply ingrained within the world’s networks, meaning that such products are also regularly probed and prodded for access points.

Human error

The possibility of a mistake made by an employee or network administrator is a vulnerability that is likely never to disappear.

Unlike specific examples of recognized flaws or exploits, human error covers many threats, from misconfigured security features and poor password hygiene to phishing scams. 

As long as human beings are involved in creating, using, and maintaining network components, the threat of a mistake will remain.

The Log4j exploit: a recent example of endemic vulnerability

A very recent and widespread example of an endemic vulnerability is the Log4j exploit.

Released in 1999, Apache’s Log4j is one of the most employed examples of open-source software. Providing logging capabilities for Java applications, it is typically used as a software library within other products or Java services. Because of this, many administrators may be using it at a foundational level and unaware of its presence.

In December 2021, a vulnerability within Log4j was disclosed. Upon public acknowledgment of the flaw, hackers immediately exploited it. Because Log4j is so prevalent, the trouble manifested across all sectors and industries, with threat actors taking any opportunity within reach.

While only one flaw was revealed initially, more followed and further intensified the implications of the exploit.

With so many instances of Log4j worldwide, CISA officially determined the threat to be endemic. In a July 2022 publication, CISA warned that “vulnerable instances of Log4j will remain in systems for many years to come, perhaps a decade or longer.”

Homeland Security Secretary Bob Silvers said that “Log4j is one of the most serious software vulnerabilities in history,” it is expected to continue to evolve and create new risks for the foreseeable future.

How to address endemic vulnerability

When a vulnerability is endemic, there is no way to remove the threat. In the same way that managing an endemic virus in the real world focuses on control instead of elimination, keeping your system safe from ever-present danger requires consistent maintenance and awareness.

Thankfully, there isn’t anything extraordinary about fortifying your network against endemic threats. You can practice due diligence by adhering to the following applicable cybersecurity tips:

Update, patch, and maintain

Developers are quick to issue patches that fix issues found in their products. Keeping up with new versions of the software and firmware products that make up your system ensures that you will always employ the best-defended version of every app in your network.

Set up automatic updates so that in an emergency, you don’t have to scramble to install them manually while under a potential attack. With so many products and devices making up a complex system, it can be virtually impossible to keep up with every refresh as it happens.

Security awareness training

Training is imperative for minimizing human error and susceptibility to scams. Employees should be taught how to recognize suspicious activity or messaging and best practices regarding password management and hygiene. 

Training needs to be regular. Threats continually surprise us, meaning that yesterday’s training may not be relevant to today’s developments. 

Those with network access need to be educated, aware, and vigilant.

Ditch the legacy products

Even if a legacy component or entire network hums along swimmingly in a crystallized form, it should not remain employed.

Unsupported apps and devices should be retired, as the danger of keeping them in circulation only grows with each passing day.

While tight budgets often dictate how an administrator can modernize their system, you don’t need to opt for the latest equipment to take advantage of more robust security. You can purchase refurbished firewalls, routers, switches, and more from reputable outlets to stay under budget.

Stay informed

While the Log4j exploit was heavily publicized across all media, most threats don’t make it into mainstream news.

Keep your head in the game by checking in with cybersecurity news outlets, blogs, CISA, and even the social media accounts of researchers within the industry. In the event of a flaw being exploited in the wild before a developer can patch it, you may be able to find mitigation techniques and other advice to help keep your data safe in the meantime.

How does the US define cybercrime?

define cybercrime

NetworkTigers on how to define cybercrime.

Picture a cybercriminal. What do you see? Is it someone in a hooded sweatshirt hunched over a laptop, coding malicious software bugs into existence? Maybe a cybercriminal is an international hacker stirring up trouble in a militarized zone, or a disgruntled employee at the local water treatment facility, shutting off critical safety features. 

The truth is cybercrime has many faces and wears many different hats. A failure to uniformly define cybercrime is one of the most significant issues facing prosecution and enforcement measures today. As the internet evolves, so do ways to take advantage of its opportunities. Without a clear definition of cybercrime, ensuring that anywhere is truly safe from its reach can be difficult.

Taking the threat of cybercrime seriously

In 2020 alone, the FBI estimates that approximately $4 billion was lost from the United States economy due to cybercrime. Because of its massive potential for loss, the United States government takes cybercrime seriously, never more so than with the passage of the Biden-Harris National Cybersecurity Strategy. Officials are finally heeding calls from cybersecurity experts to take the ever-evolving threat as seriously as possible, diverting time, energy, and resources into addressing the risk of cybercrime. 

