Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label IP Address. Show all posts
Windows PC
Cyber Vulnerabilities CyberCrime Cybersecurity IP Address Kaspersky malware STeelFox Windows Windows PC

Windows PCs at Risk as SteelFox Malware Targets Driver Vulnerabilities

 


Several experts have warned that hackers are using malware to attack Windows systems with the intention of mining cryptocurrency and stealing sensitive information from their devices. The latest Kaspersky Security Report claims to have spotted tens of thousands of infected endpoints. Cybercriminals have obtained fake cracks and activators for several commercial software products, such as Foxit PDF Editor, JetBrains, or AutoCAD, which they are selling to users. 

There is a vulnerability in a driver called WinRing0.sys that is associated with some fake cracks. The victim of this attack has reintroduced the CVE-2020-14979 and the CVE-2021-41285 vulnerabilities back onto the system by adding this driver at the same time, two three-year-old vulnerabilities that extended the privileges of the attacker to the maximum possible. 

SteelFox is a malware package that has been designed to mine cryptocurrency and steal credit card details via SYSTEM privileges by taking advantage of the "bring your own vulnerable driver" attack method. In forums and torrent trackers, malware bundle droppers appear as crack tools. These tools act as crack tools that activate legitimate versions of various software, such as Foxit PDF Editor, JetBrains, and AutoCAD. 

To evade detection and evade detection, state-sponsored threat actors and ransomware groups are known to exploit vulnerable drivers to escalate privileges. As of late, however, this method seems to be extended to attack against information-stealing malware as well. According to Kaspersky researchers, the SteelFox campaign was discovered in August of this year, but they add that the malware has been active since February 2023 and has been distributed through various channels (such as torrents, blogs and forum posts) in the past few weeks. 

The Rhadamanthys data theft malware has been available for download for some time, but since July 2024 the virus' version has been updated with copyright-related themes in an ongoing phishing campaign. There is a large-scale cybercrime campaign being tracked by the checkpoint group under the name CopyRightAdamantys. In addition to targeting the U.S., Europe, East Asia, and South America, the organization targets other regions as well. 

The campaign tries to impersonate dozens of companies, while each email is sent from a different Gmail account, providing a tailored impersonation of the target company as well as a tailored language based on the targeted entity, according to a technical analysis provided by the company. In the case of impersonated companies, there is almost 70% of them from the entertainment/media/technology/software sector." 

There is an element that stands out about the attacks: the deployment of the Rhadamanthys stealer version 0.7, which, as described by Insikt Group, Recorded Future's security division, early last month, is utilized to carry out optical character recognition. Cisco Talos, an Israeli company that specializes in cyber security, disclosed last week that it had been targeting users of Facebook business and advertising accounts in Taiwan by delivering malware known as Lumma or Rhadamanthys, which is designed to steal information.

There are three components inside the RAR archive. A legitimate executable vulnerable to DLL side-loading, a malicious DLL containing the stealer payload, and a decoy document containing the stealer payload. After the binary has been executed, it will sideload the DLL file that will create the environment that will allow Rhadamanthys to be deployed. It is likely that the threat actors were using artificial intelligence tools to spread the malware, based on both the scale of the campaign and the variety of lures that were included in the campaign and the emails sent by the sender, which Check Point attributed to a possible cybercrime group. 

It seems likely that this campaign was orchestrated by a financially motivated cybercrime group and not a nation-state actor, particularly given the large number of organizations across multiple regions targeted in this campaign," he continued. In addition to its global reach, the use of automated phishing tactics, and the use of a variety of lures, this campaign demonstrates how attackers continue to enhance their success rates." 

As part of these findings, Kaspersky also revealed a full-featured crimeware bundle dubbed SteelFox, which has been spreading via forums posts, torrent trackers, and blogs, passing itself off as legitimate utilities like Foxit PDF Editor, JetBrains, and AutoCAD in order to steal personal information. In the last two years, the campaign of terrorism has claimed victims in nearly 50 countries. The majority of the victims were in Brazil, China, Russia, Mexico, the United Arab Emirates, Egypt, Algeria, Vietnam, India, and Sri Lanka, with many more in Brazil, China, Russia, and Mexico. 

At this point in time, there is no known threat actor or group associated with this attack. A security researcher, Kirill Korchemny, said: "Delivered via sophisticated execution chains, notably shellcode, this type of malware abuses both Windows services and drivers in an attempt to accomplish its objectives." As a result of it, he said that he used stealer malware to obtain details about the victim's device as well as his credit card information. 

A dropper program is the starting point of this setup, in the sense that it mimics cracked versions of popular software, so when it is run, the dropper application will request administrator permissions and drop a next-stage loader which, in turn, will establish persistence and launch the SteelFox module. It is Kaspersky's opinion that although SteelFox's C2 domain is hardcoded, it has managed to conceal its presence through the use of multiple IP addresses and using DNS over HTTPS to resolve its IP addresses in order to hide its presence. Although SteelFox attacks don't have specific targets, they seem to focus on users of AutoCAD, JetBrains, and Foxit's Adobe PDF Editor app. 

In accordance with Kaspersky's visibility information, Kaspersky indicates that the malware is compromising systems in Brazil, China, Russia, Mexico, the UAE, Egypt, Algeria, Vietnam, India, and Sri Lanka among others. Researchers have identified a new and potent cyber threat: the SteelFox malware, a sophisticated crimeware bundle targeting Windows PCs through vulnerable drivers. This malware, still relatively new to the landscape, demonstrates advanced functionality and appears to be the product of a skilled C++ developer who has integrated multiple external libraries to enhance its capabilities. 

In a related development, analysts from FortiGuard Labs have reported the discovery of another malicious software framework named Winos4.0. This advanced framework, embedded in game-related applications, is engineered specifically to target Windows users. Originating as an evolved version of the Gh0strat malware, Winos4.0 enables attackers to remotely execute various actions, providing them with substantial control over compromised systems. The infection process for Winos4.0 is particularly deceptive. 

It spreads through game-related applications, such as installation utilities and performance enhancement tools, designed to appeal to gamers and other Windows users. Once an individual downloads and installs one of these compromised applications, a seemingly harmless BMP file is retrieved from a remote server. This file subsequently extracts and activates the Winos4.0 DLL file, initiating the malware’s operations. 

