When technological innovation meets sovereignty, performance, and infrastructure security On December 4th, at Station F during the #AIPulse event, Fujitsu and Scaleway (iliad Group) announced a partnership that could mark an important milestone for the future of sovereign cloud, artificial intelligence, and high-performance computing. Beyond the technological aspect, this collaboration carries a strong message: the … Continue reading Europe & Asia: A Strategic Alliance for a More Sustainable AI

The post Europe & Asia: A Strategic Alliance for a More Sustainable AI appeared first on KoDDoS Blog.

The post CVE-2025-50165: This Windows JPEG Vulnerability Proves Detection Isn’t Enough appeared first on Votiro.

The post CVE-2025-50165: This Windows JPEG Vulnerability Proves Detection Isn’t Enough appeared first on Security Boulevard.

There’s a saying I use often, usually as a joke, but it’s often painfully true. Past me hates future me. What I mean by that is it seems the person I used to be keeps making choices that annoy the person I am now. The best example is booking that 5am flight, what was I […]

The post SBOM is an investment in the future appeared first on Anchore.

The post SBOM is an investment in the future appeared first on Security Boulevard.

SANTA CLARA, Calif., Nov 25, 2025 – Recently, NSFOCUS Generative Pre-trained Transformer (NSFGPT) and Intelligent Security Operations Platform (NSFOCUS ISOP) were recognized by the internationally renowned consulting firm Frost & Sullivan and won the 2025 Global Competitive Strategy Leadership for AI-Driven Security Operation [1]. Frost & Sullivan Best Practices Recognition awards companies each year in […]

The post NSFOCUS Receives International Recognition: 2025 Global Competitive Strategy Leadership for AI-Driven Security Operation appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post NSFOCUS Receives International Recognition: 2025 Global Competitive Strategy Leadership for AI-Driven Security Operation appeared first on Security Boulevard.

Key Takeaways Artificial intelligence is becoming a core part of how organizations deliver services, make decisions, and manage operations. But as AI moves deeper into production workflows, leadership teams face a new responsibility: ensuring these systems behave reliably, lawfully, and in support of business objectives. This guide outlines the practical first steps that every organization […]

The post How to Build an AI Governance Program in 2026 appeared first on Centraleyes.

The post How to Build an AI Governance Program in 2026 appeared first on Security Boulevard.

Cyber threats no longer hide exclusively in the dark web. Increasingly, the early signs of compromise—leaked credentials, impersonation accounts, phishing campaigns—emerge across the surface web, social platforms, and open-source data. To keep up, organizations need visibility that extends beyond the shadows. That’s where OSINT cyber intelligence comes in. Open-Source Intelligence (OSINT) is the practice of …

The post Beyond the Dark Web: How OSINT Cyber Intelligence Uncovers Hidden Digital Risks appeared first on Security Boulevard.

As a DDoS testing and resilience consultancy, we routinely advise our clients to strengthen their architecture by using a reputable CDN like Cloudflare. After this week’s Cloudflare outage, however, many organizations are understandably asking themselves a new question: Should we adopt a multi-CDN strategy instead of relying on a single provider? For the vast majority […]

The post Cloudflare Outage: Should You Go Multi-CDN? appeared first on Security Boulevard.

The November 18, 2025 outage will be remembered as one of the most significant infrastructure incidents of the past decade. Within minutes, thousands of websites and applications worldwide faced 5xx errors, severe slowdowns, or complete unavailability. Behind this global disruption was a widespread failure at Cloudflare, one of the central pillars of today’s Internet. This … Continue reading What Lessons Can We Learn from the Cloudflare Outage on November 18, 2025?

The post What Lessons Can We Learn from the Cloudflare Outage on November 18, 2025? appeared first on KoDDoS Blog.

Overview Recently, NSFOCUS CERT detected that Fortinet issued a security bulletin to fix the FortiWeb authentication bypass and command injection vulnerability (CVE-2025-64446/CVE-2025-58034); Combined exploitation can realize unauthorized remote code execution. At present, the vulnerability details and PoC have been made public, and wild exploitation has been found. Relevant users are requested to take measures to […]

The post Fortinet FortiWeb Authentication Bypass and Command Injection Vulnerability (CVE-2025-64446/CVE-2025-58034) Notice appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post Fortinet FortiWeb Authentication Bypass and Command Injection Vulnerability (CVE-2025-64446/CVE-2025-58034) Notice appeared first on Security Boulevard.

