All news with #network security tag

🛡️ Cisco Talos reports a rapid rise in exploitation of public-facing applications following the mid‑July 2025 disclosure of the ToolShell chain, which targets on‑premises Microsoft SharePoint servers via CVE-2025-53770 and CVE-2025-53771. In Q3, application exploitation featured in over 60% of Talos Incident Response engagements, with ToolShell activity implicated in nearly 40% of cases. Talos urges expedited patching and network segmentation to limit lateral movement and downstream impacts such as ransomware.

🛡️ This article by Andrius Buinovskis of NordLayer explains why default gateway setups often leave gaps in security, performance, and compliance. It recommends four core actions: network segmentation, multiple distributed gateways to avoid single points of failure, optimization for geographically dispersed workforces, and layered cloud firewall controls to restrict ports and protocols. The guidance aligns with Zero Trust principles and highlights regional privacy rules such as GDPR and CCPA.

🔒 The DNS0.EU non‑profit public DNS resolver announced an immediate shutdown, citing unsustainable time and resource constraints for its volunteer team. Launched in 2023 and operated from France with 62 servers across 27 cities in all EU member states, the service supported no‑logs policies and modern encrypted transports including DNS‑over‑HTTPS, DNS‑over‑TLS, and DNS‑over‑QUIC. The operators thanked partners and urged users to migrate to DNS4EU or NextDNS, both of which offer privacy protections and defenses against malicious domains.

🔒 Resecurity warns that legacy Windows name-resolution protocols continue to expose organisations to credential theft when attackers share the same local network. By poisoning LLMNR and NBT-NS broadcasts using tools such as Responder, attackers can capture usernames, domain context and password hashes without exploiting a software vulnerability. Recommended mitigations include disabling these protocols via Group Policy, blocking UDP 5355, enforcing SMB signing, reducing NTLM, and monitoring for anomalous traffic.

🔒 Google Cloud has launched a Network Security Learning Path culminating in the Designing Network Security in Google Cloud skill badge to help organizations secure dynamic cloud networks. The program covers design, build, and management of secure VPCs, GKE lockdown, NGFW rules, Cloud VPN/Interconnect, and Cloud Armor for WAF and DDoS protection. Learners validate skills through a hands-on break-fix challenge lab simulating incidents like firewall policy breaches and data exfiltration.

🔧 Amazon Web Services announced that Amazon VPC Lattice now lets you configure the number of IPv4 addresses assigned to resource gateway ENIs. The selected IPv4 count is immutable after creation and directly affects network address translation capacity and the maximum concurrent IPv4 connections to backend resources. By default VPC Lattice assigns 16 IPv4 addresses per ENI; for IPv6 it always assigns a /80 CIDR per ENI. This capability is available at no additional cost in all Regions where VPC Lattice is offered.

🔒 AWS has expanded AWS Direct Connect capacity at the ePLDT data center near Makati City, Philippines, adding 10 Gbps and 100 Gbps dedicated connections with MACsec encryption. Customers at this Direct Connect location can establish private, direct access to all public AWS Regions (except those in China), AWS GovCloud Regions, and AWS Local Zones. The update delivers higher throughput and enhanced in‑flight protection for hybrid and colocated workloads, improving performance and security compared with internet-based connectivity.

🌐 Amazon EC2 Instance Connect Endpoint now supports IPv6 connectivity. Customers can configure endpoints as dual-stack or IPv6-only to connect to instances with IPv6 addresses and continue using SSH and RDP without public IPv4 addresses. The capability is available in all AWS Commercial Regions, AWS GovCloud (US), and China Regions and works via the AWS Console, AWS CLI, and standard SSH/RDP clients. It maintains backward compatibility with existing IPv4 deployments.

🔒 AWS DataSync now supports VPC endpoint policies, enabling administrators to control access to DataSync API operations through VPC service endpoints, including FIPS 140-3 enabled endpoints. You can restrict specific actions such as CreateTask, StartTaskExecution, or ListAgents and combine these controls with identity-based and resource-based policies. The capability is available in all AWS Regions and helps strengthen security posture and compliance when accessing DataSync via VPC endpoints.

🛰️ AWS has made AWS Cloud WAN available in AWS GovCloud (US-West) and AWS GovCloud (US-East) as of Oct 1, 2025. The service provides a central dashboard and policy-driven networking to create a global network that spans VPCs, Transit Gateways, and on-premises locations. It supports BGP-based global route exchange and connectivity via Site-to-Site VPN, Direct Connect, or third-party SD-WAN solutions. The dashboard offers consolidated visibility into network health, security, and performance to simplify operations.