The passage of the 2022 Better Cybercrime Metrics Act has helped create more explicit boundaries for what is and isn’t considered a cybercrime. The bipartisan bill is geared to help the FBI better track, measure, investigate, and analyze cybercrime trends and prosecute cybercriminals. The bill’s sponsor, Rep. Abigail Spanberger (D-VA.), is a former CIA case officer and former federal agent. She called cybercrime “now the most common crime in America” in a press release. She said the legislation will “allow US law enforcement agencies to better identify cyberthreats, prevent attacks, and take on the challenge of cybercrime.” 

FBI definition of cybercrime

The FBI defines cybercrime as “internet-enabled crimes,” meaning that all kinds of existing offenses, such as money laundering, identity theft, abuse, threats to national security, and more, can be penalized as cybercrime involving internet technology. The agency goes on to identify some of the most common cybercrimes that they investigate as:

  1. Business email compromise: Business email compromise, or BEC, usually preys on the amount of financial information exchanged over email. Despite the name, BEC crimes can take advantage of individuals and corporations. 
  2. Identity theft: When personal information such as credit card numbers or Social Security numbers is stolen over the internet, it is a form of cybercriminal identity theft. 
  3. Ransomware: Ransomware often enters through a virus or bug and holds valuable digital files or network access hostage in exchange for a ransom. 
  4. Spoofing or phishing: Phishing, also known as spoofing, often involves impersonating a trusted party to gain personal or financial information. 
  5. Online predators: Young adults and children are particularly at risk from this kind of cybercrime, although other vulnerable parties may also be targeted for cyber or real-life violence. 

Four categories of cybercrime

According to the FBI Law Enforcement Bulletin, the most common and uncommon criminal attempts fall under four main categories of cybercrime. They are: 

  1. Crimes in which the computer or computer files themselves are the target include intellectual property theft, ransomware, and blackmail. 
  2. Crimes in which computer processing is used as an instrument of crime include credit card fraud or theft using automated teller machines. 
  3. Crimes in which the computer is not necessary to the crime but used in the act include money laundering, drug trafficking, and false record keeping.
  4. Crimes involving the physical proliferation of computer technology include black market sales, software piracy, and electronics theft. 

Concerns about a unified cybercrime definition

The United Nations estimates that identity thieves alone steal $1 billion annually. Cybercrime is, in many ways, unique when it comes to prosecution because many victims have no way of identifying their attackers, who may reside in any part of the world. Because of this, international collaboration is crucial in cybercrime enforcement action. 

The United Nations continues to push for a unified definition of cybercrime across global borders, but cooperation can be difficult. One of the main hurdles to qualifying cybercrime is that different countries consider different internet uses illegal. For instance, freedom of speech is defined differently by many nations and is not considered a human right or legal use of the internet in some areas. For another, acts of terrorism using internet channels are of great concern for most nations, but what is considered terrorism has yet to find a global set of agreed-upon standards. Creating too broad a standard for cybercrime could stifle freedom of the press, freedom of investigation, and free speech. However, not going far enough may allow cybercriminals leeway across international borders. 

Fighting and understanding cybercrime at home and abroad

The Budapest Convention on Cybercrime is one of the greatest tools for international collaboration for finding and prosecuting cybercriminals, allowing different nations to cooperate on a series of mutually agreed-upon crimes. The United States is a signatory of the Budapest Convention, meaning that this international document helps inform how the FBI and other government agencies define and prosecute cybercrime. 

To fight something, you have first to be aware of its existence. As the United States grapples with what constitutes cybercrime at home and abroad, enforcement measures will change and evolve. Knowing what to call cybercrime and what forms it can take is the first step towards a safer internet for everyone.

Cybersecurity news weekly roundup July 31, 2023

roundup July 31

SAN MATEO, CA, July 31, 2023 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.

New SEC rule imposes 4-day deadline for private companies to report cyberattacks

The SEC has voted to impose a new deadline for private enterprises to publicly report a cyberattack should they be hacked. “The rules will require companies to determine whether a cyber attack it has suffered will have a material impact on its operations, and then disclose the event within four days of that determination.” The rules, according to SEC Chair Gary Gensler, “will enhance and help standardize disclosures to investors with regard to these public company cybersecurity practices.” The SEC says the new rules will make disclosures “more consistent” and “comparable.” The 4-day deadline is set to become effective 30 days after the new rules are published in the Federal Register. Read more.

