Zero Day Blog

All about Cyber Sec

recent posts

about

I’m a cybersecurity professional based in Austin, Texas, with a background in cybersecurity and quality engineering. I currently work as a Technical Support Engineer for a bay area startup. This blog is where I share my thoughts and reflections on the latest in cybersecurity news and challenges.
  • Tribute to the King

    Tribute to the King

    I think my dream of working in a SOC one day is what sparked this idea. Every time I hear this song, it genuinely makes me smile. So I thought : why not share the little scene that plays in my head each time? This song is pure gold!

    Picture this: Elvis Presley, the King of Rock ‘n’ Roll, trades in his blue suede shoes for a pair of blue light glasses and a SOC analyst chair.

    Instead of hip-swiveling across a stage, he’s swiveling between threat dashboards, SIEM alerts, and suspicious packet captures.

    And just like that, one of his most iconic hits “Return to Sender” takes on an entirely new life in the world of cybersecurity.

    “Return to Sender… Address Unknown…”

    To the untrained ear, it’s just a breakup ballad. But to an email security analyst? It’s the anthem of a spoofed address attack.

    You know the drill:

    • A spammer forges the “From” field in a phishing email using a legitimate sender’s domain.
    • The email bounces—because the recipient doesn’t exist.
    • That bounce-back lands right in the inbox of an innocent, spoofed user.
    • Signaling a  potential compromise.

    Elvis, had he been on the SOC floor, might’ve looked up from his console and said:

    MX are mail exchange records. They direct incoming emails to your domain’s mail servers. Each MX record points to a server address (like aspmx.l.google.com) with a priority value.Mail is delivered to the lowest priority (highest priority) server first; if it’s unavailable, it tries the next.

    “Looks like someone’s tryna rock n’ roll their way through our MX records. Better trace that header and drop the hammer.”

    Elvis would be quick to:

    • Set up SPF, DKIM, and DMARC
      These email security protocols help verify that messages really came from his domain and block spoofed emails from getting through.
      SPF – Specifies which IPs or domains are allowed to send emails on behalf of your domain.
      DKIM – Digitally signs your emails so the recipient can verify they were sent by you and weren’t altered. This is published in DNS as a TXT record.
      DMARC – Tells receiving mail servers what to do with messages that fail SPF or DKIM checks (e.g., reject, quarantine, none). This is configured in DNS TXT Record for _dmarc.yourdomain.com
    • Monitor for SMTP bounce-back floods – A sudden wave of non-delivery reports (NDRs) could signal that someone is sending spam while pretending to be him.
    • Enable Return Path tracking – If Elvis starts getting bounce-backs for emails he never sent, it’s a red flag. That means someone’s faking his identity, and it’s time to investigate.

    His updated chorus might go:

    🎶 “Return to Sender… this spoof won’t fly.
    Headers don’t match, your trust is a lie.
    We traced the IP, shut down the game.
    So we blocked the whole subnet, goodbye ransomware saga.”     

     The Real Network Attack: Spoofed Email & Bounce Spam

    This attack is sometimes called backscatter spam, a side effect of email spoofing:

    • Attackers fake sender addresses.
    • Invalid messages bounce.
    • The innocent party receives a flood of NDRs (Non-Delivery Reports).

    Left unchecked, this clutters inboxes and even triggers spam filters on your domain—damaging sender reputation.

    Long Live the King (of Email Filters)

    In this alternate universe, Elvis doesn’t just sing about bad returns—he stops them at the firewall.
    He’d end his shift with a swagger, saying:

    “You can spoof the sender, but the King always reads the headers.”

    Pic courtesy : https://pixabay.com/
    Disclaimer : This blog post is a lighthearted take on cybersecurity, using Elvis Presley and his song “Return to Sender” as creative analogies. All names, likenesses, and lyrics referenced remain the property of their respective rights holders. This content is not affiliated with or endorsed by Elvis Presley Enterprises and is intended for educational and illustrative purposes only.

  • Denmark Just Made History—and the World Should Pay Attention

    Denmark Just Made History—and the World Should Pay Attention

    Imagine waking up to find a video of yourself circulating online. You’re saying things you never said, doing things you never did. It looks real. It sounds real. But it’s not you!!

