Items tagged with VPN

A security firm warns that an "unskilled attacker" could leverage a security flaw in SonicWall VPN (virtual private network) appliances to run arbitrary code remotely, causing a persistent denial of service (DoS) condition. Or put more plainly, the SonicWall VPN has a serious security hole that makes it easy for even armchair hackers to wreak havoc. That is concerning enough. What makes it even more serious is how many devices are affected. According to the researchers at Tripwire VERT, a Shodan search for the affected HTTP server banner indicated nearly 800,000 hosts (795,357, to be precise). So to sum it up, this is a serious security flaw, it is easily exploited by hackers with very little... Read more...
There is a hacking campaign to disrupt this year's presidential election in the United States, according to a warning issued by the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA). Hackers are chaining Windows and virtual private network (VPN) exploits to carry out their attacks. "CISA has recently observed advanced persistent threat (APT) actors exploiting multiple legacy vulnerabilities in combination with a newer privilege escalation vulnerability—CVE-2020-1472—in Windows Netlogon. The commonly used tactic, known as vulnerability chaining, exploits multiple vulnerabilities in the course of a single intrusion to compromise a network... Read more...
At an interesting time for Apple with the Fortnite issues, Apple is now implementing guideline disputes into the App Store. With apps starting to challenge App Store rules, the score is 1-0 for the developers so far. At WWDC20, Apple’s developer conference, it was announced that there would be changes to the app review process. These changes are finally being implemented and Apple now has a news blurb about it. In it, they state that you can address guideline violations when you submit an app or app update. Alongside this, you can also appeal decisions and submit suggestions for App Store rules. Also, in the blurb is this interesting quote that says, “For apps that are already on... Read more...
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning about a growing threat from criminals seeking to take advantage of people working from home and using a VPN or virtual private network. Apparently there's a growing threat from voice call phishing or "vishing" attacks targeting corporate VPNs. One known service that was discovered allows people to hire a criminal ring with the goal of stealing VPN credentials, and other sensitive data from employees who are working remotely. The security alert issued says that in mid-July 2020, cybercriminals began vishing campaigns aiming to gain access to employee tools at multiple companies, and ultimately to monetize... Read more...
The internet is a place where it's difficult to trust anything that anyone says. A recent case of more than a handful of VPN providers who claim to keep no logs of their user's activity, yet leaked activity logs, highlights that you can't trust anyone online. As it turns out, the seven VPN providers were logging user activity, and those logs have now leaked onto the internet. The first logs discovered were from a company called UFO VPN. UFO VPN had an unsecured Elasticsearch cluster that left the log files facing the public internet for anyone to discover. The logs were found by Bob Diachenko from a company called Comparitech. The records contained copious amounts of data on UFO VPN users, including... Read more...
Virtual Private Networks (VPNs) have become increasingly popular over the last year, especially as more and more people find themselves working from home. The makers of the Firefox web browser have now thrown their hat into the ring with their own VPN. The Mozilla VPN promises safety, speed, and an easy-to-use interface. The Mozilla VPN costs $4.99 USD and will eventually be available in over 30 countries. At the moment, it is currently available in the United States, Canada, the United Kingdom, Singapore, Malaysia, and New Zealand. Mozilla promises a 30-day money back guarantee if the user does not like the VPN. Users will need a Firefox account to take advantage of the VPN and it can be used... Read more...
Earlier this week, we reported on a new bug that is affecting Windows 10 users at the worst possible time. A connectivity issue was preventing a large number of users working from home due to COVID-19/coronavirus from accessing Microsoft services like Office 365, Microsoft Teams, and Outlook. At the time, Microsoft warned that the issue was affecting "devices using a manual or auto-configured proxy, especially with a virtual private network (VPN)" and that it would result in a loss of internet connectivity. Microsoft indicated that it would issue an out-of-band update in April to address the bug, but it is actually delivering it right now ahead of schedule. The company has made available KB4554364,... Read more...
NordVPN, widely regarded as one of the best virtual private network (VPN) services, confirmed one of its datacenters was hacked. The security breach occurred over a year ago, in March 2018, though is just now being disclosed to users. Apparently NordVPN used the time between then and now to audit its infrastructure and make sure its operations were secure. Security breaches are always unfortunate, and some might find them especially concerning when they happen to a VPN provider. VPNs are supposed to afford users anonymity on the web. Of course, nothing that happens online is every truly anonymous, though VPNs operate by routing Internet traffic through an alternate, encrypted route. This makes... Read more...
Is your VPN truly private? A recent study revealed that many VPN services are owned by companies that are based in China and Pakistan. User data could potentially be shared or sold to governments with notoriously poor privacy laws. VPN Pro recently investigated the VPN market and uncovered quite a bit of hidden information. At least 97 VPN services are owned or operated by only 23 companies. Their findings are concerning for a variety of legal, personal, privacy and security reasons. First, 29 or roughly 30% of the world’s top VPN services are owned by companies based in China. Another 7 VPN services are owned by Gaditek, a Pakistani company. Many national governments could potentially... Read more...