Metabase BI software found to have major security flaw

Business intelligence and data visualization software Metabase has been found to have an “extremely severe” security flaw that could allow an attacker to execute remote code. The bug affects “open-source editions before and Metabase Enterprise versions before” The exploit has yet to be observed in the wild, but data reported by Shadowserver Foundation reveals that 5,488 of the total 6,936 Metabase instances are at risk. Users are urged to update to the most recent version immediately. Read more.

Organizations impacted by MOVEit data breach reach 455

Clop’s attack on MOVEit continues to make waves, as the list of organizations impacted by the breach has reached 455. Newly reported victims include healthcare risk adjustment firm Cognisight, Pacific Premier Bank, Northwestern Mutual, Transactions Applications Group, Sutter Senior Care, the Brighthouse and TransAmerica life insurance companies, and the U.S. colleges of Collin, Foothill and Lake Forest. According to security firm Emsisoft, at least 23 million individuals have had their personal data stolen up to this point and held for ransom. Read more.

Nearly 40% of Ubuntu users are vulnerable to newly introduced exploits

Ubuntu, one of the most commonly used Linux distributions, has two new vulnerabilities allowing unprivileged local users to “gain elevated privileges on a massive number of devices.” The flaws are “unique to Ubuntu kernels since they stemmed from Ubuntu’s changes to the OverlayFS module,” warned the Wiz researchers who discovered the bugs. Only Ubuntu is affected by these flaws. Other Linux distributions, even Ubuntu forks, “not using custom modifications of the OverlayFS module should be safe.” Read more.

New Decoy Dog is a new breed of malware with unique capabilities

Decoy Dog is a newly discovered piece of malware that displays a significant upgrade over the Pupy RAT it is based on. It possesses previously unknown capabilities, including transferring victims to another controller. This allows for communication with compromised machines for extended periods, with some victims having been in contact with Decoy Dog servers for over a year. The malware uses the domain name system (DNS) for command-and-control purposes, and its controllers have adapted their tactics to maintain access to existing victims. The origin of Decoy Dog is uncertain, but it is suspected to be operated by nation-state hackers. Read more.

Realst malware targets macOS users to steal crypto

Apple users are again in the crosshairs, as a new malware called “Realst” has been discovered targeting macOS. The malware’s latest variants are compatible with macOS 14 Sonoma, which the company is still developing. The campaign targets victims by posing as “fake blockchain games using names such as Brawl Earth, WildWorld, Dawnland, Destruction, Evolution, Pearl, Olymp of Reptiles, and SaintLegend.” Promoted on social media, the threat actors share game “access codes” via direct message, but only after screening victims to ensure they aren’t security researchers or others who may be privy to their scam. Sixteen variants of Realst have thus far been discovered. Read more.

Flaw in AMD Zen 2 processors can be used to pilfer data and passwords

AMD’s Zen 2 processors have been found to have a security vulnerability that threat actors can exploit to steal encryption keys and passwords. Codenamed “Zenbleed,” AMD explains that “under specific microarchitectural circumstances, a register in ‘Zen 2’ CPUs may not be written to 0 correctly.” The company’s advisory says this “may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information.” This exploit has not been witnessed in the wild at the time of this writing. Read more.

Trio of Atlassian RCE bugs allow for complete takeover

Three bugs can be exploited to allow threat actors to take over Atlassian instances, the company is warning. They say the “successful exploitation of any of the flaws” affecting Atlassian Confluence Data Center & Server and Bamboo “could offer a wide-open door into users’ cloud infrastructure, software supply chain, and more.” CISA is encouraging all users of Atlassian’s products to install updates immediately to protect their systems and data from exposure, theft, and takeover. Read more.

More than 15,000 Citrix servers exposed to zero-day exploit

Findings from the Shadowserver Foundation have revealed that more than 15,000 Citrix servers are vulnerable to a zero-day exploit that impacts NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). The CVE-2023-3519 bug is a “code injection that could result in unauthenticated remote code execution” and has a CVSS score of 9.8. CISA has reported that threat actors exploit the bug to “drop web shells on vulnerable systems.” The attacks have not been attributed to a specific threat actor. Read more.

CISA tells government agencies to patch Adobe ColdFusion servers

CISA has given US government agencies three weeks to patch a pair of bugs in Adobe ColdFusion servers, one of which is a zero-day flaw. Adobe issued a patch that addressed the two flaws earlier in the month, but researchers at Rapid7 found that the security update was “incomplete,” as one of the two flaws could still be exploited via a minor tweak to the already discovered bug. While CISA’s warning is directed at government agencies, private organizations are strongly encouraged to update immediately. Read more.