    This isn’t science fiction. It’s today’s reality. AI-generated deepfakes have become frighteningly easy to produce, and they’re already being used for scams, political manipulation, and targeted harassment. In this blurry new world, Denmark just became the first country to say: enough.

    With its groundbreaking legislation, Denmark is now one of the first nations to grant full legal ownership of your face, voice, and likeness, putting the power back in the hands of the individual. In doing so, Denmark has stepped up as a global pioneer, reminding the world that even in a digital age, identity still belongs to the person who lives it.

    Denmark’s Deepfake and Face Rights law which is scheduled to take effect March 31, 2026, doesn’t just protect celebrities or performers. It protects everyone. Whether you’re an artist whose voice is being cloned by AI-generated songs, or an ordinary citizen being impersonated in a political deepfake. This law says your digital likeness is yours, and you have the right to control it. And it has teeth: victims can demand takedowns, sue for damages, and assert legal rights for up to 50 years after their death.

    It’s no wonder Denmark continues to rank at the top of the UN World Happiness Report. A country that values trust, dignity, and democracy knows that protecting its people in the digital age is not optional rather essential.

    But this isn’t just about Denmark. This is a wake-up call for the rest of us.

    Deepfakes aren’t just about manipulated videos, they’re about manipulated truth. They threaten democracy by spreading fake political speeches. They enable fraud by imitating CEOs. They traumatize individuals, especially women, through non-consensual content that’s nearly impossible to fight under current laws. Traditional privacy laws don’t cover it. Copyright law doesn’t recognize your face as a creative work. And yet, that’s what’s being exploited.

    Denmark saw the gap and closed it.

    By treating personal identity as legally protected property, this law affirms that our humanity doesn’t stop at the screen. Our image, our voice, our essence, these are not for AI to mimic without permission. And while the law won’t stop all abuse, it creates a framework for justice, a deterrent for offenders, and a voice for victims who’ve had none.

    Where are we heading? That’s the real question. If this is where Denmark is now, where will other countries be in five years? The U.S. has made moves with the TAKE IT DOWN Act. The EU has passed its AI Act. China mandates watermarking. But none have gone quite as far as Denmark has in declaring: your face is yours.

    In a time of digital distortion, Denmark chose clarity. In an age of synthetic identities, it chose real people. It’s more than a legal move, it’s a moral one. And it’s a path worth following.

  • Cybersecurity Is Now a Product Problem EU Cyber Resilience Act

    Cybersecurity Is Now a Product Problem EU Cyber Resilience Act

    Introduction : Today, countless everyday devices connect to the internet from gas ranges and refrigerators to microwaves are all equipped with smart modules for remote control and data exchange. Yet, we often don’t know what data they collect or how secure they are. Poorly designed systems can become entry points into home networks, as seen in the 2016 Mirai botnet attack, where malware exploited IoT devices with default passwords and turned them into bots for massive DDoS attacks. This exposed the lack of IoT security standards and the need for regular firmware updates and vulnerability management.

    Similarly, the 2020 SolarWinds breach showed how attackers could compromise software supply chains by inserting malicious code into legitimate updates. Over 18,000 organizations, including U.S. government agencies and global companies, were affected with average losses reaching up to 14% of annual revenue in the U.S. The incident emphasized the importance of audits, penetration testing, SIEM, and DLP systems, revealing that traditional perimeter defenses alone are no longer enough.

    The focus has shifted from privacy and data protection to a much broader goal of cyber resilience, which is the main driving factor for the EU’s Cyber Resilience Act (CRA).

    Today’s voluntary security measures haven’t kept pace with the growing sophistication and scale of cyber threats. The CRA aims to mandate cybersecurity requirements at the product level, especially for digital products that are widely used but often under-secured. This isn’t  about preventing data breaches but it’s about ensuring that software and hardware products are secure by design, right from manufacturing to end-of-life.

    Who benefits?

    • Consumers and end-users will gain from better-protected devices and transparent security practices.
    • Organizations and enterprises will benefit from reduced risk and clearer guidelines.
    • Governments will have a framework to enforce and elevate cybersecurity practices across industries.

