If you’ve ever had to troubleshoot a technical issue, surely you know that having pertinent information related to the issue is vital. This could include steps to reproduce the error, any captured logs detailing the issue at hand, or even steps taken attempting to (unsuccessfully) resolve the issue(s). With that being said, I will also say that there can be times of having too … [Read more...]
The Problem with Hacking Back: It Might Be Your Network
The US government is considering allowing companies to “hack back” against cyber attackers. The Active Cyber Defense Certainty Act (ACDC) amends the Computer Fraud and Abuse Act to allow limited retaliatory strikes against cyber attackers. The full PDF amendment is available online. As noted in some comments in an article on the UK Register there is some skepticism about this … [Read more...]
The Seattle CTO Club ~ Sharing Security Information
Yesterday I had the honor of presenting some security information at the Seattle CTO Club. I loosely based the discussion on a similar presentation I gave last week at an event for Equinox IT, a WatchGuard partner, covering the cyber security landscape and top threats businesses face. Members of the group learned common attack patterns and discussed strategies for effectively … [Read more...]
DNSMasq Vulnerabilities Affect Network Devices, Microservices, and More
On October 2nd, the Google security blog announced several vulnerabilities in a piece of software called DNSMasq, which offers DNS forwarding and DHCP services for small computer networks. Days before, IT Briefcase published an article I wrote about indicators of compromise in DNS logs. The article explains that an exploited DNS server may offer the path from an external to an … [Read more...]
Where in The World Is That Network Traffic Coming From?
In a past article, I explained how to auto-block hosts with a WatchGuard Firebox. Yesterday alone my logs showed over 100 IP addresses auto-blocked in one day on a Firebox used for testing purposes. The list included over 1000 blocked IP addresses. I also noticed the Firebox shows a limited number of blocked hosts so the total number of blocked hosts may be longer than what the … [Read more...]