🌐 Amazon Web Services now supports IPv6 access for Amazon FSx for NetApp ONTAP file systems. Customers can connect using IPv4, IPv6, or dual-stack clients without requiring translation infrastructure, simplifying IPv6 adoption and compliance with mandates such as OMB M-21-07. IPv6 is available for new file systems across all AWS Commercial and GovCloud regions; existing systems will receive support during an upcoming maintenance window.

🌐 Amazon FSx for Windows File Server now supports IPv6, enabling new file systems to be accessed over IPv4, IPv6, or dual‑stack clients without requiring address translation. The capability is available immediately in all AWS Commercial and AWS GovCloud (US) regions where FSx is offered; existing file systems will receive IPv6 during an upcoming maintenance window. This change helps customers address IPv4 exhaustion and comply with mandates such as the US OMB M‑21‑07. See the FSx user guide for configuration and migration details.

🔒 AWS Network Firewall now supports Reject and Alert actions for stateful domain list rule groups via the console, enabling more granular control over domain-based traffic. The Reject action blocks specified domains, while the Alert action logs and monitors traffic without disrupting flows. This feature is available in all Regions and supports TLS inspection configuration through the VPC Console or the Network Firewall API, helping organizations refine policy enforcement and observability.

🔎 Cloudflare Radar now publishes public IRR AS-SET monitoring on each ASN routing page, enabling operators to inspect, filter, and export AS-SET memberships and inclusion trees. The feature surfaces inferred ASN, IRR sources, counts of AS and AS-SET members, AS cone sizes, and upstream relationships, and provides direct/indirect toggles for focused views. These capabilities help build accurate BGP route filters, detect misuse, and reduce the risk of route leaks by making AS-SET data easier to validate and share.

⚡ Cloudflare is leveraging telemetry from its vast Free Plan and global edge to refine congestion control and improve routing across its network. By combining passive connection logs, Real User Measurement (RUM) and cross-network models, the team evaluates multiple algorithms beyond classic loss-based and BBR approaches. A migration to a Rust-based stack enables faster experimentation and parameter tuning; early QUIC tests show up to 10% performance gains. Cloudflare plans staged rollouts through 2026 and offers enterprise early access.

🔍 Cloudflare explains how it leverages the world’s largest performance dataset, combining passive transport logs with Real User Measurement (RUM), to refine congestion control across its global network. Using a new Rust-based stack and experimentation framework, the company evaluates multiple algorithms (including BBR) to predict user experience from passive signals and validate with RUM. Early tests on free-tier QUIC traffic show roughly 10% average improvement versus the prior baseline, with staged rollouts and an early-access program planned for enterprises.

🔐 AWS released enhanced default application-layer rules for AWS Network Firewall to better handle TLS client hellos and HTTP requests that are split across multiple packets. The update adds new default stateful actions — drop and alert established — enabling security teams to enforce controls without complex custom rules while supporting modern TLS implementations and large HTTP requests. Detailed logging preserves visibility. Available in all supported AWS Regions.

🛰️ Amazon has expanded VPC Reachability Analyzer and VPC Network Access Analyzer to seven additional regions — New Zealand, Hyderabad, Melbourne, Taipei, Calgary, Tel Aviv, and Mexico Central. Reachability Analyzer diagnoses network reachability between source and destination resources, while Network Access Analyzer identifies unintended access paths that may bypass security controls. This regional launch improves troubleshooting, compliance checks, and multi-account network visibility; pricing and documentation are available through AWS resources.

🔍 This post introduces the third installment in Google Cloud’s Network Performance Decoded series, summarizing three whitepapers that examine TCP retransmission tuning, the effects of headers and MTU on effective throughput, and techniques to measure packets-per-second with netperf. The guidance highlights practical kernel tuning (for example, rto_min and thin linear timeouts), how protocol and cloud-specific headers reduce payload efficiency, and rigorous netperf methodologies for sizing tests and correcting skew when measuring PPS. While examples reference Google Cloud features such as Protective ReRoute, the recommendations are broadly applicable to cloud deployments seeking improved responsiveness and accurate benchmarking.

🌐 AWS Step Functions now supports IPv6 via new dual-stack IPv4/IPv6 endpoints, enabling customers to send IPv6 traffic directly to the service. The enhancement preserves backwards compatibility with existing IPv4 endpoints and enables PrivateLink interface VPC endpoint connectivity so workloads can access Step Functions privately without traversing the public internet. IPv6 support is generally available in several US commercial and GovCloud regions.