In its initial phase, Winos4.0 sets up an environment for deploying further modules and establishes persistence on the infected machine by modifying system registry keys or creating scheduled tasks. Through this multi-stage infection process, Winos4.0 builds a durable foothold on affected devices, opening avenues for continuous exploitation and control.
Read more »
phishing
DDOS Attack Hackers IP Address Personal Data phishing

Shocking Ways Hackers Can Exploit Your IP Address – You’re Not as Safe as You Think




Your IP address may look like a long number row, but to a hacker, it can be an instrument of evil activity. While your exposure to an IP doesn't pose an immediate danger per se, it is thus important to understand what a hacker can do with it. Let's break down how cybercriminals can exploit an IP and how you can keep it safe.

Determining Your Broad Area of Location

The very first thing a hacker will easily know once he has obtained your IP address is your general area of location. He can find out your city or region using even simple online tools such as IP tracking websites. Of course, he won't pinpoint the street number but can already pinpoint your general area or location which may trigger other related hacking attempts such as phishing attacks. Hackers would use your address and ISP to dupe you through social engineering.

IP Spoofing: Identity Mimicry Online

The hacker can manipulate the IP addresses and make it seem like the actions they are performing are coming from your device. In this method, which is known as IP spoofing, hackers perpetrate various illegal activities while concealing identities. Many people employ IP spoofing in DDoS attacks whereby hackers inject tremendous amounts of traffic into a network to actually shut it down. Using your IP address during this attack may keep them undetected while they wreck the damage.

Selling Your IP Address

One seems minute, but hackers sell bundles of thousands of IP addresses in bulk across the dark web, and those addresses can be used in large-scale social engineering projects that lead to data theft. Used with other personal data, your IP address can be a wonderful commodity in some hacker's arsenal, allowing them to crack into almost any online account.

Scanning for Further Information

Using this method, and with the use of such tools as Nmap, hackers can not only obtain your IP but also uncover which OS your machine is running, applications that are installed, and open ports. If vulnerabilities exist in your system, they can launch specific attacks on those particular weaknesses, which will then allow them to get into your network, and even control your devices.

A DDoS attack

Although it is seldom that DDoS attacks any user, hackers can use your IP to attack you using DDoS, which will turn your device into a traffic flooder and take it offline. Such attacks are usually employed in larger organisations, although those engaging in activities such as online gaming and other competitive activities are also at risk. For instance, some players have used DDoS attacks to cut off their opponents' internet.

How to Hide Your IP Address

The likelihood that someone actually targeted you may be low, but this is equally as important to adhere to these safety precaution guidelines. With a virtual private network or a proxy server, your public IP address remains hidden, which makes it extremely hard for hackers to find and take advantage of it. It can also protect your devices by updating them as regularly as possible and using firewalls.

It is important to note that knowing an IP address doesn't give hackers total control over your system. However, it can be part of a scheme that encourages them to come closer to extracting more personal information or conducting attacks. However, usually there's little chance that someone would go out of his way to harm you using just your IP address; still, you can never be too safe. Securing the network and masking the IP simply reduces these risks from IP-based attacks.

Care needs to be taken, and preventative measures need to be in place so that nobody would use those malpractices against you.


Read more »
Spam
Doxing Email address IP Address Privacy Sensitive data Spam

Doxing: Is Your Personal Information at Risk?


 

Doxing is the online slang for "dropping documents," which means revealing private information about a person or his identity to the public without his permission. It may be as simple as a person's name, e-mail, or phone number, but it can also include confidential data like financial information, home addresses, and even personal photos. Typically, hackers or cybercrooks do this with the aim of causing harm to that person, either through identity theft, fraud, or embarrassment.

The methods are varied, from hackers involving social media platforms or public databases in obtaining personal information to others using phishing techniques to get sensitive information from unsuspecting individuals. Once out of a computer within, it is no longer within one's control, and the impacts may be dire, touching on every point in an individual's life.


Impact of Doxing on Victims

With private information made public, victims of such situations can easily become victimised with harassment, identity theft, and other kinds of exploitative activities. In many cases, it just feels like a privacy violation; this can evoke feelings of vulnerability and betrayal. Even if the individual responsible is unknown to the victim, they may feel as if they are always in danger.

The extent of damage would also depend on the type of information that is leaked. For instance, if one accesses financial information, then the victims would lose their money when financially victimised to fraud and theft. It is in sensitive photos or private details where reputations get adversely tainted, relationships get harmed in society, or even employment loss. Sensitive data like online search histories can, in extreme cases, lead to even worse consequences: public humiliation.


Why You Shouldn't Leak Your Email Address

You might think that nothing substantial can be generated from your email address, but believe me, it has a fair amount of valuable information attached to it. I mean, sure, you share it with your friends, family, or maybe some business that's running loyalty programs or will mail you receipts. But would you like everyone in the world to have access to it? I didn't think so. Once you send out your email, cyber thieves have an open opportunity to flood your inbox with spam, phishing attempts, or risky malware disguised as legitimate messages. In case you click on any of these links and accidentally let a cyber thief steal your device, it may be compromised.

Beyond spam, hackers can use your email to forge accounts in your name, damaging your reputation online. How dangerous the simple act of gaining access and maliciously using your email address is becomes clear when considering that even the smallest piece of personal information can be dangerous.


Examples of Real Doxing Impact in Life

The outcomes of doxing, at least in some well-publicised instances, can be catastrophic. For Claira Janover, a satirical video that she shot actually found its way onto the internet and led to death threats, including even publicising her home address. She was forced to change her address. Even Deloitte-the firm that had already hired her-now rescinded their job offer, given some online activity that was associated with her professional profile.

The same instance comes in the form of the 2013 Boston Marathon bombing investigation. Here, internet communities like Reddit and 4Chan branded innocent people with incorrect accusations. The anguish of misidentified families had to be bearable while their loved ones' names streamed online as wrongly linked to the attack. These prove that doxing does not only hack privacy but could also have life-altering results.


How to protect yourself from Doxing

Being doxed is inevitable for everyone, but there are many things you can do to avoid falling victim. The number one and perhaps most relevant is practising good cyber safety: lock up the doors, so to speak. Keep your social media accounts private and be very selective of who follows or is connected to you online. Regularly check on your privacy settings and ensure that no one can access sensitive information about you in public media.