More cybersecurity news

Tips for optimizing network performance

optimizing network performance

NetworkTigers with ideas and advice for optimizing network performance.

Slow internet speeds, lagging connections, and frequent disruptions can hinder productivity and cause frustration. Fortunately, implementing a few practical strategies can overcome these challenges and create a seamless and efficient network environment.

What is network optimization?

Network optimization is the process of improving a network infrastructure’s performance, efficiency, and reliability. It enhances the overall network performance, including network speed, bandwidth utilization, latency reduction, and improved reliability. The process involves the following activities:

  • Traffic analysis – Understanding the network traffic patterns, identifying bottlenecks, and determining the requirements and priorities of different applications and services running on the network.
  • Quality of Service (QoS) – Implementing mechanisms to prioritize and manage network traffic based on predefined policies. QoS ensures critical applications receive the necessary bandwidth and priority while maintaining acceptable performance for other less critical traffic.
  • Bandwidth management – Optimizing the allocation and utilization of available network bandwidth to ensure efficient data transmission and minimize congestion. This can involve techniques like traffic shaping, compression, and caching. 
  • Network security optimization – Implementing security measures to protect the network infrastructure from unauthorized access, data breaches, and other security threats. Security optimization ensures that the network operates securely without compromising performance.
  • Network monitoring and analysis – Deploying network monitoring tools to continuously monitor the network performance, identify anomalies or issues, and take proactive measures to optimize the network.

Why is optimizing network performance important?

Network optimization enables organizations to have efficient and reliable networks that meet their business requirements and provide an optimal user experience. It’s essential for the following reasons:

  • Enhances performance – Organizations can achieve better performance and efficiency by optimizing the network. This results in faster data transmission, reduced latency, and improved response times for apps and services. It ensures businesses can access resources and data quickly and smoothly, leading to a better user experience.
  • Utilizes resources – Network optimization allows organizations to use their resources well, including bandwidth, hardware, and infrastructure. By identifying and resolving bottlenecks and congestion points, network optimization ensures that resources are allocated effectively and wasted resources are minimized. This results in increased productivity and cost savings.
  • Allows scalability: As organizations grow and their network requirements expand, network optimization becomes crucial for ensuring scalability. Organizations can accommodate increasing traffic, new applications, and additional devices without compromising performance or stability by optimizing the network architecture, protocols, and configurations. It enables networks to scale seamlessly and adapt to changing demands.
  • Supports critical applications – Many organizations rely on network-dependent applications and services for daily operations. Network optimization ensures these critical applications receive the necessary resources and priority, guaranteeing their performance and availability. It helps prevent performance degradation or interruptions that could impact business operations and user productivity.

Five tips to enhance network performance

Optimizing your network performance can enhance your online experience whether you’re a business owner or anyone who relies heavily on internet connectivity. Below are valuable tips to help you maximize the efficiency of your network equipment.

Upgrade your router

The router serves as the link between your devices and the internet. If you’re having network performance issues, upgrading your router to an advanced model is essential. Look for routers that support the latest Wi-Fi standards, have multiple antennas for better coverage, and offer enhanced features.

Optimize Wi-Fi signals

Wi-Fi signals can be affected by physical obstacles or interference from other devices. To optimize your Wi-Fi signals:

  • Position your router in a central location for maximum coverage.
  • Keep the router away from obstructions like walls and metallic objects.
  • Change your Wi-Fi channel to minimize interference from neighboring networks.
  • Utilize Wi-Fi range extenders or mesh systems to extend coverage in larger areas.

Prioritize devices and applications

Specific devices and applications may require a higher bandwidth allocation to function optimally. By prioritizing them, you ensure a smoother experience. Most modern routers have Quality of Service (QoS) settings. This feature allows for optimized network performance and efficiently allocates bandwidth based on user preferences and requirements.

Apply firmware updates

Manufacturers often release firmware updates to address security vulnerabilities and enhance performance. Check for updates regularly and apply them to your network equipment, including routers, modems, and access points.

Troubleshoot network performance 

Even with optimal setup and configuration, network issues may arise. When troubleshooting network performance problems, implement these steps:

  • Restart your router and modem.
  • Update your device drivers.
  • Check for any software conflicts or malware.
  • Contact your Internet Service Provider (ISP) if you can’t solve the problem.

Enhance your business network performance

Following these tips can enhance your network performance and enjoy seamless connectivity. Remember, network optimization is an ongoing process, so stay proactive and adapt to the evolving needs of your connected world. Contact us today to discover how our managed IT services can optimize your network performance. 

