Network security – Noise

Serious F5 Breach

Bruce Schneier — Thu, 23 Oct 2025 11:04:48 +0000

This is bad:

F5, a Seattle-based maker of networking software, disclosed the breach on Wednesday. F5 said a “sophisticated” threat group working for an undisclosed nation-state government had surreptitiously and persistently dwelled in its network over a “long-term.” Security researchers who have responded to similar intrusions in the past took the language to mean the hackers were inside the F5 network for years.

During that time, F5 said, the hackers took control of the network segment the company uses to create and distribute updates for BIG IP, a line of server appliances that F5 ...

Poor Password Choices

Bruce Schneier — Mon, 25 Aug 2025 11:03:18 +0000

Look at this: McDonald’s chose the password “123456” for a major corporate system.

Enhancing telecom security with AWS

Kal Krishnan — Fri, 07 Feb 2025 18:04:34 +0000

If you’d like to skip directly to the detailed mapping between the CISA guidance and AWS security controls and best practices, visit our Github page. Implementing CISA’s enhanced visibility and hardening guidance for communications infrastructure In response to recent cybersecurity incidents attributed to actors from the People’s Republic of China, a number of cybersecurity agencies […]

Establishing a data perimeter on AWS: Analyze your account activity to evaluate impact and refine controls

Achraf Moussadek-Kabdani — Wed, 29 May 2024 20:19:27 +0000

A data perimeter on Amazon Web Services (AWS) is a set of preventive controls you can use to help establish a boundary around your data in AWS Organizations. This boundary helps ensure that your data can be accessed only by trusted identities from within networks you expect and that the data cannot be transferred outside […]

Establishing a data perimeter on AWS: Allow access to company data only from expected networks

Laura Reith — Tue, 05 Sep 2023 13:34:00 +0000

A key part of protecting your organization’s non-public, sensitive data is to understand who can access it and from where. One of the common requirements is to restrict access to authorized users from known locations. To accomplish this, you should be familiar with the expected network access patterns and establish organization-wide guardrails to limit access […]

Gain insights and knowledge at AWS re:Inforce 2023

CJ Moses — Thu, 30 Mar 2023 17:32:03 +0000

I’d like to personally invite you to attend the Amazon Web Services (AWS) security conference, AWS re:Inforce 2023, in Anaheim, CA on June 13–14, 2023. You’ll have access to interactive educational content to address your security, compliance, privacy, and identity management needs. Join security experts, peers, leaders, and partners from around the world who are […]

Establishing a data perimeter on AWS: Allow only trusted resources from my organization

Laura Reith — Thu, 09 Mar 2023 16:24:35 +0000

Companies that store and process data on Amazon Web Services (AWS) want to prevent transfers of that data to or from locations outside of their company’s control. This is to support security strategies, such as data loss prevention, or to comply with the terms and conditions set forth by various regulatory and privacy agreements. On […]

HardCIDR – Network CIDR and Range Discovery Tool

Thu, 29 Dec 2022 07:36:08 +0000

HardCIDR is a Linux Bash script to discover the netblocks, or ranges, (in CIDR notation) owned by the target organization during the intelligence gathering phase of a penetration test.

Establishing a data perimeter on AWS: Allow only trusted identities to access company data

Tatyana Yatskevich — Wed, 23 Nov 2022 17:28:01 +0000

As described in an earlier blog post, Establishing a data perimeter on AWS, Amazon Web Services (AWS) offers a set of capabilities you can use to implement a data perimeter to help prevent unintended access. One type of unintended access that companies want to prevent is access to corporate data by users who do not […]

AWS re:Inforce 2022: Network & Infrastructure Security track preview

Satinder Khasriya — Fri, 22 Jul 2022 17:39:34 +0000

Register now with discount code SALvWQHU2Km to get $150 off your full conference pass to AWS re:Inforce. For a limited time only and while supplies last. Today we’re going to highlight just some of the network and infrastructure security focused sessions planned for AWS re:Inforce. AWS re:Inforce 2022 will take place in-person in Boston, MA […]

Establishing a data perimeter on AWS

Ilya Epshteyn — Tue, 10 May 2022 21:14:07 +0000

For your sensitive data on AWS, you should implement security controls, including identity and access management, infrastructure security, and data protection. Amazon Web Services (AWS) recommends that you set up multiple accounts as your workloads grow to isolate applications and data that have specific security requirements. AWS tools can help you establish a data perimeter […]

How the SolarWinds Hackers Bypassed Duo’s Multi-Factor Authentication

Bruce Schneier — Tue, 15 Dec 2020 20:13:01 +0000

This is interesting:

Toward the end of the second incident that Volexity worked involving Dark Halo, the actor was observed accessing the e-mail account of a user via OWA. This was unexpected for a few reasons, not least of which was the targeted mailbox was protected by MFA. Logs from the Exchange server showed that the attacker provided username and password authentication like normal but were not challenged for a second factor through Duo. The logs from the Duo authentication server further showed that no attempts had been made to log into the account in question. Volexity was able to confirm that session hijacking was not involved and, through a memory dump of the OWA server, could also confirm that the attacker had presented cookie tied to a Duo MFA session named ...

FireEye Hacked

Bruce Schneier — Wed, 09 Dec 2020 12:36:14 +0000

FireEye was hacked by — they believe — “a nation with top-tier offensive capabilities”:

During our investigation to date, we have found that the attacker targeted and accessed certain Red Team assessment tools that we use to test our customers’ security. These tools mimic the behavior of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers. None of the tools contain zero-day exploits. Consistent with our goal to protect the community, we are proactively releasing methods and means to detect the use of our stolen Red Team tools...

Enforce your AWS Network Firewall protections at scale with AWS Firewall Manager

Michael Wasielewski — Fri, 04 Dec 2020 17:08:39 +0000

As you look to manage network security on Amazon Web Services (AWS), there are multiple tools you can use to protect your resources and keep your data safe. Amazon Virtual Private Cloud (Amazon VPC), security groups (SGs), network access control lists (network ACLs), AWS WAF, and the recently launched AWS Network Firewall all offer points […]