When can we declare IP Geo location / country code blocking practically dead as a mitigation strategy?

Sure it is still useful blocking script kiddies from Iran and other low hanging fruit, but do any serious APT crews actually launch attacks from their home country anymore?

With the use of zero trust, distributed attack and delivery networks (looking at you Cloudflare), and VPN usage country blocking feels less useful than in the past.

At #RSAC2025, the message was clear: it's time to move beyond legacy VPNs.

Discover how Tailscale is leading the charge towards modern, secure networking solutions.

Read our RSAC 2025 recap:
https://tailscale.com/blog/rsac-2025-recap

For good reasons, I have completely switched from US providers to EU FOSS projects and solutions since around 2020. Here are the router/firewall solutions.

- DD-WRT from Germany
- https://dd-wrt.com/

- DynFI from France
- https://dynfi.com/

- IPFire from Germany
- https://www.ipfire.org/

- Mikrotik from Latvia
- https://mikrotik.com/

- Nethsecurity from Italy
- https://nethsecurity.org/

1/2

When was the last time you've properly used the camera on your Android?

No I'm not talking about the camera which points at the scenery, I'm talking about the camera which points straight to your face 24 hours a day every time you pick your Android up.

¿Well? I'm waiting.

About 990 out of 1000 people will answer this wrong.

The only proper way of using that camera is making sure that it can only record images of your face when you absolutely want to

That means that you need to put a piece of electrical isolation tape in front of the lens of the camera and it should be like that for most of the day.

Any other manner means that you do not know anything about securing yourself and about protecting your identity.

Do you consider it normal to have a barrel of a firearm pointed at your face 24 hours a day?

The question is rhetorical

Now please follow suit and do like I have done it for decades;

The only time when the camera is pointed at me, is when I want to; if I don't I either cover it, or shove the person who puts the camera in my face in such a manner that they drop it immediately, or else!

https://www.europesays.com/1885824/ Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus #belarus #ComputerSecurity #CyberAttacks #CyberNews #CyberSecurityNews #CyberSecurityNewsToday #CyberSecurityUpdates #CyberUpdates #DataBreach #HackerNews #HackingNews #HowToHack #InformationSecurity #NetworkSecurity #RansomwareMalware #SoftwareVulnerability #TheHackerNews

I’ve got to know a lot of tech by sort of accreting knowledge over time, so I often don’t have a good answer to “how do I learn about XYZ?” type questions

To wit, a friend just asked me how to get started learning about IP #networking and basic #networkSecurity and… I’m not sure? Anyone have a good suggestion?

https://www.europesays.com/1857552/ Musk’s Starlink isn’t ready to rule Europe’s internet airwaves – POLITICO #Airlines #communications #Connectivity #Data #ElonMusk #England #europe #france #Gaming #greece #industry #innovation #markets #mobile #NetworkSecurity #resilience #RobertMourik #Russia #satellites #space #telecoms #Ukraine #UnitedStates

Musk’s Starlink isn’t ready to rule Europe’s internet airwaves – POLITICO https://www.byteseu.com/757947/ #Airlines #Communications #connectivity #Data #ElonMusk #England #Europe #France #gaming #Greece #industry #Innovation #Markets #mobile #NetworkSecurity #Resilience #RobertMourik #Russia #satellites #Space #Telecoms #Ukraine #UnitedStates

Every time we publish our Botnet Threat Update , the same networks show up in the Top 20 for hosting botnet C&C servers. But why does this keep happening?

In this Botnet Spotlight, we look at the root causes behind this ongoing issue and what networks must do to break the cycle - learn more here
https://www.spamhaus.org/resource-hub/botnet-c-c/networks-hosting-botnet-ccs/

One thing's clear: if you send an abuse notification to NiceNIC, it ends up being really 'nice' for the criminals.

This reminded me of an idea for proxy filtering: filtering based on the domain registrar. Another practical use case for the WHOIS history database.

Is there an open and public list of the worst registrars?

Ultimate Linux Network Security for Enterprises: Master Effective and Advanced Cybersecurity Techniques to Safeguard Linux Networks and Manage Enterprise-Level Network Services by Adarsh Kant, 2024

@bookstodon
#books
#nonfiction
#Linux
#NetworkSecurity
#cybersecurity

Long toot, but TL;DR I’m looking for advice from fellow IT and network managers/maintainers.

Planning a network overhaul for my ~20 person employer for a few months from now. Likely going Unifi for as much as possible for the tight integration and simple management for this poor solo IT guy. I’m not looking for input on that decision at this time, unless you have a really good reason.

Unfortunately, everyone is used to a BYOD system when it comes to WFH. They download the NetExtender VPN on their personal machine and RDP into their workstation in the office. I am trying to figure out how best to lock this down without pissing everyone off (yet).

Obvious measures already in effect include MFA for VPN access and geo-based IP blocking. I’d love to lock it down further though, and for that I am looking into an RDP gateway in combination with VPN.

For off-site company-owned devices, those would use the Unifi VPN authenticated via AD and MFA. Connections would be based on an allowlist of known safe workstations and they would be allowed normal network access.

For personal devices, I’m considering an RDP gateway (with MFA?) to monitor and limit connections from personal devices to employee workstations only (I.e. no server access). I _could_ expose that publicly and ensure it’s locked down with MFA and give the host server minimal permissions and access. However, I’m wondering if it would make sense to place that behind the VPN as well.

Untrusted VPN connections could go to their own VLAN, only allowed access to the RDP gateway and nothing else. Both would authenticate with the same LDAP credentials, so not much benefit there. My main consideration is 0 days and other vulns. A 2 layered approach would ensure that a vulnerability in one system is still mitigated by the other.

I could see this creating unnecessary overhead for employees to connect though, and may not be worth the perceived extra security.

Anyone have any input? I’d love some advice here!

ssldump v1.9 released with bug fixes, enhancements and improvements Latest

Enhancements

• Original PCAP Timestamps: Added support for original PCAP timestamps, replacing timeofday-generated timestamps for improved accuracy.
• TLS 1.3 Handling: Introduced handling for TLS version 1.3.
• RAW IP Capture Support: Implemented support for "raw IP" captures, allowing capture of packets without Layer 2 headers.
• Connection Tracker Enhancements: Improved connection tracking with live list and purge functionality.

#ssldump #ssl #tls #networksecurity #network #infosec #dfir #opensource

Release notes https://github.com/adulau/ssldump/releases/tag/v1.9
https://github.com/adulau/ssldump

A little late for Halloween but just as scary: Nearly 1 million Fortinet and SonicWall devices with actively exploited vulnerabilities are exposed on the internet.
#Cybersecurity #NetworkSecurity #Fortinet #FortiJump #FortiManager #SonicWall #Security #Ransomware #Cyberattacks #ThreatIntelligence #Vulnerabilities

https://thecyberexpress.com/vulnerable-fortinet-sonicwall-devices-exposed/

The Cyble sensor intelligence report is always my favorite one to write up because I never know what’s going to be hidden in all that data. Attacks on VNC, IoT/OT devices and LightSpeed Cache and GutenKit WordPress plugins are some of the highlights this week.
#Cyberattacks #ThreatIntelligence #Cybersecurity #Security #WordPress #IoT #OT #NetworkSecurity #Vulnerabilities #Linux #PHP #Java #Python

https://cyble.com/blog/cyble-sensors-detect-new-attacks-on-lightspeed-gutenkit-wordpress-plugins/