This can be enhanced by masking your IP address with a VPN (Virtual Private Network) while making a separate email account for communication, shopping, and all the professional work you do online. Clicking on any suspicious link at any time can harm you: never do it, not even if it looks legit.

Doxing is a serious form of cybercrime, which has deep and far-reaching effects on a victim's personal and professional life. The important thing for an individual to know is that being aware of the danger and taking proactive steps to protect your information is enough to lower the bar for such an attack. Digital privacy protection is the need of today.


Read more »
third party
Cyber Security Cyber Threats Risk Digital Infrastructure DNS DOH Domain Name System domains IP Address third party

Understanding the Domain Name System (DNS): How It Works and Why It Matters


The Domain Name System (DNS) serves as a critical element of the internet’s infrastructure, acting like a phone book that translates human-friendly domain names into the numerical IP addresses that computers use to communicate. Without DNS, accessing websites would be far more complicated, requiring users to remember lengthy strings of numbers instead of simple names like “google.com.” When you enter a website URL into your browser, the DNS process begins. This request, known as a “DNS query,” first goes to a DNS resolver—typically provided by your Internet Service Provider (ISP) or a third-party DNS service like Google Public DNS or Cloudflare. 

The resolver acts as an intermediary, starting the process to find the corresponding IP address of the domain name you’ve entered. The DNS resolver contacts one of the 13 root servers that make up the top level of the DNS hierarchy. These servers don’t hold the IP address themselves but provide information about which “Top-Level Domain” (TLD) server to query next. The TLD server is specific to the domain extension you’ve entered (e.g., “.com,” “.net,” “.org”) and points the resolver to the authoritative name server responsible for the particular website. The authoritative name server then provides the IP address back to the resolver, which, in turn, sends it to your browser. 

The browser then connects to the web server using this IP address, loading the website you want to visit. This process, though complex, happens in milliseconds. Security is a vital aspect of DNS because it is a frequent target for cyberattacks. One common threat is DNS spoofing, where attackers redirect traffic to fraudulent websites to steal data or spread malware. DNS hijacking is another risk, where hackers manipulate DNS records to divert users to malicious sites. These threats emphasize the importance of DNS security protocols like DNS over HTTPS (DoH) and DNS over TLS (DoT), which encrypt DNS requests to prevent interception by malicious entities, thus protecting users’ data and privacy. 

Switching to a third-party DNS service can enhance your internet experience in terms of speed, reliability, and security. Services like Google Public DNS, OpenDNS, or Cloudflare’s 1.1.1.1 offer faster query response times, better privacy protection, and can help circumvent geographical restrictions imposed by ISPs. These alternatives often provide built-in security features, such as blocking malicious sites, to offer an extra layer of protection. 

DNS is the backbone of internet browsing, seamlessly converting domain names into IP addresses. By understanding its role and the importance of security measures, users can better appreciate how DNS keeps the internet functional and secure. Whether ensuring that websites load correctly or protecting against cyber threats, DNS plays an indispensable role in our everyday online activities.
Read more »
SOHO
Chinese Botnet Cyber Attacks CyberCrime Cybersecurity CyberThreat IP Address IP Camera Raptor Train SOHO

Massive Chinese Botnet Infects SOHO Routers and IP Cameras

 


Raptor Train, the name of the botnet that has been used by hackers for decades, has infected hundreds of thousands of small offices/home offices (SOHOs) and IoT devices in the United States and Taiwan, including government agencies, higher education institutions, and telecommunications, as well as the defence industrial base (DIB). 

The botnet contains hundreds of thousands of small office/home office devices. It was announced today by the Justice Department that a court-authorized law enforcement operation was conducted to disrupt a botnet of more than 200,000 consumer devices across the U.S. and beyond. Several court documents unveiled in the Western District of Pennsylvania reveal that the botnet devices were infected by state-sponsored hackers from the People's Republic of China (PRC) who worked for Integrity Technology Group, a Beijing-based company called "Flax Typhoon" and dubbed "Flax Typhoon" by the private sector. 

As Raptor Train has grown over the past four years, it has become a highly complex, multi-tiered network able to handle tens of servers, as well as a huge number of infected SOHO and consumer devices, including routers, modems, NVRs, and DVRs, IP cameras, and NAS servers with enterprise-level control systems. 

According to Black Lotus Labs, a research division of Lumen Technologies that specializes in hacking activities, the botnet was constructed by the Chinese cyberespionage team Flax Typhoon, a team with a reputation for hacking Taiwanese organizations heavily. With very little malware, Flax Typhoon maintains stealthy persistence by abusing legitimate software tools and avoiding the use of attack tools such as W32.Flax. 

Black Lotus Labs has gathered information about the APT that has been building the new IoT botnet which, at the height of its activity in June of 2023, contained more than 60,000 active compromised devices, found to contain threats.  During the past four years, Black Lotus Labs reports that it has affected more than 200,000 routers, network-attached storage (NAS) servers, and IP cameras, in addition to the security software that protects these devices. Since its formation, the botnet has continued to grow. 

As of this writing, hundreds of thousands of devices have been infected as a result of this network. A paper published by Black Lotus Labs notes that nodes affiliated with this botnet have reportedly been seen attempting to exploit Atlassian Confluence servers as well as Ivanti Connect Secure appliances in an attempt to take advantage of this threat.  

The Raptor Train was announced in May 2020 and appears to have skipped under the radar until recently when some researchers at Black Lotus Labs, a threat research and operations arm of Lumen Technologies, stumbled upon it while looking into compromised routers as part of their investigation. There has been some evidence that the Nosedive botnet is used to launch DDoS attacks using a variant of the Mirai malware called Nosedive that was developed specifically for attacks against distributed denial-of-service (DDoS) systems. 

According to the researchers today, Raptor Train has three tiers of activity, each of which is responsible for running specific types of tasks, such as sending out tasks, administrating servers that exploit the payload or server that manages payloads, and controlling the system. 

It was noted by Microsoft Threat Intelligence in an August 24, 2023 blog post that while Microsoft does not have complete visibility into Flax Typhoon's activity, the group's relatively limited use of malware and reliance on tools built into target operating systems, along with benign software, has reduced the risk of detection for the group.  

