Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Data. Show all posts
VPN
Android Flaw Block Chain Cyber Bug Cyber Data Cyberattacks Cybersecurity Data Leaks DNS Mullvad Privacy VPN

Android Flaw Exposes DNS Queries Despite VPN Kill Switch

 


Several months ago, a Mullvad VPN user discovered that Android users have a serious privacy concern when using Mullvad VPN. Even with the Always-On VPN feature activated, which ensures that the VPN connection is always active, and with the "Block connections without VPN" setting active, which acts as a kill switch that ensures that only the VPN is the one that passes network traffic, it has been found that when switching between VPN servers, Android devices leak DNS queries. 

It is important to understand that enabling the "Block Connections Without VPN" option (also known as the kill switch) ensures that all network traffic and connections pass through an always-connected VPN tunnel, preventing prying eyes from tracking all Internet activity by users. During the investigation, Mullvad discovered that even with these features enabled in the latest version of Android (Android 14), a bug still leaks some DNS information. 

As a result, this bug may occur when you use apps that make direct calls to the getaddrinfo C function. The function provides protocol-independent translation from a text hostname to an IP address through the getaddrinfo function. When the VPN is active (and the DNS server is not configured) or when the VPN app re-configures the tunnel, crashes or is forced to stop, Android leaks DNS traffic. 

This leakage behaviour is not observed by apps that are solely based on Android's API, such as DNSResolver, Mullvad clarified. As a result, apps such as Flash Player and Chrome that currently have support for getting address information directly from the OS are susceptible to this issue since they can access the address information directly. This is rather concerning since it goes against what you would expect from the OS, even if security features are enabled. 

Users may want to use caution when using Android devices for sensitive tasks, and may even want to employ additional protective measures until Google addresses this bug and issues a patch that is compatible with both original Android and older versions of Android, in light of the severity of this privacy issue. 

The first DNS leak scenario, which occurs when the user changes the DNS server or switches to a different server, is easily mitigated if the VPN app is set to use a bogus DNS server at the same time. It has also failed to resolve the VPN tunnel reconnect DNS query leak, which is a significant issue for all other Android VPN apps because this issue is likely to affect all other VPN apps as well. 

Mullvad also discovered in October 2022 that, every time an Android device connected to a WiFi network, the device leaked DNS queries (such as IP addresses and DNS lookups), since the device was performing connectivity checks. Even when the "Always-on VPN" feature was enabled with the "Block connections without VPN" option enabled, Android devices still leaked DNS queries.

The leak of DNS traffic can potentially expose users' approximate locations and the online platforms they use as well as their precise locations, posing a serious threat to user privacy. Since this is a serious issue, it may be best to stop using Android devices for sensitive activities or to adapt additional safeguards to mitigate the risk of such leaks until Google fixes the bug and backports the patch to older versions of Android to mitigate the risk.
Read more »
threats
Cyber Data Cyber Security cyber threat Data Data Safety Safety threats

Securing Wearable Devices: Potential Risks and Precautions

 

In the rapidly evolving landscape of digital security, individuals are increasingly vulnerable to cyber threats, not only on conventional computers and smartphones but also on wearable devices. The surge in smartwatches and advanced fitness trackers presents a new frontier for potential security breaches.

Just like traditional devices, wearables store and transmit valuable data, making them attractive targets for hackers. If successfully compromised, these devices could become conduits for unauthorized prescription orders or even allow the tracking of an individual's location through the embedded GPS feature. The threat extends beyond personal wearables, with concerns arising about vulnerabilities in medical offices and equipment. The FDA has issued warnings about potential loopholes that hackers could exploit to target critical medical devices such as pacemakers and insulin pumps.

The risk isn't confined to personal privacy; there's a growing concern about the impact a hacked wearable could have on corporate networks. With the proliferation of connected devices, a compromised smartwatch might provide an easier entry point for hackers seeking to infiltrate company systems, especially if the wearable syncs with multiple networks.

One notable vulnerability lies in the Bluetooth connection that wearables commonly share with smartphones. While any internet-connected device carries inherent risks, wearables often use smartphones as intermediaries rather than operating as standalone devices. Presently, security compromises have mainly originated from devices connected to wearables or compromised external databases, making wearables a theoretical but legitimate concern.

To mitigate these risks, users are advised to exercise caution when installing apps on their wearables. Verifying the legitimacy of sources, checking user reviews, and researching app safety are essential steps to ensure the security of wearable devices. This advice extends to smartphones, where users should scrutinize app permissions, restricting access to unnecessary information and promptly deleting suspicious apps.

In this era of pervasive connectivity, safeguarding personal and corporate data requires a proactive approach, extending beyond conventional devices to include the emerging frontier of wearable technology.
Read more »
US-China
Chinese Hackers Cyber Data Cyber Safety Data Safety malware Ransonware Secure Security US-China

Report: Possible Chinese Malware in US Systems a 'Ticking Time Bomb'

 

According to a report by The New York Times on Saturday, the Biden administration has raised concerns about China's alleged implantation of malware into crucial US power and communications networks. The officials fear this could act as a "ticking time bomb" capable of disrupting US military operations in the event of a conflict.