Key Takeaways What is Unified AI Oversight? In today’s AI landscape, organizations face overlapping regulations, ethical expectations, and AI operational risks. Unified AI oversight is a single lens to manage AI systems while staying aligned with global rules, reducing blind spots and duplication. It ensures AI systems are not only compliant but also ethical, secure, […]

The post Unified Compliance with AI: Optimizing Regulatory Demands with Internal Tools appeared first on Centraleyes.

The post Unified Compliance with AI: Optimizing Regulatory Demands with Internal Tools appeared first on Security Boulevard.

Originally published at Regulatory Landscape: DMARC, GDPR, DORA & What Businesses Need to Know in 2025 by Amanda E. Clark.

In 2025, compliance is key to remaining in ...

The post Regulatory Landscape: DMARC, GDPR, DORA & What Businesses Need to Know in 2025 appeared first on EasyDMARC.

The post Regulatory Landscape: DMARC, GDPR, DORA & What Businesses Need to Know in 2025 appeared first on Security Boulevard.

Massive internet outage: Cloudflare incident brings part of the global web to a standstill A major outage hit Cloudflare this afternoon, rendering numerous websites and online services inaccessible. From X to Feedly, including Marmiton and Doctissimo, users are reporting loading errors, inaccessible pages, and massive slowdowns. The exact cause of the malfunction remains unknown at … Continue reading Cloudflare is down !!!

The post Cloudflare is down !!! appeared first on KoDDoS Blog.

The Experiment Setup

Our test environment was configured for maximum network security, with both the server (SRV01) and the client (WIN11-01) explicitly set to support and require SMB signing.

1. The Attacker: We used a Kali Linux machine to act as the attacker and intermediary.
2. The Attack: We launched a bi-directional ARP Spoofing attack (Man-in-the-Middle) to intercept all traffic flowing between the client and the server.
3. The Capture: Wireshark was launched on the attacker’s machine to capture the SMB2 traffic.
4. The Test: From the client system, we accessed a file share (\\SRV01\CertEnroll) and created a new file with the content: “SMB signing test”.

The Critical Finding

Despite having SMB signing enforced on both endpoints, our packet capture yielded a critical, visible finding: the entire contents of the file, “SMB signing test,” were successfully captured and clearly readable in the Wireshark packets.

The conclusion is clear: SMB signing does not protect data from a passive traffic sniffer in a man-in-the-middle scenario.

The Security Takeaway: Signature ≠ Encryption

The reason for this failure is simple: A signature is not the same as encryption.

• SMB Signing is a mechanism that prevents session spoofing and relay attacks by verifying the identity and integrity of the data sender. It ensures that the traffic hasn’t been tampered with in transit.
• SMB Encryption is a distinct mechanism that scrambles the data, rendering it unreadable to anyone without the decryption key.

While SMB signing is vital for protecting the integrity of the communication, it does not automatically encrypt the data being transferred. As a result, an attacker who successfully performs an ARP spoofing attack can still read the unencrypted SMB traffic.For true confidentiality and to protect your data from passive snooping, SMB encryption must also be implemented alongside SMB signing.

Check out the Advanced Windows Security Course for 2026 offer >>

---

Transcript of the video:

Hi and welcome back to another episode of CQURE Hacks.

Today we will observe how packet sniffing behaves when SMB signing is enabled.

We begin in Kali Linux, the attacker’s machine.

The first step is to enable IP forwarding using the echo 1 command,

and that allows Kali to act as an intermediary for network traffic.

Next, we ensure the necessary tools are installed by checking for that dsniff package.

And with dsniff confirmed our environment is ready, we move to our target systems.

On the 1st system, SRV01 (at 10.10.10.20), we check the SMB configuration.

The settings confirm that the system supports and requires SMB signing.

We perform the same check on the client system, WIN11-01 (at 10.10.10.40).

From the client side we see it also supports and requires signing.

The connection we will test will run from the client, so .40 to the server .20.

Now we’ll launch the attack from our Kali machine.

We execute the ARP Spoofing attack.

The goal is to make the Kali host the intermediary.

The traffic flowing from host .40 to host .20 will be intercepted by Kali.

We poison the ERP cache in both directions, telling host .40 we are host .20 and telling host .20 we are host 40.

This establishes a bi-directional Man-in-the-Middle attack.

Next, we launch Wireshark to capture the traffic passing through our machine.

We’ll begin to capture on our active network interface and apply a display filter for SMB2 traffic.

On the Windows client, so .40 we initiate that file access by navigating to the server share and that is \SRV01\CertEnroll.

We then create a new text file and input the content:

SMB signing test.

We return to Kali. As we confirmed signing was enabled on both the server and the client.

Now we search the captured packets in Wireshark for the content we just wrote.

We search that packet bytes for the word signing.

The critical finding is visible.

We successfully capture the entire content of the file.

SMB signing test.

This demonstrates that signing does not protect against man in the middle attacks.

The reason is super simple.

A signature is not the same as encryption.

How good is the signature if a communication is not encrypted while the attacker can still read the unencrypted SMB traffic after performing an ARP spoofing attack?

While SMB signing prevents session spoofing and relay attacks, it does not automatically encrypt data being transferred.

Signing and encryption are two distinct mechanisms.

For true confidentiality, SMB encryption must also be implemented.

SMB signing does not provide encryption and fails to protect data from a passive traffic sniffer in a man in the middle scenario.

Thank you so much for watching our Secure Hacks episodes.

And as always, in order to continue this serial, please don’t forget to support us by hitting the subscribe button.

And as always, stay secure.

The post CQURE Hacks #69: SMB Signing – Why It Won’t Save Your Data from a Passive Traffic Sniffer appeared first on CQURE Academy.

Cyber threats are evolving at an unprecedented pace, making collaboration, innovation, and resilience more essential than ever. In this exclusive interview, we sit down with Tina Mirceta, Senior Managing Consultant, Security Services, SEE at Mastercard, to discuss how the cybersecurity landscape is transforming and what organizations can do to stay ahead of increasingly complex attacks. […]

The post The more people trust the systems they use, the more they’ll participate in the digital economy, and that’s how innovation truly scales appeared first on DefCamp 2025.

As digital transformation accelerates, cybersecurity has become a cornerstone of business resilience. We spoke with Florin Popa, Orange Business Director, about how Orange Romania is shaping the future of ICT and cybersecurity through innovation, partnerships, and education. From the launch of SCUT, the newest cybersecurity company in Romania, to the importance of collaboration within the […]

The post Cybersecurity is no longer a separate layer – it’s at the core of digital transformation appeared first on DefCamp 2025.

Barely back from Miami where CloudFest 2025 was held, our teams were yesterday in Paris for Tech Show Paris 2025 a key European gathering where strategic vision, technological innovation and real operational feedback truly intersect. Tech Show Paris is one of the most influential events in Europe for cloud, cybersecurity, data and infrastructure professionals. The … Continue reading KoDDoS was in Paris yesterday for Tech Show Paris 2025

The post KoDDoS was in Paris yesterday for Tech Show Paris 2025 appeared first on KoDDoS Blog.

KoDDoS is currently on-site at CloudFest USA in Miami. CloudFest USA is recognized as the most strategic event for the internet infrastructure, cloud hosting, and digital sovereignty ecosystem. Here in Miami, industry leaders gather to shape the next phase of the Internet: business models, network architecture, cybersecurity, resilience, independence and trust. Miami itself is symbolic: … Continue reading KoDDoS at CloudFest USA in Miami

The post KoDDoS at CloudFest USA in Miami appeared first on KoDDoS Blog.

In today’s fast-shifting cybersecurity landscape, tools and policies alone won’t keep you safe. What truly makes a difference is how skilled, adaptable, and well-coordinated your team is when things get tough. For over a decade, DefCamp has been a hub for learning, experimentation, and pushing boundaries. Education is a core focus: we help security pros […]

The post Why the DefCamp Workshops are the strategic move your team needs appeared first on DefCamp 2025.

We begin on the Domain Controller, where the Group Policy setting “Network security: Restrict NTLM: NTLM authentication in this domain” is initially set to Disabled. This allows NTLM-based authentication to proceed – opening the door for potential relay attacks.

On the attacker machine (running Kali Linux), the Responder and Impacket’s ntlmrelayx tools are launched. Once a network authentication attempt is triggered, the attacker successfully relays the NTLM authentication to another host, gaining access as CQURE\Administrator. From there, the attacker can enumerate hosts, check privileges, and simulate further connections — all using the relayed credentials.

Next, we tighten security by switching the Group Policy to “Deny All”, effectively disabling NTLM across the domain. When the same attack sequence is repeated, the relay attempt fails — the target returns “status not supported.” Authentication now requires Kerberos, which is not vulnerable to NTLM relay in the same way.