    The CRA sets out to change what’s considered “normal” in product development with long-term support commitments, regular vulnerability disclosures, mandatory patch timelines, and improved transparency about security capabilities.

    The Cyber Resilience Act (CRA) spans across digital products, cloud services, supply chains, and even open-source components ensuring that cybersecurity isn’t treated as an afterthought at any stage.


    Timeline :  Most CRA rules begin in late 2027(Dec 11 2027). Companies must report serious security incidents and exploited vulnerabilities starting September 11, 2026. The process to approve and list these certification bodies will start on June 11, 2026,  about 1½ years before the rest of the CRA rules apply

    Scope :

    1. Products with Digital Elements:
    According to Article 3(1): “‘product with digital elements’ means any software or hardware product and its remote data processing solutions, including updates, that are intended, directly or indirectly, to be connected to a device or network.” So any software that:

    1. Has digital functionality
    2. Connects to a network (directly or via API, agent, or cloud)
    3. Processes or transmits data
      → qualifies as a product with digital elements.

    This refers to any hardware or software that can connect to networks or other devices—essentially, anything that could be a potential attack surface. As defined in Articles 2(1) and 3(1), (4), (5), and (7), this includes in itself a wide umbrella of products and divisions:

    • Consumer electronics like laptops, smartphones, tablets
    • Smart devices and IoT products such as smart thermostats, lights, home routers, refrigerators, or washing machines with Wi-Fi modules
    • Industrial equipment and control systems used in manufacturing or critical infrastructure
    • Software components such as antivirus programs, embedded firmware, SDKs, or APIs shipped with commercial products

    2. Remote Data Processing Solutions
    Article 3(2) extends the CRA to cloud-based services that are essential to how a product functions. These include:

    • A smartwatch that syncs health data to a cloud platform
    • A home security system where video footage is stored remotely
    • Widely used SaaS platforms like Salesforce, GitHub, Asana, Zoom, HubSpot, and Slack – all of which rely on remote backend systems to deliver core functionality

    3. Economic Operators
    It’s not just about the products, it’s also about the people and organizations that bring them to market. As per Article 3(12), (13), (16), and (17), CRA responsibilities extend to:

    • Manufacturers, such as Apple, Samsung, Siemens, or Bosch
    • Importers and distributors, like Amazon EU or resellers handling third-party goods
    • Authorized representatives, who act on behalf of non-EU companies in European markets

    4. Free and Open Source Software (FOSS)
    CRA doesn’t ignore open-source. Under Article 3(14), (48), and Recital 10, the regulation applies when open-source components are bundled into commercial offerings. This ensures even freely available code is treated responsibly when used in business contexts. Examples include:

    • Products using OpenSSL, Redis, or Linux kernels as part of their architecture
    • Commercial appliances that incorporate FOSS in firmware or backend services

    Conclusion : The breadth of the CRA’s coverage means that entire industries and not just products will feel its impact. Sectors such as automotive, healthcare, energy, and manufacturing will need to rethink their development lifecycles, especially for connected devices and systems. This will involve re-engineering product design, introducing more rigorous audits, security testing, and ensuring ongoing compliance, keeping a track of vulnerabilities, SBOM and supply chain  on check throughout a product’s lifecycle. While the transition may be demanding, the end goal is a stronger, more cyber-resilient ecosystem where security is not a bolt-on, but a core feature from day one.

    For security organizations, this is a pivotal moment. CRA opens new opportunities, not just in compliance consulting, but in product security, vulnerability management, and supply chain risk assessment. Those already aligned with secure-by-design and DevSecOps practices are ahead of the curve. Others will have to catch up fast. Historically, EU regulations like GDPR have had global ripple effects. Many non-EU countries and companies adopted GDPR-like policies to stay compatible and trustworthy in international markets. CRA is expected to do the same, setting the next global benchmark for cybersecurity regulation.

    In essence, CRA is not just a European matter. It’s a signal: Cybersecurity is no longer just an IT problem. It’s a product quality issue, a legal obligation, and a business differentiator.

    Sources : 

    https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32024R2847
    https://www.fortinet.com/resources/cyberglossary/solarwinds-cyber-attack
    https://www.cloudflare.com/learning/ddos/glossary/mirai-botnet/