Securing your network: Essential tips for effective network security

effective network security

NetworkTigers on how to secure your network with effective network security.

Maintaining the safety and protection of your network is crucial in today’s interconnected world, where we heavily depend on technology to accomplish numerous tasks. From personal data to sensitive business information, our network holds valuable assets that must be safeguarded. Read on to discover how to create a robust defense against potential threats.

Why is securing a network important

Organizations and individuals must prioritize network security with the increasing cyber threats and the potential risks associated with data breaches. A secure network:

  • Protects confidential data– Networks contain sensitive information, such as personal data, financial records, or intellectual property. By securing your network, you prevent unauthorized access and ensure the confidentiality of this data.
  • Prevents data breaches – Data breaches can cause significant consequences, such as financial loss, reputational damage, and legal implications. Protecting your network helps to minimize data breaches risk and the negative impacts associated with them.
  • Safeguards personal privacy – Individuals share personal information online in an interconnected world. Securing networks protects the privacy of individuals by preventing unauthorized people from accessing sensitive data.
  • Mitigates cyber attacks –  Cybercriminals constantly develop new techniques to exploit network vulnerabilities. Implementing robust security policies can protect your network against malware infections, phishing attempts, and ransomware attacks.
  • Ensures business continuity – Network security is crucial in maintaining business continuity. By preventing network disruptions or unauthorized access, you can ensure that critical operations and services are not interrupted, leading to uninterrupted productivity and customer satisfaction.

Components of a secure network

A secure network consists of several vital components that work together to protect against potential threats. These components include::

  • Firewalls – Firewalls monitor and filter incoming and outgoing network traffic. They help block unauthorized access attempts and protect against various cyber attacks.
  • Intrusion detection and prevention systems (IDPS) -IDPS tools monitor network traffic in real-time, looking for suspicious activities or behavior that may indicate a security breach. They can detect and alert administrators about potential threats and even take proactive measures to prevent or mitigate attacks.
  • Virtual private networks (VPNs) – VPNs create encrypted tunnels between remote devices and the network, ensuring secure and private communication. They are important when accessing the network remotely or connecting to public Wi-Fi networks, as they protect sensitive data from interception.
  • Network segmentation – Network segmentation involves dividing a network into smaller, isolated segments to contain potential security breaches. Network segmentation limits attackers’ lateral movement and minimizes a breach’s impact by separating different departments or data types.
  • Access controls and authentication – Access controls restrict user access to specific network resources based on their roles and permissions. Robust authentication methods, such as multi-factor authentication, enhance security by requiring additional verification steps.

By incorporating these components into your network infrastructure, you can create a secure network that protects against threats and safeguards your confidential information and resources.

Five ways to improve your company’s network security

With attacks becoming increasingly sophisticated, it is crucial to implement effective measures to protect your valuable data and resources. Here are practical ways to enhance your company’s network security:

Conduct regular network audits

This involves comprehensively assessing your network infrastructure, identifying vulnerabilities, and patching loopholes. By conducting audits, you can stay proactive in identifying potential weak points and take necessary steps to address them promptly.

Update software and systems 

Outdated software and operating systems can pose risks to your network’s security. Hackers exploit vulnerabilities in outdated software to gain unauthorized access. Update your software regularly, including operating systems, antivirus programs, and firewalls, to mitigate the risk associated with outdated programs.

Implement strong password policies

Encourage employees to create strong login credentials by incorporating a combination of lowercase and uppercase letters, special characters, and numbers. Also, implement multi-factor authentication as it adds an extra layer of protection by requiring additional verification steps, such as a unique code.

Encrypt your network traffic

Encrypting your network traffic is an effective way to safeguard your valuable data during its transmission. Encryption converts data into an unreadable format that can only be deciphered with the appropriate encryption key. Use encryption protocols like Transport Layer Security (TLS) or Secure Socket Layer (SSL) to protect private data such as passwords, financial information, and customer data.

Educate your employees

Educate your workers on internet security best practices, such as using secure Wi-Fi networks, avoiding clicking on harmful links, and identifying phishing emails. Conduct regular training sessions and inform them about the latest security threats and measures to mitigate them.

Protect your network against potential threats

Most cyberattacks happen due to lacking tools and strategies that safeguard network security. By implementing the tips discussed in this article, you can enhance the protection of your valuable data and ensure a secure network environment. Remember, network security is a continuous effort that requires proactive measures, regular audits, and staying up-to-date on emerging threats.

