All news with #network security tag

🔍 Cloudflare analyzed a BGP route leak observed on January 2 involving AS8048 (CANTV) redistributing prefixes originated by AS21980 (Dayco Telecom) via upstreams including AS6762 (Sparkle) and AS52320 (V.tal/GlobeNet). The pattern — with eleven similar events since December, heavy AS prepending, and an upstream provider relationship — suggests misconfigured export/import policies rather than deliberate interception. ROV would not have prevented this path-based leak; adoption of ASPA, RFC9234/OTC, and Peerlock-style checks is recommended to mitigate future leaks.

🔒 NETSCOUT's Arbor Edge Defense (AED) complements CDN-based DDoS mitigation by providing inline, on-premises protection for attacks that cloud scrubbing can miss. AED uses AI/ML-driven stateless packet processing and ATLAS threat intelligence to address application-layer, TCP state-exhaustion, and outbound threats. Together, CDN protections and AED form a layered, adaptive defense-in-depth strategy that preserves bandwidth and safeguards availability.

🛡️ DDoS attacks are widespread and varied, yet persistent myths can lead organizations to underprepare. This article debunks five common misconceptions — that attacks only hit large companies, that DDoS is always high-volume flooding, that NGFWs or cloud-only solutions are sufficient, and that AI/ML is unnecessary — and explains modern multivector and application-layer tactics. Defenders are advised to deploy hybrid, AI-enabled, and stateless mitigation to protect availability.

🔒 CERN manages cybersecurity across a globally distributed research community by prioritizing risk adaptation over one-size-fits-all controls. CISO Stefan Lüders frames security as a sociological challenge—measures must be explained and adapted so academic freedom and research workflows remain viable while defending against threats from script kiddies to ransomware and espionage. With roughly 200,000 devices and extensive BYOD, CERN relies on defense-in-depth, network monitoring, segmentation for legacy and IoT systems, and mandated protections such as MFA. Governance is being formalized through audits and standards while preserving operational flexibility.

🌐 Amazon MSK Connect now supports dual-stack connectivity (IPv4 and IPv6) for new connectors on MSK Connect, allowing customers to create connectors that use both protocols. Connectors can be created with dual-stack via the Amazon MSK Console, AWS CLI, SDKs, or CloudFormation by setting the Network Type parameter. New connectors default to IPv4-only unless explicitly configured for dual-stack, and existing connectors remain IPv4 and must be deleted and recreated to change. The feature is available in all Regions where MSK Connect is offered and incurs no additional charge.

🌐 Amazon WorkSpaces now supports IPv6 for WorkSpaces domains and external endpoints, enabling IPv4/IPv6 dual‑stack connectivity from compatible clients while excluding SAML authentication over IPv6. Dual‑stack reduces the need for address translation hardware, simplifies IP management, and supports PrivateLink VPC endpoints over IPv6 for private access. The feature is available in all AWS Regions, including GovCloud, at no additional cost; administrators must use the latest WorkSpaces clients to enable IPv6.

🔌 A Raspberry Pi with a cellular modem was discovered plugged into a French ferry's internal network as it prepared to sail from Sète to Algeria; investigators told Bloomberg that network segmentation and the absence of remote access to critical controls prevented lateral movement and possible sabotage. Security experts warn such rogue devices can create a new internal perimeter that bypasses monitored gateways and render SOCs blind if traffic exits over cellular. Recommended mitigations include 802.1X authentication, disabling unused switch ports by default, physical port locks and tamper-evident measures, deployment of advanced NACs and physical-layer fingerprinting tools like Sepio, and capturing a device's network traffic for forensic analysis before physical removal.

🔒 In mid-December, a Raspberry Pi paired with a cellular modem was found attached to a ferry owned by the Mediterranean Shipping Company, apparently intended to give remote access to the vessel’s internal network. Robust segmentation and disabled remote access to critical control systems prevented lateral movement and a potential sabotage scenario. Analysts warn many organizations remain vulnerable because physical security and port-level controls are often overlooked, and they recommend stronger NAC, 802.1X enforcement, port locks, and continuous external infrastructure monitoring.

🔌 AWS opened a new AWS Direct Connect location at the CMC Tower in Hanoi, Vietnam, enabling private, dedicated network access to all public AWS Regions (except China), AWS GovCloud Regions, and AWS Local Zones. The site offers dedicated 1 Gbps, 10 Gbps, and 100 Gbps connections, with MACsec encryption available for 10 Gbps and 100 Gbps links. This is the first Direct Connect location in Vietnam and is designed to deliver a more consistent network experience than internet-based connections. Organizations can use this location to establish private, physical connections between AWS and their data centers, offices, or colocation environments.

