We’re actively sending abuse alert emails to network owners, alerting them to potential compromises on their servers. Recently, several TOR operators (middle, guard, and exit nodes) have reached out, reporting that their IPs were spoofed. While these claims have validity, we’d like to highlight that a significant amount of the TCP port 22 traffic we …
The security agent we use in our Managed SOC is just a “grab and log” agent. As such, it doesn’t need deep integration at the OS level like Crowdstrike. So, while Crowdstrike runs at the kernel level, our agent runs natively in user space. This is a much safer approach to security monitoring and threat …
In today’s rapidly evolving digital landscape, maintaining a robust network security posture is paramount. One often overlooked but crucial aspect of this is the regular review and optimization of firewall rules using firewall logs. This practice not only enhances security but also improves network performance. Let’s explore four key areas where firewall log analysis can …
Read more “Harnessing Firewall Logs: Optimizing your Firewall/IPS using Analytics”
WatchDogCyberDefense has been emailing the Network Owners/Admin of the listed IP address for over 2 years. The attacks keep on coming without any resolution from the Hosted Providers.
This is also an indicator of POOR network/security admin performance. No wonder the IP of SV Chrome Hotels is also listed by Virustotal as “malicious”. Our guess is that this network is totally compromised by hackers and the management has no idea that their network/IT guys are complacent about it.
According to Reuters, a cyber attacker compromised Indonesia’s national data centre, leading to disruptions in immigration checks at airports. The attacker demanded an $8 million ransom. As a result, several government services were affected, particularly at airports, where long lines formed at immigration desks1. The automated passport machines are now operational, but the incident highlights …