Cybersecurity news weekly roundup July 24, 2023

roundup July 24

SAN MATEO, CA, July 24, 2023 — Cybersecurity news weekly roundup. Stories, news, politics, and events that impacted the network security industry last week. Brought to you by NetworkTigers.

CISA reports infrastructure breach due to Citrix RCE bug

A critical infrastructure organization in the US has been breached due to threat actors exploiting a zero-day RCE vulnerability in Citrix’s NetScaler ADC and Gateway, CISA reports. The attack is said to have happened in June. In an advisory, “CISA warns that hackers leveraged the unauthenticated remote code execution (RCE) flaw to plant a webshell on the target’s non-production NetScaler Application Delivery Controller (ADC) appliance.” The number of NetScaler ADC and Gateway servers vulnerable to this attack is believed to be around 15,000. CISA has issued a set of commands that organizations can use to see if the bug has compromised them. Read more.

P2PInfect worm targeting Redis servers

Palo Alto Networks Unit 42 researchers have discovered a new cloud targeting P2P worm called P2PInfect. Targeting Redis servers running on Windows or Linux, the worm is reportedly “more scalable and potent than other worms.” Researchers estimate that as many as 934 Redis systems could be susceptible to P2PInfect. “A notable characteristic of the worm is its ability to infect vulnerable Redis instances by exploiting a critical Lua sandbox escape vulnerability, CVE-2022-0543 (CVSS score: 10.0).” P2PInfect establishes and maintains persistent access to a compromised host via a PowerShell script. Read more.

New Android spyware found on server belonging to APT41

APT41, a Chinese state-backed hacking group, targets Android users with WyrmSpy and DragonEgg spyware. Recently discovered by security researchers at Lookout, the two malware types “come with extensive data collection and exfiltration capabilities activated on compromised Android devices after deploying secondary payloads.” WyrmSpy disguises itself as a default operating system app, and DragonEgg poses as a third-party keyboard or messaging app. Researchers have not found instances of the spyware being deployed in the wild, having found the malware on a server belonging to the hacker group. Read more.

Google-owned VirusTotal exposes data of high-profile users

VirusTotal, a Google-owned platform used to scan files for malicious content, has experienced a data leak that affected over 5,000 users, some of whom work in government intelligence agencies. The leaked info includes “names and email addresses of employees from various backgrounds, including those from US and German intelligence agencies; official bodies of the Netherlands, Taiwan, and Great Britain; and large, well-known German companies, such as BMW and Mercedes Benz, among others.” The leak is said to have been the result of the “unintentional distribution of a small segment of customer group administrator emails and organization names” by a VirusTotal employee. Read more.

Ransomware impersonating Sophos cybersecurity firm

According to findings from MalwareHunterTeam, a new ransomware-as-a-service outfit is impersonating cybersecurity firm Sophos by operating under the name SophosEncrypt. At first, believed to be part of an exercise connected to the company, Sophos has denied making the encryptor and are investigating it. Indications show that the ransomware is being actively deployed, and upon infection, it changes a victim’s desktop wallpaper into a message that bears the Sophos logo. Read more.

Hackers actively using critical WordPress payment plugin flaw to impersonate admins

WooCommerce Payments, a widely used WordPress plugin that allows for credit card purchases, is being exploited by hackers to take control of targeted sites. Researchers at RCE Security say that “attackers can simply add an ‘X-WCPAY-PLATFORM-CHECKOUT-USER‘ request header and set it to the user ID of the account they wish to impersonate. When WooCommerce Payments sees this header, it will treat the request as if it was from the specified user ID, including all of the user’s privileges.” WooCommerce is said to have more than 600,000 active installations. Site admins are urged to update their plugins immediately. Read more.

Attacker may have had access to JumpCloud customer data for two weeks

JumpCloud, a multidirectory management, identity and access management, and multifactor authentication provider reported that a spear phishing attack “allowed an unnamed nation-state sponsored threat actor to intrude JumpCloud’s systems and target specific customers last month.” The breach was detected on June 27th, and the time between the intrusion and the notification of customer impact indicates that the adversary may have had access to JumpCloud’s system for around two weeks. JumpCloud’s services are used by over 180,000 organizations in 160 countries. Read more.

Zimbra zero-day flaw exploited in the wild requires manual update

Zimbra has reported a “security vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of your data has surfaced.” The flaw is being actively exploited, meaning an update is urgently recommended. The company has issued a fix for the exploit, which can only be applied manually. Cybercriminals regularly target Zimbra’s products. Notably, North Korean state actors were found to have been using a previous zero-day exploit to spy on medical and energy sector organizations. Read more.