According to U.S. officials, this strategy, which is also known as "living off the land", is among the key features of what U.S. officials have called an aggressive and intense cyber campaign sponsored by the Chinese. Additionally, to more typical forms of espionage and intellectual property theft, officials say similar Chinese operations are increasingly burrowing their way into sensitive U.S. critical infrastructure networks for reasons other than their potential security value.  

As it stands, the U.S. alleges that the Chinese are more likely preparing for a military confrontation with the United States if they are threatened with disruption to key U.S., Taiwanese, and other targets - civilian and government - if a military confrontation occurs. The top U.S. intelligence and cybersecurity officials have warned of the activity occurring under the Volt Typhoon since the beginning of 2023.  In a phone call that the White House conducted, one of the administration officials noted that Flax Typhoon was a private-sector organization working on behalf of Beijing, whereas Volt Typhoon was a government organization. 

According to Lisa Monaco, deputy attorney general of the U.S. Department of Justice, that agency's traditional prosecution programs, along with the initiative to prioritize disruption, have been brought together in a new way. A lot of indicators that have been collected during the investigation have led Black Lotus Labs to conclude that the operators of Raptor Train are likely state-sponsored Chinese hackers linked with the Flax Typhoon group, based on the indicators that were found during the investigation. 

Many factors support this theory, including not only the fact that the targets are aligned with Chinese interests, but also the codebase language and infrastructure, as well as the fact that different tactics, techniques, and procedures overlap. According to the researchers, Tier 3 management node connections to Tier 2 systems over SSH occurred almost exclusively during Chinese workweek hours, when the researchers observed the country's normal working hours. 

As well as that, the codebase includes Chinese descriptions and comments describing the functions, menus, comments, and reference references in the codebase itself. Raptor Train, however sophisticated it may be, is still a very dangerous botnet that can be prevented from spreading the infection by users and network defenders. 

A network administrator may need to pay attention to large outbound data transfers, even if the destination IP address is within the same region as the source IP address. To ensure that routers stay up-to-date, it is recommended that consumers restart their routers regularly and install the latest updates. The company should also replace systems that are no longer supported and are no longer receiving updates (end-of-life systems) with new ones.
Read more »
IP Address
Cyber exposes Cyberattacks CyberCrime Cybersecurity CyberThreat Data Breach Flightaware IP Address

Major Data Breach at FlightAware Exposes Pilots and Users' Information

 


A popular flight tracking website accidentally exposed names, addresses, aircraft owned, pilot status, and tracked flights, as well as user data. There was a surprise in the inbox of many users of FlightAware, a popular flight tracking application, on August 17, when the company sent a notice to its customers as a result of a "data security incident" that occurred. 

The email has been sent by Matt Davis, FlightAware's general manager, warning its recipients that a vast number of their details may have been exposed as a result of the internal incident and that they will need to reset their passwords when they log on again. There is a possibility that the incident may have had a detrimental effect on thousands of Australians. 

According to Davis, on the 25th of July, 2024, it was discovered that there was an error with the configuration of users' FlightAware accounts that may have caused users' data to be exposed inadvertently. User ID, login password, and email address may have been exposed inadvertently. If the user provides any additional information about themselves, it may include such information as their full name, billing address, shipping address, IP address, social media accounts, telephone number, date of birth, the last four digits of their credit card number, and their account activity, depending on the information they provide. 

The company will also include information regarding ownership and industry of aircraft, title and registration of aircraft, pilot status (yes/no), and their account activity in its report. As an addition to Davis' comments, the State Police have also stated that the configuration error has been corrected and that the notification was not delayed as a result of an investigation by the police, as had been initially stated. Neither FlightAware nor any of its representatives have said that a malicious actor accessed the data, nor have they revealed the precise period over which the data was exposed. 

To the best of our knowledge, no threat actor has claimed to have accessed any of the FlightAware data at this time. The FlightAware website claims that the application is employed by over 10,000 aircraft operators and providers of aviation services across the world, as well as more than 13,000,000 passengers, to supply them with flight tracking services, predictive analytics, and decision-making tools around the world. The sister publication of Australian Aviation, Cyber Daily, has contacted FlightAware in order to find out more information.
Read more »
VPN
Cyber Security Data Safety IP Address User Privacy VPN

Here's How to Change IP Address Without VPN

 

The internet is becoming an increasingly important aspect of people's lives since it allows them to perform an array of activities with minimal effort. However, it is also becoming a more dangerous place, as many hackers harm you by breaking into your servers and networks and stealing your private data. Hiding or changing your IP address is one way to secure your online activity. In this article, we'll go over how to change it without a VPN and why you should use one. 

What is an IP address? 

IP addresses, often known as "internet protocol," are a string of digits that help identify the network that each individual is using. They will let you send and receive data across a network. They normally include a lot of data on your online activities, location, and data. They are an important aspect of the internet and how it functions. 

However, because it contains a large amount of private information about internet users, it can lead to a variety of issues and cybercrimes, which is why remaining safe and protected is critical, and one way to do so is to change your IP address, with or without a VPN. 

You may be wondering how you can change your IP address without using a VPN. That is possible, and to assist you change it so that you stay safe and keep your data secure, here are multiple ways to change IP address without VPN: 

Change your network: This is the most obvious and straightforward approach to change your IP address. Changing your network and using a new one will instantly generate you a new IP address. 

Tor Browser: When you use the Tor browser, nodes conceal your IP address when you connect to any network. The nodes will change every time you use them. That ensures your privacy as well. 

Disconnect the modem: If you unplug your modem for a few hours, you can get a new IP address when you turn it back on. 

Proxy server: Depending on the server you connect to, a proxy will mask and disguise your IP address before assigning a new one. 

Your internet service provider might be able to modify your IP address for you if you request it and provide an appropriate reason.
Read more »
VPN
Anonymous Hacker Crypto cryptocurrency Data Breach. Decentralization Digital Tokens IP Address Online Data Server User Privacy VPN

Nym's Decentralized VPN: A Game-Changer for Online Privacy


Nym, a privacy technology company, is getting ready to introduce a decentralized VPN (Virtual Private Network) that aims to completely change how we safeguard our online data and preserve our privacy in a quickly changing digital environment where online privacy is getting harder to define. An industry game-changer in the field of online security, this breakthrough is scheduled to launch in early 2024.