One year ago today on April Fools’ Day, Cloudflare launched its1.1.1.1 DNS service that was aimed at helping to speed up DNS requests, improve privacy, and give users an overall boost in internet performance. The 1.1.1.1 DNS service is still operational, and has become the second largest public DNS service behind #1 Google, while offering half the latency. Back in November, Cloudflare launched its 1.1.1.1 app to bring its speedy and privacy-centric DNS service to Android and iOS users, and today it is expanding the app with the addition of Virtual Private Networking (VPN) functionality. The company is calling this VPN “Warp”, and it encrypts all of your data, not just traffic... Read more...
Android users that are looking for a browser other than Chrome and are concerned with privacy may want to try Opera 51 for Android. Opera for Android adds  a free VPN service to allow users to mask their location for more privacy and to thwart web tracking tools. Opera VPN, a standalone VPN app for Android and iOS, launched in 2016, but the app was discontinued last year. Bundling the VPN into the Android browser means that Android users who have used the dedicated VPN app in the past can go with the browser and take advantage of the Opera VPN again. A VPN is also wrapped into the desktop version of Opera. The VPN feature is baked into Opera 51 for Android and was available in the beta... Read more...
Facebook just can't put itself in a good light lately. A new report has shined a bright light on a Facebook policy that was paying people to install something called the Facebook Research VPN. Facebook allegedly paid teens and and adult users to install the VPN, which allowed the company to collect all the user's phone and web activity at all times.  Facebook had a similar app called Onavo Protect that was banned by Apple last summer. The new Facebook Research VPN app is said to potentially violate Apple privacy policy, and was available for Android devices as well. Facebook admitted to TechCrunch that it was running the research program and had since 2016. The social network was paying... Read more...
Netflix is a textbook example of a company pivoting to stay relevant with a changing landscape. At one time solely a DVD-by-mail subscription service, Netflix is now much more popular in the streaming video space, and had even spun off its DVD-by-mail business into Qwikster. It operates in more than 100 countries, though the same selection of movies and TV shows is not available in each location. That is where virtual private networks (VPNs) come into play. VPNs are primarily used to enable a more secure connection and are particularly useful when sending and receiving data over a shared or public network. The short explanation is that it uses encryption to keep a user's data away from prying... Read more...
There was once a time when the thought of someone vying for anonymity online may have seemed a little silly. Some may have even accused those folks of being conspiracy theorists or perhaps a card-carrying member of the "Tinfoil Hat" brigade. However, time and the march of technology sure has a way of changing opinions, especially when it comes to security and privacy. Today, it's a well-established fact that governments, and others, snoop on citizens. It doesn't matter if you think you're the most uninteresting person on the planet; you're likely being spied on, even if just incidentally, for marketing purposes, though hackers and cyber criminals are very much also on the rise as well. If you... Read more...
Internet privacy is kind of like a VCR or CD player, in that one day our kids will ask us “you used to have that?” It’s staggering how much of our online activity is tracked, catalogued, and used for a wide array of purposes, most of them related to commerce. But if you’re a dissident, journalist, someone who lives in a country where the Internet is restricted, or just want to browse the web without being tracked, your options are becoming increasingly limited. It’s likely the situation will only get worse in the future, as companies devise more sophisticated ways of tracking our every move online. The Tor project was designed to combat this scourge. Tor is a freely accessible network of global... Read more...
Netflix spread its wings earlier this month, expanding its global footprint with an additional 130 international markets. While that news can be seen as a big win for overseas customers that have long waited for the ability to stream Netflix content, there are new restrictions being handed down to ensure that Netflix keeps its content providers happy. With that huge global expansion comes a big crackdown on people that are using unauthorized methods to gain access to Netflix content that wouldn’t otherwise be available in their current country due to licensing restrictions. That means people using a VPN or proxy to access a Netflix account (even if a U.S. user is accessing his or her account... Read more...
As most subscribers will attest, the HBO Now app is pretty awesome. It's easy to use, isn't saddled with bugs, and offers access to all of HBO's content, including Game of Thrones. However, only paying customers living in the U.S. are eligible to play. Some people in other countries have found ways around the territorial restriction by way of using a VPN (Virtual Private Network), but HBO is savvy to the situation and is attempting to crack down on the practice. Not to be confused with HBO Go, a complimentary add-on to HBO cable and satellite subscribers, HBO Now became a standalone app earlier this year. That open the floodgates for ineligible subscribers living outside the U.S.... Read more...
One of the contentious issues that's swirled around the NSA since whistleblower Edward Snowden began leaking information on the organization's capabilities is exactly what it can -- or can't -- do. Snowden has stated that as a contractor with Booz Allen Hamilton, "I, sitting at my desk, certainly had the authorities to wiretap anyone, from you, or your accountant, to a federal judge, to even the President if I had a personal email." The NSA has strongly denied these claims,  arguing that it had neither the technological capability to engage in such monitoring nor the authority to do so. The authority question may be up for discussion, but new leaks from The Guardian today have blown gaping... Read more...
Verizon's Risk Team has published a blog post on a mind-boggling security adventure (it's the only term that really fits) detailing just how poorly some IT workers -- including those working for "critical infrastructure" companies -- understand the meaning of the term. The saga began when a US-based company contacted the VRT, asking for their help in tracing a puzzling VPN connection. The company had conducted an audit of its own VPN and found a sustained, regular connection being maintained from Shenyang, China. That's bad. Worse, the company had deployed a two-factor authentication system that used physical RSA keyfobs. Someone was logging in to their system despite this precaution. The developer... Read more...