The malware, as reported by the Times, could potentially grant China's People's Liberation Army the capability to disrupt not only US military bases' water, power, and communications but also those of homes and businesses across the country. 

The main concern is that if China were to take action against Taiwan, they might utilize this malware to hamper US military operations.

This discovery of the malware has led to a series of high-level meetings in the White House Situation Room, involving top military, intelligence, and national security officials, to track down and eliminate the malicious code.

Two months prior to this report, Microsoft had already warned about state-sponsored Chinese hackers infiltrating critical US infrastructure networks, with Guam being singled out as one target. 

The stealthy attack, ongoing since mid-2021, is suspected to be aimed at hindering the United States in case of a regional conflict. Australia, Canada, New Zealand, and Britain have also expressed concerns that Chinese hacking could be affecting infrastructure globally.

The White House, in response, issued a statement that did not specifically mention China or military bases. The statement emphasized the administration's commitment to defend the US critical infrastructure and implement rigorous cybersecurity practices.

These revelations come at a tense moment in US-China relations, with China asserting its claim over Taiwan and the US considering restrictions on sophisticated semiconductor sales to Beijing.
Read more »
Machine learning
cyber attack Cyber Attacks Cyber Data Data Data Safety DDOS Attack Downtime eCitizen Service Kenya Machine learning

Kenya's eCitizen Service Faces Downtime: Analyzing the Cyber-Attack

 

Russian hacking groups have predominantly targeted Western or West-aligned countries and governments, seemingly avoiding any attacks within Russia itself. 

During the Wagner mutiny in June, a group expressed its support for the Kremlin, stating that they didn't focus on Russian affairs but wanted to repay Russia for the support they received during a similar incident in their country.

The attack on Kenya involved a Distributed Denial of Service (DDOS), a well-known method used by hackers to flood online services with traffic, aiming to overload the system and cause it to go offline. This method was also used by Anonymous Sudan during their attack on Microsoft services in June.

According to Joe Tidy, who conducted an interview, it is difficult to ascertain the true identity of the group responsible for the attack. 

Kenya's Information Minister revealed that the attackers attempted to jam the system by generating more than ordinary requests, gradually slowing down the system. Fortunately, no data exfiltration occurred, which would have been highly embarrassing.

Kenya had a reasonably strong cybersecurity infrastructure, ranking 51st out of 182 countries on the UN ITU's Cybersecurity Commitment Index. 

However, the extensive impact of the attack demonstrated the risks of relying heavily on digital technology for critical economic functions without adequately prioritizing cybersecurity. Cybersecurity and digital development should go hand-in-hand, a lesson applicable to many African countries.
Read more »
Reports
Crime Cyber Data Cyber Reports Cyber Security Data data security Reports

Out of 50,000 Cybercrimes Reported in 6 Years, Only 23% Successfully Solved

 

Over the span of nearly six and a half years, a significant number of cybercrime cases, totaling 50,027, were reported in the city up until May 31 of this year. 

However, the resolution rate for these cases is rather low, with only 11,895 (approximately 23%) of them being solved, and merely 29 individuals convicted. The home minister, G Parameshwara, revealed these statistics in response to a query during a legislative assembly session.

The data further revealed that the highest number of cybercrime cases, 10,553, were recorded in 2019, while the lowest, 2,042, was reported in 2017 The trend continued with 9,940 cases in 2022 and a total of 6,226 cases in the first five months of 2025, indicating a potential increase in cybercrime incidents this year.

Among the various types of cybercrimes, a substantial portion, 41% (20,662 cases), were related to debit/credit card fraud and illegal money transfers online. Other prevalent scams included advance fees frauds (9,198 cases - 18%) and card skimming (5,012 cases - 10%). In the case of advance fees or gift scams, online fraudsters would convince victims that they have received gifts, but they need to pay various fees to release them from customs authorities.

Addressing this concerning trend, Bengaluru police commissioner, Dayananda, emphasized the importance of raising public awareness as a key measure to combat cybercrime effectively. He acknowledged that cybercriminals continuously develop new techniques, making it crucial to alert the public about emerging threats. 

The police have been actively disseminating cautionary messages through social media platforms to alert the public about cybercrimes. Additionally, they have been conducting awareness programs in educational institutions such as schools and colleges to educate students about different forms of cybercrimes and ways to protect themselves.

To enhance their capabilities in handling cybercrime cases, the police have been conducting regular workshops for police personnel to keep them updated with the latest developments and investigative techniques in the field of cybercrime.
Read more »
User Safety
Cyber Data Cyber Security Data Safety Google Cloud Strategy Strategy User Data User Design User Safety

Google Cloud's Security Strategy: Emphasizing 'Secure by Design' and 'Secure by Default'

 

As artificial intelligence takes center stage, organizations are grappling with new considerations regarding the appropriate security measures and their evolution. For Google LLC and Google Cloud, ensuring security across the organization involves a combination of central teams providing consistent infrastructure and tooling. 

This approach aligns with the company's philosophy of being "secure by design" and "secure by default" for both infrastructure and products. According to Phil Venables, the Vice President and Chief Information Security Officer of Google Cloud, the company has specialized security engineering teams embedded within different product areas, such as the Google Kubernetes Engine (GKE).

During an interview at the Supercloud 3 event, Venables discussed the importance of making security intrinsic to products and reducing software supply chain risks. The main challenge highlighted by Chief Information Security Officers today is the lack of cybersecurity talent.

Venables emphasized that Google aims to alleviate this challenge by adopting a secure by design and secure by default approach, aiming to assist customers in securing their environments without adding to their burdens.

The company also embraces the shared fate model, extending its responsibility to provide better defaults, guidance, and guardrails to customers, regardless of whether they use Google Cloud or other platforms like Azure or AWS. 

Google focuses on equipping customers with the necessary tools and services to secure their environments across various platforms, including Chronicle, VirusTotal, and other products. 

Additionally, Google actively contributes to open-source and standards communities, emphasizing security improvements to benefit not only the cloud but the entire IT infrastructure. This commitment to security not only builds trust in technology and cloud services but also helps manage risks effectively.
Read more »
User Safety
Cyber Cyber Approach Cyber Attacks Cyber Data Ransomware User Data User Safety

Beyond Security: The Comprehensive Approach to Tackling Cyberattacks

 

In today's digital landscape, organizations are increasingly facing the harrowing consequences of cyberattacks, particularly ransomware incidents. In these malicious schemes, hackers encrypt vital data, rendering it inaccessible, and then demand exorbitant payments for its restoration. 

Unfortunately, such attacks are becoming alarmingly common, with ransomware reigning as the most prevalent form of cyberattack worldwide. On average, victims are forced to bear the staggering cost of $4 million per breach. Shockingly, some experts predict that by 2031, cumulative damages from ransomware could exceed a staggering $250 billion.

As a response, organizations have been diligently allocating more security resources to prevent such attacks. However, the aftermath of a breach is often overlooked, leaving companies ill-prepared to recover their data. Consequently, the recovery process can drag on for months, causing severe disruptions to business operations.

To minimize the impact of ransomware attacks, a change in mindset is essential. Rather than merely bolstering defensive measures and hoping for the best, organizations must acknowledge the inevitability of such attacks and adopt a proactive approach. A robust data resilience plan becomes imperative, wherein files are safeguarded to withstand the attempts of cybercriminals. 

Modern technological advancements, including artificial intelligence (AI), have made it feasible to establish and manage such a defense effectively. By incorporating AI-driven solutions, organizations can significantly enhance their data protection capabilities and mitigate the devastating consequences of ransomware attacks.
Read more »
User Safety
Cyber Data Cyber Safety Cyber Security Data Safety Security User Data User Safety

Cybercriminals Masquerade as Cybersecurity Company to Hijack Entire PCs

 

In the latest cyber threat, hackers have devised a new approach to deceive unsuspecting victims, even using reputable names as a cover. A ransom-as-a-service (RaaS) attack called "SophosEncrypt" has emerged, masquerading as the cybersecurity vendor Sophos.

The operation of SophosEncrypt was brought to light by MalwareHunterTeam on Twitter and has since been acknowledged by Sophos. Initially, there were suspicions that this might be a red team exercise conducted by Sophos itself—a simulated attack to test their security measures. 

However, it has been confirmed that SophosEncrypt is entirely unrelated to the cybersecurity firm and has only adopted its name to instill a sense of urgency and seriousness for victims to comply with the attackers' demands.

The ransomware is distributed through yet unknown means, but common methods include phishing emails, malicious websites, popup ads, and exploiting software vulnerabilities. BleepingComputer reports that the ransomware campaign is active and explains how the encryption process functions.

When executed, SophosEncrypt demands a token associated with the targeted victim, which is verified online before initiating the attack. Nevertheless, researchers have discovered that disabling network connections can bypass this step. 

Once operational, the attacker gains the ability to encrypt specific files or the entire device, appending the ".sophos" extension to the encrypted files. Subsequently, victims are prompted to contact the attackers for file decryption, with payment usually demanded through untraceable cryptocurrency. Simultaneously, the Windows desktop wallpaper is changed to notify the user of the encryption using the Sophos name.

Sophos has managed to gather some information about the attackers, revealing their association with Cobalt Strike command-and-control and crypto-mining software.

To safeguard against the rising tide of ransomware attacks, it is essential to exercise caution. Refrain from accepting files from unfamiliar sources, even from individuals you know, as they could be unwitting carriers of malicious content due to being hacked themselves. 

Additionally, be aware that legitimate cybersecurity companies would never encrypt files and demand payment for recovery. Hence, if something seems suspicious, it is best to err on the side of caution and take steps to protect yourself from potential threats.
Read more »
Subscribe to: Posts (Atom)