#networksecurity

Can Online Casino Accounts Be Hacked? - Online casino platforms are not immune to compromise, but the most successful breaches do... https://www.itsecurityguru.org/2025/06/09/can-online-casino-accounts-be-hacked/?utm_source=rss&utm_medium=rss&utm_campaign=can-online-casino-accounts-be-hacked #networksecurity

Are there any papers or blogs on security testing/evaluation of network cards and their drivers? I couldn't find anything with a quick search.

#infosec #networksecurity

RDP turned against you

UNC5837 used PyRDP to turn native Windows features into attack tools:
Phishing → .RDP file
PyRDP → session hijack + creds
RemoteApp → remote commands, local disguise
Drive mapping → silent data theft

Full kill chain + defense tips in comments.
#MDR
#Cybersecurity
#InfoSec
#NetworkSecurity
#DataProtection

Spanish Government Network Access Allegedly Compromised https://dailydarkweb.net/spanish-government-network-access-allegedly-compromised/ #UnauthorizedAccesses #networksecurity #CyberSecurity #threatactor #databreach #government #Alleged #España #Spain #RDP

https://www.europesays.com/uk/146566/ IGEL Buys Stratodesk To Boost Endpoint Computing Capabilities #ApplicationAndPlatformSecurity #CloudPlatforms #CloudSecurity #CloudSoftware #Computing #Cybersecurity #DesktopClients #EndpointSecurity #ManagedSecurity #MergersAndAcquisitions #NetworkSecurity #SecurityOperations #tablets #Technology #UK #UnitedKingdom

A malformed BGP Prefix-SID update on May 20 triggered session resets across JunOS and Arista EOS routers, causing global routing instability. Likely source: AS135338 or AS9304. Impacted networks include Starlink, Bytedance, Disney.

https://blog.benjojo.co.uk/post/bgp-attr-40-junos-arista-session-reset-incident

#BGP #networksecurity #routing #infosec

I love the new zone management of the Unifi firewall. I feel more comfortable now being more granular in my rules. Before, I was using Cloudflare DNS proxy to only allow three countries to connect to my public services.

Now, I’m no longer using the DNS proxy, and my rule is done with Unifi. Other improvement, my public services are in an isolated VLAN and are available on IPv4 and IPv6.

#unifi #homelab #selfhosted #selfhosting #ipv6 #firewall #alttext #devops #vlan #infoSec #networkSecurity

Types of DNS Attacks You Should Know

The Domain Name System (DNS) is a core part of how the internet works — and it’s also a prime target for attackers. Understanding DNS attack types is essential for defending network infrastructure.

Common DNS Attack Types:

1. DNS Spoofing / Cache Poisoning
→ Injects false DNS data into a resolver's cache to redirect users to malicious sites.

2. DNS Tunneling
→ Encodes data into DNS queries/responses to exfiltrate data or establish covert C2 channels.

3. DNS Amplification (DDoS)
→ Exploits open DNS resolvers to flood a target with amplified traffic.

4. NXDOMAIN Attack
→ Overloads DNS servers with queries for nonexistent domains, degrading performance.

5. Domain Hijacking
→ Unauthorized changes to DNS records or domain ownership to take control of web traffic.

6. Typosquatting / Homograph Attacks
→ Uses lookalike domains to trick users into visiting malicious sites.

7. Subdomain Takeover
→ Targets misconfigured DNS entries pointing to expired resources (e.g., GitHub Pages, AWS buckets).

Why it matters:
DNS is often overlooked in security strategies, but it’s a critical attack surface. Proper monitoring, DNSSEC, and logging can reduce risk.

Disclaimer: This content is for educational and awareness purposes only.

#DNSAttacks #CyberSecurity #InfoSec #NetworkSecurity #EducationOnly #DNSHijacking #Spoofing #RedTeamAwareness #BlueTeamDefense

Wireless Security Protocols Explained: WEP, WPA, WPA2 & WPA3

Understanding wireless security protocols is essential for protecting your network from unauthorized access and ensuring data confidentiality.

