Collaborate Disseminate
Cybersecurity involves a balancing act between risk aversion and risk tolerance. Going too far to either extreme may increase cost and complexity, or worse: cause the inevitable business and compliance consequences of a successful cyberattack. The deci… Continue reading How to avoid security blind spots when logging and monitoring
I installed ufw on my VPS. xx:xx:xx:xx:xx:xx is the MAC address of my VPS.
grep ‘BLOCK’ /var/log/ufw.log | awk ‘{print $1,$2,$3,$12,$13}’
Apr 28 20:28:04 MAC=xx:xx:xx:xx:xx:xx:fe:00:03:ee:8f:33:08:00 SRC=89.248.165.118
Apr 28 20:28:04 … Continue reading someone always attack my server [closed]
I have a hosted a simple react website(testing) with nginx webserver and cloudflare as ssl provider.My website is down from few days with cloudflare error 525 "SSL handshake failed".I was pretty sure my SSL keys are not expired,s… Continue reading Can anyone help finding what’s shady things are logged on my nginx webserver? [duplicate]
I need to secure logs on a IoT device (Infineon TC233). It has 2 MB flash and a HSM. We are at the design stage of development.
Since logs will be primarily event & data logs, the size of the log file is likely to be in a few KBs. Addi… Continue reading Secure logs on an embedded IoT device
In logs, I found lsass.exe spawning lsass.exe.
C:\Windows\System32\smss.exe
C:\Windows\System32\smss.exe
C:\Windows\System32\wininit.exe
C:\Windows\System32\lsass.exe
C:\WINDOWS\system32\lsass.exe
lsass.exe should always be a ch… Continue reading lsass.exe spawning lsass.exe
Now that the dust has settled on both the holiday season and the Log4j vulnerability that saw many of us working through it (CVE-2021-44228), it makes sense to look back and take stock of how things played out. What strategies worked in the face of one… Continue reading Log4Shell: A retrospective
Is there any way to find out if any of the vulnerabilities of older Logitech Unifying Receiver firmware was exploited? I’m referring to the vulnerabilities listed here including these.
On GNU/Linux/Debian it can be patched with fwupdmgr up… Continue reading Is there any way to find out if a Logitech Unifying Receiver vulnerability was exploited?
Logging is enabled. Only allow rules are logged. The very last line of my firewall rules is:
Anywhere DENY Anywhere
No logging is asked for, however two IPs repeatedly show up in my firewall logs as blocked:
Dec… Continue reading ufw logs BLOCKS from 2 sites while BLOCK logging is completely disabled for ALL sites [migrated]
Just curious who and how just added RCE into logging library and successfully merged this joke into master.
Is there any links or archives to original:
commit that added jndi
issue where someone asked for jndi support in log4j
pull reques… Continue reading Original Log4j commit that added jndi support into it [closed]
Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular open-source Java-based logging utility that’s seemingly used by most enterpri… Continue reading Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation