The DNS Cache Poison vulnerability (CVE-2025-40778) opens a huge exploitation range from INSIDE the network. This is NOT a “Kaminsky” attack – it is much worse – two crafted packets from an architected attack. Read More
“Blame the Vendor” Distractions
Beware of “blame the vendor” distractions. https://bsky.app/profile/rgblights.bsky.social/post/3ltshf3lvc22e Rob Joyce posted this on his BlueSky account as a response to Alexander Martin’s article, “Spain awards Huawei contracts to manage intelligence agency wiretaps.” Both Rob and Alex are exasperating “blame the vendor” fears when the real problem is more systemic, with nothing to do with which world Read More
Threat Researchers Leveraging the Shadowserver Foundation’s Infrastructure
Most cybersecurity threat researchers are missing out on ways to leverage the Shadowserver Foundation’s Infrastructure. Patrick Garrity highlights an aspect of this in his post about the collaboration to identify additional CVEs. If you are a threat researcher, consider accelerating the process Patrick is highlighting. If you are a threat researcher, don’t sit on your discovery Read More
Yes, Publish Your Threat Model!
“Publish your threat model. Yes, really.” Adam Shostack proposed an idea that will make most cybersecurity professionals and organizations very uncomfortable. It is worth reading through the comments of Adam’s post. What do I think? I’m in total agreement and will change my practice to publish my threat models, help my customers publish theirs, and Read More
You missed it! Threat Actors simple paths into your network.
On December 3rd, 2024, six cybersecurity organizations published Enhanced Visibility and Hardening Guidance for Communications Infrastructure, detailing simple paths threat actors use to penetrate networks. Most people I talk to say, “This is nothing new.” “We’ve heard it all before.” “These are all Best Common Practices (BCPs); everyone should have deployed them already!” Do not Read More
Using your Printer Ports to Attack?
Do you have a customer whose printer ports are open and vulnerable and can now be used for DDoS? Is your network’s “Internet Print Protocol” (IPP) port open and ready for exploitation? Last week, the Shadowserver Foundation alerted a “large increase in queries on 631/UDP seen in our sensors due to recent CUPS RCEs disclosure. Read More
Is ASEAN Ready for Serious Cybersecurity?
No, most ASEAN countries are not ready for “serious cybersecurity.” Cybersecurity requires a persistent and consistent rhythm of action that fixes known security risks. Public benefit—non-profit cyber civil defense organizations like the Shadowserver Foundation, CyberGreen, and other organizations deliver actionable cyber-risk reporting as a public benefit. Yes, these reports are free to organizations seeking to Read More
PlugX Infections – Is that You?
The French Government sees the massive number of PlugX infections as a national threat. PlugX is malware used by Nation State threat actors to get inside networks. Sekoia was part of a sinkholing action that uncovered thousands of locations where PlugX is deployed. Should you be concerned? How do you discover if you have a Read More
Healthcare’s Black Basta Bash
If you follow the May 10, 2024, Black Basta “critical action” recommendations, you will most likely be exposed and potentially exploited by the threat actors. Read through the #StopRansomware: Black Basta AA-24-131A and HS-ISAC Black Basta Threat Actor Emerges as a Major Threat to the Healthcare Industry. Then take a step back and mitigate/remediate the Read More
Industry Anti-DDOS Strategy 2018
Note to the Readers …… Yes, there are communities who consult and curate an anti-DDoS strategy to mitigate the risk to the Internet. Starting ~2000, Operators have consulted on ways to build better resilience into the Internet’s infrastructure. These consultations evolved into informal security strategy plans. By 2012, multiple groups were involved (see http://www.senki.org/2012-a-year-of-cyber-security-optimism/). A Read More