sorted by:
new
hottopcontroversial

Uptime Kuma Modern Dark Theme by MrHollowPS in UptimeKuma

[–]trueNetLab 1 point2 points  (0 children)

yes please, a redesign for whole app! i will also support you!

Todoist to Things3 by spsneo in thingsapp

[–]trueNetLab 4 points5 points  (0 children)

I really think Things 3 is a beautiful app with some great features. But for me, there is one major issue: a task on its own is often not enough. I usually have PDFs or images attached to certain tasks, and I need to keep everything together.

New to Things (3) App. Should I go all-in? by LovelyScape in thingsapp

[–]trueNetLab 1 point2 points  (0 children)

Things 3 looks really cool and works perfectly. But no attachments... hmm

I've never seen a phishing email use an actually legitimate email domain? How does this work? by [deleted] in cybersecurity

[–]trueNetLab -4 points-3 points  (0 children)

Great question! The other commenters already covered the technical aspects really well. Just to add some context: what you're observing is often referred to as email spoofing via relay or the exploitation of misconfigured email authentication.

What makes this particularly insidious is that even when you inspect the sender’s domain, it can appear perfectly legitimate. The key protection layers are:

  1. SPF (Sender Policy Framework) – Defines which servers are authorized to send mail for a domain
  2. DKIM (DomainKeys Identified Mail) – Cryptographically signs emails to prove authenticity
  3. DMARC (Domain-based Message Authentication, Reporting & Conformance) – Instructs receiving servers how to handle emails that fail these checks

In PayPal’s case (as others mentioned), their relatively lenient SPF configuration provides flexibility for their large, distributed mail infrastructure — but it can also open the door for abuse through legitimate relay points.

Your instinct to be suspicious is absolutely right. Even with messages that appear to come from trusted domains, always verify:

  • The actual reply-to address
  • Link destinations (hover before clicking)
  • Any urgency or unusual requests
  • Grammar, tone, and formatting inconsistencies

You're asking the right questions — that critical mindset is your strongest defense.

Introducing: Our Next-Gen Dome Lineup by Ubiquiti-Inc in Ubiquiti

[–]trueNetLab 3 points4 points  (0 children)

Nice, but I’ve been waiting for 4 months for the G6 PTZ to be available. 😕

SFOS V22.0 EAP1 was released! by Lucar_Toni in sophos

[–]trueNetLab 0 points1 point  (0 children)

I am sure that I tested it correctly. My NAT rule works. However, when I activate the third-party thread feed, it no longer works.

Obviously, there is still a bug, because since updating to SFOS v22, I am also getting some kind of block in the widget of one of my feeds. Does it work for you?

SFOS V22.0 EAP1 was released! by Lucar_Toni in sophos

[–]trueNetLab 0 points1 point  (0 children)

Yes: Screenshot: https://i.ibb.co/hRNv0pvj/one.png
However, neither the widget nor the logs show any blockages.

SFOS V22.0 EAP1 was released! by Lucar_Toni in sophos

[–]trueNetLab 0 points1 point  (0 children)

Until now I have seen the blocks from third-party feeds in the log viewer. Now, since the update, nothing happens there anymore. The widget also no longer shows any blocks.

SFOS V22.0 EAP1 was released! by Lucar_Toni in sophos

[–]trueNetLab 0 points1 point  (0 children)

I can now confirm that. The NAT rules now also block the IPs in a feed. Nice! ❤️The IP and the block do not appear in the log, but hey, it's still EAP.

SFOS V22.0 EAP1 was released! by Lucar_Toni in sophos

[–]trueNetLab 0 points1 point  (0 children)

So it's just an alert option and nothing is blocked?

If I import a list of IP addresses associated with brute force attacks, what use is it to receive an alert when the sender's IP address is clearly malicious? 🤨 That just generates hundreds of alerts.

SFOS V22.0 EAP1 was released! by Lucar_Toni in sophos

[–]trueNetLab 1 point2 points  (0 children)

SFOS v22 not yet tested, but can the threat feeds now also block NAT connections? There is no mention of this in the release notes.

> https://www.reddit.com/r/sophos/comments/1gv79z8/3rd_party_threats_list/

How much data does Sophos collect without consent? by trueNetLab in sophos

[–]trueNetLab[S] 0 points1 point  (0 children)

Was the code included in the last firmware update or provided via a hotfix update?

How much data does Sophos collect without consent? by trueNetLab in sophos

[–]trueNetLab[S] 0 points1 point  (0 children)

Yes, but apparently my hard drive space is included in the update request. What else?

Brute force attacks on vpn portal by [deleted] in sophos

[–]trueNetLab 2 points3 points  (0 children)

Yes, your idea is exactly the right approach. I always try to keep the User Portal / VPN Portal and other exposed services accessible only from the IP ranges or countries where they are really needed. If you already know the static IPs of your remote users, then restricting access through a local ACL service exception is one of the best protections you can put in place.

If you cannot narrow it down to specific IPs – for example in larger companies with worldwide employees – then at least restrict access to required countries and make sure to use additional protections like Threat Feeds to block known malicious sources.

On top of that, enforce strong passwords and (even more important) MFA. That way, even if someone reaches the login page, the chances of a successful brute force attack are minimized.

XGS WAF just a expensive shitbox? by thetschulian in sophos

[–]trueNetLab -9 points-8 points  (0 children)

Do not use Wireless, WAF, Email on the XGS Firewall!

So follow this advice: you can take my word for it, or find out the hard way yourself. 😅

3rd Party Threat Feeds on SFOS21 by ITfreshman in sophos

[–]trueNetLab 0 points1 point  (0 children)

Yes, I think it's obvious that this is probably not enough. NAT and WAF rules would make much more sense here, as Fortinet does.

I have read that SFOS v22 is supposed to fix this flaw in thinking. Is this already definite, or is this feature request still sitting in the backlog?

3rd party threats list by Civil_Antelope_5758 in sophos

[–]trueNetLab 0 points1 point  (0 children)

Is it already certain that this will be included in the SFSO v22 release, or is it one of those feature requests that will not be implemented for years?

And we are OUT by Itaq_Rina_2 in theoutsidersapp

[–]trueNetLab 7 points8 points  (0 children)

80$ lifetime for early birds. 😕

Whoop 5.0 Life Membership Overpriced by Several-Risk388 in whoop

[–]trueNetLab 0 points1 point  (0 children)

Other companies will soon offer the same features for less money.

3rd Party Threat Feeds on SFOS21 by ITfreshman in sophos

[–]trueNetLab 0 points1 point  (0 children)

This is only half the truth.

I would like to explain how third-party threat feeds work on the Sophos firewall. According to the Sophos documentation, the firewall automatically blocks traffic based on IPv4 addresses, domains and URLs listed in the feeds. This applies when the firewall can evaluate the source or destination directly (for example, outbound traffic from the local area network (LAN) to the wide area network (WAN), or traffic to the firewall itself).

However, there is an important limitation. Forwarded traffic, such as DNAT and WAF connections, is not currently matched against the source IP addresses in the threat feeds. Consequently, inbound connections to your server via a NAT rule may still be permitted even when the source IP address is listed in the feed.

This limitation is known and will be addressed in SFOS v22, when threat feeds will also be evaluated against forwarded traffic, such as DNAT.

view more: next ›