Nym's ambitious project has garnered significant attention from the tech and cryptocurrency community. With concerns about surveillance, data breaches, and cyberattacks on the rise, the need for robust online privacy solutions is more critical than ever. Traditional VPNs have long been a popular choice for protecting one's online identity and data. However, Nym's decentralized VPN takes privacy to the next level.

One of the key features of Nym's VPN is its decentralized nature. Unlike traditional VPNs that rely on centralized servers, Nym's VPN leverages a decentralized network, making it far more resistant to censorship and government intervention. This feature is particularly important in regions where internet freedom is limited.

Furthermore, Nym's VPN is powered by a privacy-centric cryptocurrency called NYM tokens. Users can stake these tokens to access the VPN service or earn rewards for supporting the network. This innovative approach not only incentivizes network participation but also ensures a high level of privacy and security.

The decentralized VPN is designed to protect users from surveillance and data harvesting by hiding their IP addresses and routing their internet traffic through a network of anonymous servers. This means that users can browse the web, communicate, and access online services without revealing their true identity or location.

In addition to its privacy features, Nym's VPN is being developed with a strong focus on speed and usability. This means that users can enjoy the benefits of online privacy without sacrificing their internet connection's speed and performance.

Since Nym is a big step toward a more secure and private internet, the IT industry is excited about its impending introduction. Users seeking to protect their online activity will have access to a cutting-edge, decentralized solution as 2024 draws near.

Nym's decentralized VPN stands out as a ray of light in a world where threats to internet privacy are omnipresent. Its distinctive approach to privacy, robust security features, and intuitive design have the power to revolutionize the way we safeguard our personal information and identities online. When Nym launches in early 2024, it will surely be a turning point in the continuous struggle to protect internet privacy in a connected society.

Read more »
VPN
Chrome Cyberattacks CyberCrime Data Cookies data threat Google IP Address Privacy VPN

Enhancing Online Privacy: Google Trials IP Address Masking Option

 


Currently, Google is in the process of perfecting Gnatcatcher, which used to be called Gnatcatcher. Under the new name "IP Protection," Gnatcatcher is called more appropriately. By doing this, Chrome is reintroducing a proposal to hide users' IP addresses, thereby making it harder to track their activities across sites. 

When users add their computer to a network, it receives a unique address called an Internet Protocol (IP) address that indicates what it will do over the network. A number acts as a means of identifying the user's location on the network when they are connected. Messages must be delivered to the right location for a computer to communicate with another computer without the need for each computer to know the other's address. 

To track the user behaviour of sites and online services, IP addresses are used to create digital profiles that can be used for targeted advertising purposes on websites and online services. The fact that this tracking can be circumvented without third-party tools raises significant privacy concerns, as bypassing this tracking is not as straightforward as dealing with third-party cookies without using these tools. 

While navigating the web, Google recognizes that it is crucial to balance the requirement for a user's privacy with practical functionality. Essentially, the solution they have devised involves disguising the IP address of the user through the redirection of traffic from certain third-party domains through proxy servers, so that the IP address remains invisible for these domains even though traffic is coming from them. 

The IP Protection feature will initially be available as an opt-in service, so users will have the option of obfuscating their IP addresses from third parties whenever they wish. It was decided that IP Protection should be rolled out in stages to ensure regional considerations can be accommodated and to ensure that there is a shallow learning curve. The first phase of this initiative will have Google proxying requests to its domain to satisfy regional considerations. 

The proxies will only be accessible by US-based IP addresses for a short period until Google has fine-tuned the list of affected domains. For now, only US-based IP addresses can access them. Despite the possibility of tracking you, your IP address also plays a huge role in routing traffic, preventing fraud, as well as other important tasks that are required by the network. 

The Google IP Protection feature for Chrome was designed to do this by routing all third-party traffic from specific third-party websites through proxy servers to hide your IP address from those sites on the Internet. It is also pointed out that when this feature is introduced to Chrome users, it will be an opt-in feature. 

It is the responsibility of users to decide whether they wish to obscure their IP address from third parties or not, so IP Protection will be a feature they can opt in to. To accommodate regional differences and ensure a shallow learning curve, IP Protection will be rolled out in stages. Phase 0, which will be a proxying of Google's domains, will serve as the first step towards Phase 0. 

It is expected that this situation will continue until Google has had sufficient time to fine-tune the list of affected domains. In the beginning, those proxy servers will only be accessible to IP addresses from the US at least. 

It has been decided that Google to use a two-hop approach to improve privacy in the next phase, which will include Google managing the first hop while an external Content Delivery Network (CDN) will manage the second hop.

Ideally, IP addresses are a must-have for Internet traffic routing, fraud prevention, and a wide variety of other functions. Thus, Google has designed a system that will cover traffic routing, fraud prevention, and a wide variety of other functions while thwarting tracking at the same time. 

It is a feature of Google's 'The Privacy Sandbox' toolkit which has been known as 'Gnatcatcher' previously. It is specifically designed for users to be able to avoid being tracked between websites through their IP address. 

At first, this proxy will remain optional for users, and its implementation will be phased out, so each region is allowed to adapt to this innovation at its own pace. Google intends to facilitate a phased approach so that each region adapts to the new technologies at its own pace. It will be possible to only affect domains within third-party contexts at first, with an emphasis on tracking domains that are well known. 

Users do not want to reveal their IP addresses, which is why they use proxy servers or VPNs to hide their IP addresses. A proxy or a VPN masks the real IP address of a user by masking it with one of the proxy operator's IP addresses. Only the proxy operator or the VPN provider knows a user's real address. A proxy is being used by Google to hide the IP addresses of its users under its IP Protection proposal. 

The feature will be tested and rolled out in multiple phases due to the potential side effects it may cause. Google wants to learn as it goes. The first phase of the feature will only support users with IP addresses from the United States and will only work with a single Google-owned proxy that will only redirect requests to Google-owned domains. 

Google is interested in testing out the infrastructure without impacting any third-party companies that may be using it. In addition to services such as Gmail, Google also owns the Ad Services domain, which is used for advertising purposes. 

