How to comply with Google and Yahoo’s requirements for bulk email senders

An image generated by the Midjourney AI 6.0 alpha model using the prompt: An envelope sealed with a wax seal embossed with the word "DMARC"

To help protect their customers from malicious and junk emails, Google and Yahoo have announced that they will begin to enforce additional requirements for emails from bulk email senders in February 2024. Failure to meet these requirements will result in emails being placed in the spam folder instead of the inbox, or possibly not being delivered at all. This includes both personal and business inboxes. Other email providers are expected to follow suit, so any application that sends email should work towards adhering to these requirements, regardless of recipients or message volume.

Update: Google has begun to reject messages from bulk senders that do not comply with authentication requirements.

Read more

How to create a single-node Graylog instance and analyze FortiGate logs

A screenshot of the Application Control dashboard included in the FortiGate Syslog Content Pack for Graylog

Firewall logs provide a wealth of information about a network. They can be used to identify devices, troubleshoot policies, and even help determine the impact of a cyber attack. Graylog is a powerful open source log collection and analysis platform that is well-suited for managing firewall logs. This guide explains how to create a production-ready single node Graylog instance with bidirectional authentication to the firewalls, and how it can be used to analyze FortiGate firewall logs with premade dashboards.

Check out the presentation I made on this topic here.

Read more

Business Email Compromise prevention and response

An illustration of a phishing attack

Business Email Compromise (BEC) attacks are easy, cheap, and often very effective. This high Return on Investment makes BEC an extremely popular with attackers of any skill level—from low-level scammers to state-sponsored groups. BEC occurs when an attacker is able to access an email inbox within a business. From there, an attacker examine sensitive emails, insert themselves into email threads, and spread phishing emails from the trusted email account. While BEC can be devastating to the finances, reputation, and operations of any business, small businesses are particularly vulnerable. Fortunately. the defenses against BEC such as multi-factor authentication and user training are also simple, cheap and effective.

Read more

SEIMs and Other Forensic Tools Vulnerable to Log4j Exploits

The Auopsy, Ghidra, Graylog, Log4j, and Splunk logos

This article was last updated on 2022-01-03.

After several Log4j vulnerabilities (known as Log4shell or LogJam in the tech press) were publicly exposed, IT teams around the globe have been rushing to patch all of their applications against the flaws. Log4j is an very popular open source software library for implementing logging in Java applications. The first discovered flaw, tracked as CVE-2021-44228, allows logged data to include remote lookup that would then download and execute arbitrary code from a remote server, which is known as a Remote Code Execution (RCE) vulnerability. Many security tools such as Splunk, Graylog, Autopsy, and Ghidra use Log4j to generate usage and diagnostic logs.

Tools commonly used by information security professionals to investigate breaches could be leveraged to cause a security breach.

Read more

How to update the firmware on a Samsung monitor

Image of a Samsung Moniter with a Level Up sign in front.

Almost every device you can buy nowadays has upgradable firmware. New firmware versions can fix bugs, patch security vulnerability, improve features, or add features. As computer monitors get more complex and feature-packed, it becomes more important to use the latest firmware. Samsung doesn’t provide instructions on performing a firmware update in user guides on on download pages. This guide explains the exact steps for updating the firmware on Samsung monitor, and will hopefully save you a lot of searching.

Read more

How to use Farsight Security’s DNSDB to harness the power of passive DNS

The logo of Farsight Security, makers of the DNSDB passive DNS service

DNS describes the structure of resources on the internet. It can provide lots of valuable information about (attacker or target) infrastructure. However, in order to query DNS records, you must already know the exact domains or subdomains to query. When examining unknown infrastructure, this is not practical. On top of that, DNS records can change often, so historical information is lost. Passive DNS databases help solve both of these problems. Farsight Security DNSDB is the largest passive DNS database in the world. With DNSDB, you can answer questions like “How has this network infrastructure changed over time?”, “What other domains and subdomain point (or have pointed to) this IP address?”, “What are the subdomains and resource records for this domain?”

Read more

How to configure a nginx reverse proxy with Let’s Encrypt certificates

The Let's Encrypt logo

The certbot utility by the Electronic Fronter Foundation (EFF) can use DNS authentication to obtain, install, and renew free trusted SSL certificates on a variety of webserver configurations, including a nginx reverse proxy.

This configuration can be used on internal and external websites. It is particularly useful in situations where you want to have a trusted certificate for an internal web application without the time, effort, and risks of creating and maintaining your own internal Certificate Authority (CA).

As an example, this guide will explain how to configure nginx with a trusted certificate to act as a reverse proxy in front of a Unifi Controller.

Read more