NIST has just updated its guidance for Domain Name System (DNS) security. The last version of this document (Secure Domain Name System (DNS) Deployment Guide) (SP 800-81r3), was last updated way back in 2013. It's been updated with good protective DNS measures and recommendations that all organisations should adopt as a baseline, largely: Employ protective DNS wherever technically feasible to provide additional network wide security capabilities that include: Blocking harm

As of the start of this week, the maximum certificate lifespan for TLS certificates has now dropped to 200 days. The change is the first step in a process established by the CA/Browser Forum last year. (CAB is the governing body comprised of certificate authorities, browser vendors, and operating system providers, that sets the Baseline Requirements for publicly trusted SSL/TLS certificates.) The next changes will be in March 15, 2027, where maximum validity period of subscri

I'm often asked by IT folk, sysadmins, soc staff, and pentesters alike about some free tools they can run across their environments (or their clients) to identify security risks associated with Local Active Directory (LAD) & Entra ID (Formerly AAD). There are a stack of tools out there, but this blog post will cover some nice simple toolsets you can use in between your next pentest to make it more difficult for the pentesters during your next pentest and to improve your IAM

Just came across this in today's news feeds... This isnt going to be good news for anyone, except the ransomware groups....

Its sad that we are now at the point where everything should be assumed as fake when it comes to videos & content online (and of course...

This is an awesome read and quite hilarious, can't believe this attacker/threat actor could of made such a simple mistake! wow! 🫣...

Patch Tuesday is again upon us. This month the new SMB patch rolled out, enabling a new feature that enables support for auditing SMB...

An interesting diary entry from the SANS Internet Storm Center today on sextortion observations and associated bitcoin addresses over the...

Citrix has released the fixes to address the latest 3 security flaws in NetScaler ADC and NetScaler Gateway, including CVE-2025-7775 that...

I came across this post from Kevin this morning. A great reminder to everyone that if you want to reduce your online presence, BADBOOL...

Yesterday I came across a post regarding the Lockbit ransomware gang, who had been hacked big time (they clearly pissed off someone), and...

A good example of a logic bomb attack, 6 years in the making, we haven't seen many of these attacks for a number of years now. For you...

One to be vigilant on when browsing LinkedIn job advertisements. North Korea are posting fake posts atm and during the interview process...

ICYMI last week, MITRE ATT&CK Version 17 was released which includes ESXi updates, more defensive data components, additional tools and...

It's Patch Tuesday again this week. This month Microsoft patches address 126 vulnerabilities and one vulnerability that it said has been...

Google has just released its monthly patch run, addressing 62 vulnerabilities, of which 2 are under active exploitation....

KnowBe4 have just put out their 2025 phishing threat trends report which has some interesting findings. One in particular: "at least one...

The Flashpoint 2025 Global Threat Intelligence Report has just come out ( https://flashpoint.io/blog/flashpoint-global-threat-intelligenc...

Came across this interesting case study this morning. In this particular breach, Volt Typhoon Hackers were in this major utility company...

Google has released its monthly Android Security Bulletin for March 2025 to address a total of 44 vulnerabilities, including two that...