There is a small percentage of users who will be automatically enrolled by Google in the current phase, and these users must also be logged into Chrome to participate. In a future phase, Google plans to use a chain of two proxy servers to prevent both of the proxy servers from seeing both the origin IP address as well as the destination IP address. 

There have been some interesting developments recently when it comes to Google's privacy options, as it has now launched its Privacy Sandbox which is aimed directly at making third-party cookies a thing of the past. 

According to the company, cookies will be disabled in the year 2024. By combining IP Protection with third-party websites, data will be less likely to be gathered from multiple sites by third-party sites in the future.
Read more »
VPN
Customer Service Issues Cyber Security Free VPN IP Address Phising Attacks security threat VPN

Risks of Free VPNs: Proceed with Caution

Virtual Private Networks (VPNs) have developed into an essential tool for protecting online security and privacy in today's digitally connected society. Despite the wide range of options, a sizable portion of consumers favour free VPN services. However, it's important to be aware of any risks connected to these ostensibly cost-effective alternatives before jumping on the bandwagon.

Free VPN services frequently have restrictions that limit how much security and privacy they can offer. They might impose a data cap, slow connection rates, or impose server access restrictions. 'You get what you pay for,' is true in the world of VPNs. 

Free VPNs' data logging rules are among their most alarming features. Numerous of these services gather and keep track of user data, including browsing patterns, IP addresses, and even private data. Data breaches or targeted advertising may result from the sale of this information to outside parties. This lack of transparency poses a serious threat to user privacy.

  • Security Vulnerabilities: An additional weakness of free VPNs is their insufficient security measures. The strong encryption methods that paying equivalents offer are frequently absent from these sites. Users become more vulnerable to online dangers as a result, leaving them open to potential hacks or attacks from online criminals.
  • Malware and Adware ConcernsFree: VPNs have a reputation for injecting viruses or bothersome adverts during customers' browsing sessions. These intrusive activities, not only damage user experience but also offer serious security threats. 
  • Unreliable Customer Support: Free VPN providers typically offer limited or no customer support, leaving users on their own if they encounter technical issues or need assistance with the service. This lack of support can be frustrating and potentially detrimental in critical situations.

With VPNs, quality is a function of price. Although they may be alluring, free VPN services carry a number of dangers that could jeopardize your online privacy and security. Prioritizing trustworthy, paid VPN services with strong security, open policies, and dependable customer support is crucial. Keeping your online identity secure is ultimately a worthwhile investment. 





Read more »
VPN Split Tunneling
Cyberattacks CyberCrime IP Address ISP LAN Technology VPN VPN Split Tunneling

VPN Split Tunneling: A Better VPN Option?

 


As long as your VPN connection is encrypted, you can protect your privacy and security because you cannot see your IP address. A VPN is an application that offers users a secure tunnel through which they can send and receive data securely from and to their devices. 

A cybercriminal (crime ring, invasive advertiser, etc.) attempting to spy on your online activities so as to discover your VPN's IP address, instead of your own, which sabotages your privacy will be met with 'built-in encryption' which will prevent him from intercepting your traffic. 

Using a virtual private network can also be a great way to circumvent geographic restrictions on online content, allowing you to watch content that isn't available in your region or country.  

It would be extremely useful to have this feature while connected to a local area network (LAN), to be able to access foreign networks and at the same time protect bandwidth by accessing foreign networks. There is no need to worry about security threats when you are accessing a network printer or downloading sensitive files, for example.   

Due to the encryption applied to all data traveling through it, you may experience slower network speeds and bandwidth issues when using a VPN.

Split Tunneling - What Does it Mean? 

The splitting of tunnels is a feature that many VPN software providers offer so that you can choose which apps, services, and games connect to your VPN and which are connected to your standard Internet connection. An encryption-based VPN setup is different from regular VPN setups, which send all traffic on your system, regardless of its origins or destinations, through an encrypted tunnel on your system. Using split tunneling will allow you to use your standard connection when you wish to use your VPN and disable it when you desire additional security as you would need to do otherwise.  

Newer split tunneling techniques usually allow you to choose which apps you want to secure and which apps you want to leave open. It is possible to send some of the internet traffic through an encrypted VPN tunnel and allow the rest of it to travel through another tunnel that is available on the open internet through a VPN split tunnel connection. There is a default option in the settings of a VPN which routes 100% of the internet traffic through the VPN, but if you require higher speeds while encrypting certain data and being able to access the local devices, then splitting tunneling might be an option for you. 

You might find this to be a helpful feature if you are trying to keep some of your traffic private, yet at the same time want to maintain access to some device on your local network. Thus, you can have access to both local networks as well as foreign networks at the same time. Additionally, you can save some bandwidth in the process by using this method. 

The VPN Split Tunneling Process: How Does it Work?

Having the ability to split the tunnel through a VPN is a very useful feature because it allows you to select what data you wish to encrypt via a VPN and what data you wish to leave open for other users to see. Traditionally, a VPN is used to route your traffic over a private network through a tunnel that is encrypted to ensure integrity. 

Using VPN split tunneling, you can route some traffic from your applications or devices through a VPN. You can also point other applications or devices to the internet directly, while others are routed through an encrypted VPN.

If you want to enjoy the benefits of services that perform best when your location is recognized while enjoying the security of accessing potentially sensitive communications and data through this method, it may be particularly useful to you.  While considering this option, it is essential to keep in mind that there can be some security risks involved. 

Split tunneling is a technique that encrypts your traffic like a VPN and it comes with two main benefits: speed and security. The full tunnel option is the most secure because all traffic is routed through your VPN connection, making it the safest option; however, since there is so much traffic to be encrypted, it will also result in slower speeds. This is because when all traffic passes through headquarters, the infrastructure gets overloaded as well. 

Split tunneling allows you to only send a small amount of your traffic through a VPN, which means that things like video streaming and video calls will have better performance, and this will mean that the infrastructure in HQ will be under less strain because only part of your traffic goes through a VPN. 

Split tunneling is beneficial in terms of conserving bandwidth since it allows you to use less of it. You will be able to enjoy faster internet access by choosing certain applications to send traffic through the VPN server, which will not clog up your bandwidth as it will filter applications through the VPN server. 

It is planned to offer a complete split tunneling solution within the next few months as NordLayer works on this area. NordLayer is currently only able to assist us partially in resolving the use cases related to split tunneling. 