Key Protocols & Their Characteristics:

1. WEP (Wired Equivalent Privacy)
• Introduced in 1997
• Weak encryption (RC4), easily cracked
• Deprecated and insecure

2. WPA (Wi-Fi Protected Access)
• Interim solution after WEP
• Improved encryption with TKIP
• Still vulnerable to certain attacks

3. WPA2
• Widely used today
• Uses AES-based CCMP encryption
• Supports enterprise (RADIUS) and personal (PSK) modes

4. WPA3
• Latest standard with stronger security
• Resistant to brute-force attacks
• Supports SAE (Simultaneous Authentication of Equals)
• Enhanced encryption and forward secrecy

Why it matters:
Choosing the right wireless protocol significantly affects your network’s resilience against common attack vectors such as packet sniffing, replay attacks, and credential theft.

Disclaimer: This post is for educational and awareness purposes only. Always secure your wireless networks using the latest standards.

#WirelessSecurity #WPA3 #WEP #WPA2 #CyberSecurity #InfoSec #EducationOnly #WiFiProtocols #NetworkSecurity #WiFiEncryption

Join Wireshark core developer Sake Blok for pre-conference Class III: SSL/TLS Troubleshooting with #Wireshark — a deep dive into understanding and diagnosing TLS-based communication issues.

Sign up now and start your SharkFest journey strong: https://sharkfest.wireshark.org/sfus

#sf25us #TLS #NetworkSecurity #PacketAnalysis

Snort Command Cheat Sheet: Understand Network Threats Like a Pro

Snort is a powerful open-source tool used for Network Intrusion Detection and Prevention (NIDS/NIPS). It's widely adopted by blue teams and security professionals to monitor, alert, and defend against malicious network activity.

Key Usage Modes (No Code Needed):

• Test Mode: Check configuration files before deployment
• Packet Sniffing Mode: Monitor live traffic and display it in real time
• Packet Logging Mode: Capture packets and store them for analysis
• IDS Mode: Analyze traffic against rule sets and raise alerts
• Silent Mode: Run in the background while logging events

Snort is great for:
• Detecting port scans and suspicious payloads
• Monitoring traffic for policy violations
• Integrating with SIEM solutions
• Practicing blue team defensive strategies

Disclaimer: This content is intended strictly for educational and awareness purposes. Use intrusion detection systems responsibly and ethically.

#Snort #NetworkSecurity #CyberSecurity #InfoSec #BlueTeam #IDS #EducationOnly #IntrusionDetection #SOCTools #PacketAnalysis

SharkFest'25 US is almost here!
June 14–19 • Richmond, Virginia

Whether you're a packet analysis pro or just getting started, SharkFest is the place to sharpen your #Wireshark & #Stratoshark skills, learn from world-class instructor & connect with the community.

- Hands-on workshops
- Expert-led sessions
- Keynote from Vint Cerf
- Pre-conference classes with top analysts

Register now & be part of the packet party: https://sharkfest.wireshark.org/sfus/

#SharkFest #PacketAnalysis #NetworkSecurity #NetEng #sf25us

Tor has launched Oniux, a new tool for anonymizing any Linux app’s network traffic via the Tor network.

Unlike previous solutions like Torsocks, Oniux uses Linux namespaces to isolate apps at the kernel level, ensuring leak-proof anonymity even with malicious apps.

Though experimental, Oniux could be a game-changer for enhanced privacy on Linux.

https://www.bleepingcomputer.com/news/security/new-tor-oniux-tool-anonymizes-any-linux-apps-network-traffic/

#Tor #Oniux #Linux #Anonymity #Onion #Privacy #Security #NetworkSecurity #OpenSource

Over the past nine months, undocumented communication devices, including cellular radios, have been found in inverters and some batteries from multiple Chinese suppliers.