🔒 AWS Shield Network Security Director is now available in preview with multi-account network security management, allowing delegated administrator accounts to run continuous analysis across an AWS Organization. It centralizes per-account network topology, security findings, and recommended remediations for missing or misconfigured network security services. The capability can summarize and report misconfigurations from within Amazon Q Developer and chat applications, and it is now available in five additional AWS regions.

🔒 Amazon WorkSpaces Secure Browser now includes Web Content Filtering, allowing administrators to define granular access policies, block specific URLs or entire domain categories using 25+ predefined categories, and integrate with Session Logger for enhanced monitoring and compliance. While existing Chrome policies remain supported, this category-based approach delivers richer control, improved logging, and centralized policy management. The feature is available at no additional cost in 10 AWS Regions and supports pay-as-you-go pricing, with console enablement and automatic migration of URL blocklists and allowlists.

🔒Amazon Cognito identity pools now support AWS PrivateLink, enabling private connectivity between your VPC and Cognito to exchange federated identities for temporary AWS credentials. This removes the need to route authentication traffic over the public internet and reduces exposure of auth flows. PrivateLink endpoints are available in all Regions where Cognito identity pools operate except AWS China (Beijing) and AWS GovCloud (US); standard PrivateLink charges apply.

🔁 The article traces redundancy from tangible rack-level practices to fragile cloud and software-defined environments. It argues that physical diversity, disciplined configuration management and automation remain essential as networks span BGP, SD-WAN, edge devices and cloud control planes. Real resilience requires policy alignment, diverse DNS and routing protections and rehearsed pre-mortems so backups are usable when they matter most.

🔒 Amazon Simple Email Service (SES) now supports accessing SES API endpoints via Virtual Private Cloud (VPC) endpoints. Customers can use VPC endpoints to send email and manage SES resource configuration without routing API traffic through an internet gateway, reducing exposure of VPC activity to the public internet. The capability is available in all AWS Regions where SES is offered, simplifying private network architectures.

🔒 Submarine cables carry between 95% and 99% of global data traffic, yet recent breakages — notably ten in the Baltic Sea between 2022 and July 2025 — highlight persistent vulnerabilities. Private operators now control most capacity, and governments and vendors must address both physical threats such as fishing and anchors and increasingly sophisticated cyber risks. Major cloud vendors emphasize route diversity and redundancy while operators like Telxius combine burial, audits, AI/ML detection and continuity planning to protect service availability.

🚀 Amazon Web Services previewed EC2 C8ine instances built on custom sixth-generation Intel Xeon Scalable processors (Granite Rapids) and the new Nitro v6 card. These instances are optimized for dataplane packet-processing workloads and can deliver up to 2.5× higher packet performance per vCPU versus prior C6in instances, with up to 2× higher internet-gateway bandwidth and up to 3× more ENIs. Targeted use cases include security virtual appliances, firewalls, load balancers, DDoS protection systems, and Telco 5G UPF. Preview access is available upon request through your AWS account team.

🔍 NETSCOUT’s Omnis Cyber Intelligence was named “Overall Network Security Solution of the Year” in the ninth annual CyberSecurity Breakthrough Awards. The platform delivers always-on, packet-based visibility using scalable deep packet inspection to continuously capture, analyze, and retain high-fidelity network metadata. Its on-sensor storage minimizes data movement and helps address compliance and sovereignty requirements while providing the historical context analysts need to investigate threats across cloud and on-premises environments.

🔍 Recent ESG research finds that many organizations still turn to the network first for threat detection: 53% cite network visibility as their primary defense and 93% of SecOps and NetOps now share visibility tools. Packets offer an unaltered record of communications, making modern NDR essential across hybrid and multicloud environments. Detection is only the first step; full packet capture and deep network intelligence enable thorough investigation. NETSCOUT Omnis Cyber Intelligence unifies visibility and delivers packet-level context to reduce blind spots and accelerate response.

☁️ Azure announces networking enhancements focused on security, resiliency, and AI-scale infrastructure. The update highlights zone-redundant NAT Gateway V2, expanded throughput options including ExpressRoute 400G and higher-performance VPN gateways, and advanced security features such as DNS Security Policy with Threat Intel and JWT validation in Application Gateway. Improvements to AKS container networking, Private Link Direct Connect, and Virtual WAN forced tunneling aim to simplify secure hybrid and AI deployments.

🔍 Google Cloud has extended VPC Flow Logs to cover Cloud VPN tunnels and VLAN attachments for Cloud Interconnect and Cross-Cloud Interconnect, giving operators fuller visibility into hybrid and cross-cloud traffic. New gateway annotations (reporter and gateway object) add directional context and gateway metadata while logs retain 5-tuple granularity for precise flow identification. Use these logs to find elephant flows, audit Shared VPC hybrid bandwidth, validate DSCP markings, and troubleshoot on-prem-to-cloud connectivity. Logs integrate with Flow Analyzer for in-context analysis, connectivity tests, and natural-language queries.