Split Tunneling is Advantageous for VPNs 

There may be a situation where VPN split tunneling is not a suitable choice for all organizations, but it is an option you can set up when setting up your VPN service. VPNs are often a problem for organizations with restricted bandwidth, primarily because the VPN is responsible for encrypting the data and sending it to a server located in another location at the same time. Without split tunneling, performance issues can result in the implementation of a virtual private network. 

Ensure Bandwidth Conservation

Split tunneling is a method that allows traffic that would have been encrypted on one tunnel to be sent through the other tunnel that is likely to transmit more slowly, as opposed to being encrypted by the VPN. In the case of routing traffic through a public network, there is no need to encrypt the traffic, which leads to improved performance. 

Connect Remote Workers Securely

Through a VPN, remote employees can have access to sensitive files and email that they would normally be unable to get to without a secure network connection. Additionally, their internet service provider (ISP) can also offer them access to other internet resources at a faster speed, allowing access to a wider variety of resources.

Developing a Network For the Local Area Network (LAN)

A VPN may prevent you from accessing your LAN when connected to it through encryption. Split tunneling allows you to use LAN resources like printers, while still utilizing VPN security and also having access to local resources like printers through your local network. 

Without the use of foreign IP addresses, stream content 

The ability to stream YouTube videos while traveling abroad is a very convenient way to get access to web services that rely on an IP address local to that area of the globe. When the split tunneling feature is enabled on the VPN, you will be able to use websites and search engines that work better when they know your location in your home country, and you will be able to access content in your home country by connecting to your VPN.
Read more »
Scams
Data Breach IP Address MFA Fatigue Attacks Microsoft Personal Details Phishing Attacks Scams

Microsoft Issues Alert Over Rise in Advanced Phishing Scams

Microsoft has issued a warning regarding a surge in sophisticated phishing scams targeting individuals and organizations. These scams employ advanced tactics to deceive users and steal sensitive information. With an increasing number of people falling victim to such attacks, it is crucial to stay vigilant and implement necessary precautions.

Phishing scams involve cybercriminals impersonating trusted entities to trick individuals into revealing personal information, such as passwords, credit card details, or social security numbers. The scams typically rely on social engineering techniques and fraudulent emails or messages designed to appear legitimate.

According to Microsoft, the new wave of phishing scams has become more sophisticated and harder to detect. Attackers are utilizing residential internet protocol (IP) addresses instead of traditional data center IPs to evade detection by security systems. By operating through residential IPs, scammers can bypass security filters that typically flag suspicious activity from data center IPs.

These phishing campaigns often target high-value individuals, such as company executives or employees with access to sensitive data. Scammers employ persuasive language, urgency, and personalized information to deceive their targets and convince them to take action, such as clicking on malicious links or providing confidential information.

To protect against these sophisticated phishing attacks, Microsoft advises individuals and organizations to implement multi-factor authentication (MFA). By enabling MFA, users must provide additional verification, such as a unique code sent to their mobile device, in addition to their password. This adds an extra layer of security and makes it significantly harder for attackers to gain unauthorized access.

Furthermore, individuals should remain cautious when interacting with emails or messages, especially those that request sensitive information or seem suspicious. It is essential to scrutinize sender addresses, look for signs of grammatical errors or inconsistencies, and avoid clicking on links or downloading attachments from unknown sources.

Organizations must prioritize cybersecurity awareness training for employees to educate them about the latest phishing techniques and the potential risks they pose. Regular training sessions and simulated phishing exercises can help individuals develop a strong sense of skepticism and recognize the warning signs of a phishing attempt.





Read more »
Software
Cyber Attacks Cybersecurity IP Address Malicious Attacks Proxy Jacking Proxyware Software

Malicious Attacks Use Log4j Bugs

 


An increasingly popular form of fraud that utilizes legitimate proxyware services to hijack legitimate ones has been identified by threat actors. Some services allow people to sell Internet bandwidth to third parties to make extra money. According to researchers from Sysdig Threat Research Team (TRT), large-scale attacks exploiting cloud-based systems can bring cybercriminals hundreds of thousands of dollars of passive income per month by exploiting this vector - dubbed "proxy jacking" - that is used by attackers to obtain access to the server. 

Many companies now charge customers a fee for using a different Internet Protocol (IP) address when watching YouTube videos that aren’t available in their region, scraping and surfing the web without attribution, or browsing dubious websites without attribution of their IP address. This kind of service can be found in dozens of companies now. 

As part of the proxyware ecosystem, you can find legitimate businesses overseas selling it as proxyware. These businesses include IPRoyal, Honeygain, and Peer2Profit. The concept has, as expected, also attracted the attention of cybercriminals, and its potential can also be exploited. 

As proxyware services have grown and become popular in recent years, proxy jacking has become an increasingly prevalent phenomenon brought about by this growing use. Proxyware services offer legitimate and non-malicious applications or software that can be installed on any internet-connected device as long as it is not connected to malicious websites or programs. 

When you run this program, you share your internet bandwidth with others when the program is asked to share an IP address with you. 

Sysdig says proxy hacking could even be as lucrative and easier to commit as it is less computationally demanding and energy-consuming than actual hacking because it uses less energy. 

This report claims that an attacker sold the victim's IP addresses to proxyware services for profit to profit from the attack. There is a method known as proxy jacking. This is where a threat actor installs proxyware on an unsuspecting victim's computer to segment their network. The goal here is to resell bandwidth to compromised devices for a price of $10 per month, allowing the operation to be profitable. Victims are consequently exposed to higher costs and risks than they would otherwise be. 

IP addresses can also be abused to commit crimes in a variety of ways, including as a means to steal personal information. The Cisco Talos Intelligence Group and AhnLab Security researchers have identified that in recent years attacks have been perpetrated where, without a person's knowledge, the IP address of their device has been permanently changed and infected adware has been used to secretly take over the device. Neither company isolated the practice from crypto mining, which involves hacking into compromised systems and mining cryptocurrency. 

Log4j vulnerability was discovered by Chinese researchers in December 2021, and reported by many news outlets. In response to the issue, governments and businesses around the globe launched a global initiative designed to address it. Cybercriminals still exploit this bug to gain access to sensitive information. It has been reported that millions of computers still run vulnerable versions of Log4j based on data from the security company Censys. Various data can be recorded and stored with this software, depending on the service and device being used. 