Instances of malicious USB drives laced with malware increasing

According to research from Mandiant, attacks that use an infected USB drive as an initial access vector have tripled in frequency since the start of 2023. The security firm reports that SOGU and SNOWYDRIVE campaigns, the former of which is the “most prevalent USB-based cyber espionage attack using USB flash drives and one of the most aggressive cyber espionage campaigns,” target public and private sector organizations. The campaigns have been traced to a China-based cluster, and organizations are urged to implement policies restricting external storage drives on their devices and networks. Read more.

More cybersecurity news

Choosing the right server for your business


NetworkTigers advises on how to choose the right server for your business.

Whether you’re a large enterprise or a start-up, selecting the right server is a decision that can affect your business operations. With so many different servers available, finding the server that aligns with your goals can be difficult. This buyer’s guide aims to help you when buying a server for your business needs.

What to consider before buying a server for your business 

Selecting a suitable server for your business can be overwhelming. But it doesn’t have to be complicated. Here are factors to guide you.

Assess your business requirements  

It’s essential to evaluate the requirements of your business before buying your preferred server. Assess expected data storage and processing needs, your organization’s size, the number of users, and projected growth. Understanding your current and future needs will help you buy a server that can scale and adapt as your business expands.

Consider server types 

Many types of servers are available, each designed to perform specific tasks. Here are popular server types:

  • Tower servers resemble desktop computers suitable for small organizations or those with limited space. These standalone units are easy to install and maintain, making them a cost-effective option for enterprises with basic server needs.
  • Rack servers offer enhanced airflow and scalability, allowing optimal performance and efficient cooling. These compact units can be mounted in server racks and are commonly used in larger businesses and data centers. They are suitable for organizations with moderate to high processing requirements.
  • Blade servers are dense and compact units designed to fit into blade enclosures. They are great for businesses with significant storage and processing needs and demand for high-performance computing. These servers are famous for their scalability and efficiency in utilizing space and power.

Consider operating systems 

When selecting a server, deciding on the operating system (OS) that suits your organization’s requirements is essential. The two main options include:

a. Windows server

Windows server is ideal for enterprises that use Microsoft applications. It offers seamless integration with the Microsoft ecosystem, enhancing users’ compatibility and familiarity. It’s also known for its robust security and user-friendly interface features.

b. Linux server

This open-source OS offers versatility and customization options. It is excellent for businesses looking for an affordable, stable, and reliable solution. Linux server provides a variety of distributions, each customized to specific needs, allowing companies to optimize their server environment.

Evaluate hardware specifications 

It’s essential to assess the hardware specifications to ensure optimal server performance. Crucial considerations include:

  • Processor (CPU)– The server’s CPU determines its processing power. When shopping, choose servers with multi-core processors, as they improve overall performance and handle multiple tasks simultaneously. Be sure to check the specific requirements of your business applications to determine the proper CPU specifications.
  • Memory (RAM) – Sufficient RAM is critical for smooth application performance and data processing. Evaluate your business needs and pick a server with adequate memory to handle your workload. It’s also worth considering upgradability options for future scalability.
  • Storage (HDD/SSD) – The storage capacity and type (HDD or SSD) directly impact data speed and accessibility. SSDs provide faster data retrieval and are suitable for enterprises with high-performance demands. Consider the anticipated data storage requirements and select a server with sufficient storage capacity.
  • Redundancy and fault tolerance – For smooth operations, buy servers with redundant components such as network interfaces, cooling systems, and power supplies. Redundancy ensures continuity in case of hardware problems and reduces system failure risk.
  • Scalability and future expansion – Selecting a server that can accommodate future scalability and growth is essential since your server needs may change as your business grows. Choose servers with modular designs that allow easy upgrades, additional slots for memory and processors, and expandable storage options.

Server cost

While investing in a high-quality server is essential, it’s important to consider your budget. Compare different servers’ features, specifications, and pricing to balance performance and affordability. Remember to account for long-term costs, including maintenance, support, and potential upgrades.

Contact us for expert guidance 

Selecting the right server for your organization is an important decision affecting your efficiency, productivity, and overall success. You can make an informed choice by assessing your business requirements, considering server types and operating systems, evaluating hardware specifications, and planning for scalability. Remember to weigh the budget considerations and seek expert advice if needed. 

Maximizing ROI on network equipment

ROI on network equipment

NetworkTigers discusses maximizing ROI on Network Equipment by choosing the right solutions for your business.