#EnergyTransition #EnergyMastodon #Climate #InfoSec #NetworkSecurity #CyberSecurity #China

https://www.reuters.com/sustainability/climate-energy/ghost-machine-rogue-communication-devices-found-chinese-inverters-2025-05-14/

The FBI has issued an alert about cybercriminals hijacking outdated routers to power massive proxy-for-hire networks—masking malware, fraud, and credential theft right under your nose.

Watch the full Cyberside Chats episode to hear @sherridavidoff and @MDurrin 's insights on:

The FBI’s May 2025 alert
TheMoon malware and the Faceless proxy service
What these botnets mean for your enterprise
What you need to do now to stay protected

Watch the video: https://youtu.be/x_40BlvWsHk
Listen to the podcast: https://www.chatcyberside.com/e/outdated-routers-a-hidden-threat-in-your-neighborhood/?token=b0b648ff9ddf79f7cb1099945c74f7f0

#Cybersecurity #RouterSecurity #ThreatIntel #Malware #CISO #CybersideChats #ProxyAbuse #TheMoonMalware #Botnets #NetworkSecurity #CISO #Cyberaware #Tech #Infosec #IT #CIO #SMB #Cyber

1.3 with exciting and long awaited new features is here

Access Control / Firewall management: https://docs.defguard.net/enterprise/all-enteprise-features/access-control-list

LDAP & Active Directory two-way synchronization: https://docs.defguard.net/enterprise/all-enteprise-features/ldap-and-active-directory-integration/two-way-ldap-and-active-directory-synchronization

More on Github: https://github.com/DefGuard/defguard/releases/tag/v1.3.0

#vpn #sysadmin #selfhosted #SelfHosting #wireguard #OpenSource #release #security #privacy #homeLab #anonymity #floss #CyberSecurity #InfoSec #OnlinePrivacy #DataProtection #InternetSecurity #NetworkSecurity #SecureVPN

Think your network is locked down? Think again.

Register for our May 28th Cyberside Chats Live episode featuring special guest @tompohl, LMG Security’s Head of Penetration Testing, and discover the most common security gaps attackers exploit.

Tom will share how his team routinely gains domain admin access in over 90% of their engagements—and how you can stop real attackers from doing the same. He’ll break down the weak points they target, from insecure default Active Directory settings to overlooked misconfigurations—even in mature environments.

Register now: https://www.lmgsecurity.com/event/cyberside-chats-live-may-2025/

#Cybersecurity #PenetrationTesting #InfoSec #ITsecurity #CybersideChats #CISO #Pentest #DFIR #NetworkSecurity #IT

Dive into our new technical blog, No Exploits Needed: Using Cisco’s Own Features to Extract Credentials, for a behind-the-scenes look at how default settings can lead to a data breach.

In this post, Penetration Testing Team Manager @tompohl shares how he extracted a Cisco router’s entire running configuration—no credentials required—during a recent penetration test and offers tips for hardening your security. https://www.lmgsecurity.com/no-exploits-needed-using-ciscos-own-features-to-extract-credentials/

#Cybersecurity #PenetrationTesting #Pentest #IT #CISO #DFIR #Infosec #ITsecurity #NetworkSecurity #Cisco #SecurityTesting

How To Secure Digital Wallets from Phishing Attacks - Digital wallets have become increasingly popular, offering users an easy way to make paym... https://www.itsecurityguru.org/2025/05/08/how-to-secure-digital-wallets-from-phishing-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-secure-digital-wallets-from-phishing-attacks #networksecurity

At #RSAC2025, the message was clear: it's time to move beyond legacy VPNs.

Discover how Tailscale is leading the charge towards modern, secure networking solutions.

Read our RSAC 2025 recap:
https://tailscale.com/blog/rsac-2025-recap

#ZeroTrust #NetworkSecurity #Tailscale