This demonstration clearly shows the real-world impact of disabling NTLM: the attack surface for NTLM relay disappears.

However, phasing out NTLM completely requires careful planning, monitoring, and identification of systems or applications that still depend on it.

For a deeper dive, check out the CQURE NTLM Phase-out Guide for Active Directory Environments – and start preparing your organization for a more secure, NTLM-free future.

And if you’re hungry for more cybersecurity knowledge, we’ve opened the registration for our 6-weeks Advanced Windows Security Course 2026, ensuring you’re prepared for the threat landscape of the next year!

Check out the Advanced Windows Security Course for 2026 offer >>

---

Transcript of the video:

Hi and welcome back to another episode of CQURE Hacks.

In this video, I’m going to demonstrate how NTLM relay attacks work and what happens when NTLM is disabled.

We start on the domain controller, checking the Group Policy.
We look at the setting:
Network Security → Restrict NTLM: NTLM authentication in this domain.

As you can see, it is currently set to Disabled.

Now on our attacker machine (Kali Linux), we will launch the tools.
First, we start Responder.
Next, in a second window, we set up the NTLM relay with the Impacket ntlmrelayx tool.

The tool initializes its servers and is ready for the attack.

Now we’re going to run \\test\123 just to trigger it.
There we go — back on Kali.

We immediately see the relay succeed.
The tool reports a connection and authenticates to the target as CQURE\Administrator.
That credential can be used for further actions.

Now that we have it, let’s try the connection.
As you can see, we have 11001, and we can pull full details about the hosts listed.
That lets us see what privileges we currently have while leveraging this attack.

In this context, we can also simulate connections to those hosts.

Now, whenever we get in here — as you can see, many poisoned responses — those are expected in verbose mode.

Next, we return to the domain controller and enforce a much stricter policy.
We change Restrict NTLM — NTLM authentication in this domain — from Disabled to Deny All.
Then NTLM version 2 will no longer be in place.

Let’s quickly apply the policy, then test whether these attacks still work so you can see the real-world effect.

On Kali, we restart our attack.
First, Responder is relaunched,
and then the ntlmrelayx tool is started again — ready to catch and relay authentication attempts under the new policy.

We are waiting for these authentications to happen so that we can grab that response.
Yep, we can do the same part — \\test\12345, whatever.

We capture the authentication attempt,
but the initial authentication to the target fails.

So, at this point, we no longer have the ability to authenticate using NTLM.

If we try to test with SMB netexec using the captured credential (for example, supplying the captured password),
the attempt fails — the target returns “status not supported.”

But if we check it with Kerberos, as you can see, we’ve got the possibility to get in.

So, at the end, it really depends on how we are doing this spray — how that activity is processed.

And in the end, you’ve got the possibility to compare what it means to have NTLM disabled or not.

Ultimately, this deprecation is about gathering information on which sources, applications, and services still rely solely on NTLM version 2.
That’s the key issue.

Basically, we can add exceptions, and those are applied directly within the policy.

And just for reference — this was a quick introduction because many people are concerned about one key question:
How do we actually phase out NTLMv2?

As you can see, the process is fairly simple —
but of course, don’t forget the monitoring component.
That’s crucial once you apply it in the field.

All right, if you’re interested in this topic and want to dive deeper,
our team has prepared a dedicated document:
NTLM Phase Out – Guiding Active Directory Environments.

You’ll find the link in the description, and I definitely encourage you to check it out.

Thank you so much for watching CQURE Hacks.
Hopefully, you enjoyed the content!

Don’t forget to subscribe to our channel and follow what we do on social media.

The post CQURE Hacks #68: NTLM Relay Attacks Explained and Why It’s Time to Phase Out NTLM appeared first on CQURE Academy.

KoDDoS is proud to announce its partnership with MSP Global and CloudFest, two key players in the digital technology and cloud services industry. This collaboration marks an important step toward strengthening ties within the global tech ecosystem, bringing together experts, service providers, and decision-makers to address the cloud’s most strategic challenges. Through this partnership, we … Continue reading KoDDoS, MSP Global and CloudFest: a Strategic Partnership for the Future of the Cloud

The post KoDDoS, MSP Global and CloudFest: a Strategic Partnership for the Future of the Cloud appeared first on KoDDoS Blog.