IT administrators must closely monitor their organizations’ network traffic, cybersecurity protocols, and overall business activity. Another critical point of concern that is not always apparent is ensuring that the system being built and maintained can function reliably while remaining within budgetary constraints. Making ROI a critical factor in your workflow and decision-making is imperative.

Knowledge is power. Suppose you’re already an adept and competent administrator with deep and meaningful insight into your system. In that case, you already have the majority of the information needed to make sound financial decisions at your disposal.

However, the importance of stretching a dollar cannot be overstated, and the ability to make efficient decisions that pay dividends is a skill that will keep your company humming along and improve its bottom line. To maximize efficiency and minimize costs, keep the following ROI considerations in mind while formulating a strategy for building, growing, or updating your network.

Have a complete understanding of your business’s network needs

There is no one-size-fits-all solution when it comes to network hardware. To ensure that the components you purchase will accommodate your business’s needs, you must consider what may be required to run effectively today and how you can accommodate scaling in the future. 

Conduct assessments of your network to see where any bottlenecks or trouble areas appear. Study your network’s behavior and how the people and devices connected to it perform under various circumstances to gain a holistic view of your operations. The more familiar you are with your needs, and your company’s trajectory, the easier and less expensive it will be to address pain points before they become larger, more costly obstacles. 

Keep network growth front of mind

Every business looks to expand, and every business’s network has to grow with it. Don’t paint yourself into a corner by purchasing gear that lacks the flexibility to provide service through multiple years of network modifications.

Planning for growth in every decision you make is essential for maintaining your ROI. Building a network foundation that prioritizes flexibility will save you money in the long term. It also sets you up for efficient scaling. The more malleability you build in, the fewer headaches you’ll encounter as you try to push your network’s infrastructure beyond its means or swap out components that are no longer suitable.

Modular network components that allow you to modify them over time as needed can prevent you from investing time and funds in setting up architecture that will only need to be replaced in full down the road. 

Forecast your total cost of ownership

Total cost of ownership (TCO), meaning your maintenance costs, equipment power consumption, software license fees, staffing requirements, etc., can significantly impact your network’s expenses over time. Hardware with a low upfront cost may become more expensive than you originally planned for if it drains more power than a slightly more expensive alternative or has a reputation for being unreliable.

Practice due diligence and look beyond the price tag to ensure your purchases don’t cost you more than you’ve planned for in operational overhead or maintenance.

Good security is good ROI

A cyberattack or data breach can result in a tremendous blow to your company’s business operations, its reputation, and your budget. Most small businesses that find themselves targeted by criminals end up simply closing shop, unable to recover.

Ensure that your network architecture is protected by firewalls capable of filtering your expected traffic. Seek out equipment with features that flag suspicious activity from companies that regularly update their products’ firmware and software.

To prevent the economic bombshell of a hack, invest in equipment that still receives support and updates from the manufacturer. Research your options and avoid gear from makers with a reputation for security lapses or not responding adequately and quickly to bugs and vulnerabilities in their products. Set up automatic updates.

Any savings you may gain by cutting security corners will be evaporated if the network you build has a weakness exploited by opportunistic cybercriminals probing for entry points.

Increase your ROI with refurbished network equipment

Operating with old gear not only diminishes the efficiency and scalability of your system but also creates a security lapse. Do not allow unsupported hardware or software to hang around in your network. Any components that are about to lose manufacturer support should be replaced immediately. 

While doing so may seem daunting, you can save significant money by purchasing refurbished equipment from a reputable dealer. Large enterprise companies that undergo a network refresh often provide said dealers with current gear in excellent condition. Depending on age, some of this equipment will still carry a manufacturer’s warranty. However, trustworthy retailers will provide guarantees on the equipment that they sell.

Stay in the know

Ensure you keep your eye on the ball regarding changes in network gear or best practices. Planning around upcoming trends or advances in equipment reliably allows you to stay agile and keep up with industry standards.

Bookmark reputable news sites, attend conferences, converse with peers in the industry, and engage with forums and social media accounts online. The more connected you are to the industry, the more you will learn and the more resources you have to tap into for consultation when needed.

Lagging behind and then scrambling as you perform last-minute research on how to replace a part of your network will cost you time and, if you make an uninformed decision, more money. 

Maintaining a working knowledge of networking news will keep you sharp and prevent you from having to pick up your slack. A well-informed position lets you go with the flow when planning network modifications. This ensures that you can keep your system current and future-proof with as little overhead as possible, thus maximizing your ROI.