Even though other attacks have been seen in proxy jacking incidents, researchers believe that the Log4j vulnerability appears to be the most popular method of attack. 

Mike Parkin, director of Vulcan Cyber's security operations, said in an interview that if Log4j's "long tail" is anything to go by, then it will take a while before the number of vulnerable systems will just disappear altogether. 

As per Sysdig's identification of the case, hackers exploited the Kubernetes infrastructure by exploiting the services it offers. Kubernetes container orchestration system is an open-source system for orchestrating software container deployment. Specifically, the hackers exploited a vulnerability in Apache Solr. This vulnerability, if not patched, makes it possible for them to take control of the container and execute a proxy jacking attack on the container. 

It is estimated that the amount of money an attacker can net from crypto-jacking and proxy jacking will be about the same each month - proxy jacking is even likely to be more lucrative today given the current crypto-exchange rates and proxyware payment schedules. 

There is, however, no doubt that most monitoring software will use CPU usage (and it's for very good reason) as one of their first (and most important) metrics. Proxy jacking has minimal system impact. A single gigabyte of traffic spread across a month would be the equivalent of tens of megabytes a day - very unlikely to make a noticeable impact. 

You should remember that the IP address market can often lead to other problems. Several researchers have suggested that it is still possible for your internet bandwidth to be misused or stolen if you sell it knowingly to a proxyware service, according to Sysdig's and other researchers' findings. 

As easy as purchasing and using your shared internet, an attacker can do the same to launch an attack against you. Researchers from Sysdig explained how malicious attackers employ proxy servers to conceal command, control activities, and identify information.
Read more »
User Privacy
Data Breach Email Fraud IP Address Microsoft Azure Server TechCrunch Unauthorized access US Government User Privacy

 Crucial US military Emails was Publicly Available

A US Department of Defense exposed a server that was leaking private internal military emails online Security researcher Anurag Sen discovered the unprotected server, which was "hosted on Microsoft's Azure federal cloud for Department of Defense customers," according to a TechCrunch report.

The vulnerable server was housed on Microsoft's Azure federal cloud, which is available to Department of Defense clients. Azure uses servers that are physically isolated from other commercial customers so they can be utilized to share private but sensitive government information. The exposed server was a component of an internal mailbox system that included around three terabytes of internal military emails, a lot of them regarding the USSOCOM, the US military organization responsible for carrying out special military operations.

Nevertheless, due to a misconfiguration, the server was left without a password, making it possible for anyone with access to the internet to access the server's IP address and view the server's important mailbox data.

The server was filled with old internal military emails, a few of which contained private information about soldiers. A completed SF-86 questionnaire, which is filled out by government employees seeking a security clearance and contains extremely sensitive personal and health information for screening people prior to being cleared to handle classified information, was included in one of the disclosed files.

As classified networks are unreachable from the internet, TechCrunch's scant data did not appear to be any of it, which would be consistent with USSOCOM's civilian network. In addition to details regarding the applicant's employment history and prior living arrangements, the 136-page SF-86 form frequently includes details about family members, contacts abroad, and psychiatric data.

A government cloud email server which was accessible through the web without a password was made public and the US government was notified about it. Using just a web browser, anyone could access the private email data there.






Read more »
IP Address
Botnet Cloud Computing Cloudfare Cyber Attacks DDOS Attacks FBI HTTP IP Address

 Massive DDoS Attack was Thwarted by Cloudflare

 

Prioritized firms like gaming providers, hosting providers, cloud computing platforms, and cryptocurrency enterprises, according to Cloudflare, emanated from more than 30,000 IP addresses.
The greatest volumetric distributed denial-of-service (DDoS) attack that Cloudflare has seen to date was stopped.

The greatest attack, which is the largest documented HTTP DDoS attack, topped 71 million rps, per Cloudlare's analysis. The volume is 35% greater than the previous record, 45 million rps from June 2022, which had been recorded.

The FBI accused six suspects of their involvement in running 'Booter' or 'Stresser' platforms, which anybody can use to execute DDoS attacks, in response to this stream of continuously escalating attacks, and seized dozens of Internet domains. Operation PowerOFF, a larger, more coordinated worldwide law enforcement operation against DDoS-for-hire services, included the action.

Cloudflare has been collaborating with the victims to strike down the botnet and is providing service providers with a free botnet threat feed that will transmit threat intelligence from their IP and any ongoing attacks coming from their hosted autonomous system.

Researchers cautioned entities to take action immediately before the next campaign: protecting against DDoS attacks is crucial for organizations of all sizes, even while DDoS attacks on non-critical websites might not result in permanent harm or safety hazards. DDoS attacks against internet-facing equipment and patient-connect technology in the healthcare industry put patients' safety at risk.



Read more »
IP Address
Bitbucket CircleCI Data Breach GitHub IP Address

Following a Hack, CircleCI Advises Customers to Rotate all Secrets

 


Following a breach of the company's systems, CircleCI, whose development products are popular with software engineers, has advised customers to rotate their secrets. This is to prevent a repetition of this incident. 

There are more than one million engineers who use the CI/CD platform as they expect to achieve the "speed and reliability" of their builds by relying on the service. An alert is sent to users about the incident by CircleCI. Currently, CircleCI is investigating a security incident, as indicated by emails that users have received from CircleCI regarding this incident. 
 
To be on the safe side, users are advised to rotate all secrets stored in CircleCI until the company concludes its investigation. The CircleCI CTO, Rob Zuber, wrote in a succinct advisory published on Wednesday that they will provide you with updates as soon as they become available about this incident. 

It was found that CircleCI believes that there are no unauthorized actors active in their system at this point; however, in the spirit of being extra cautious, they would encourage all customers to take the necessary precautions to ensure that their data is protected. It is recommended that customers should rotate both the secrets that are stored in project environment variables and within context variables.
 
CircleCI has invalidated API tokens used in projects, and users will be required to replace these tokens before they can start using CircleCI. During the investigation, Daniel Hückmann, who is an experienced security engineer, reported the presence of one of the IP addresses associated with the attack (54.145.167.181). 

As a result of this information, incident responders may be able to increase their ability to investigate their environment in the future. Besides, the DevOps company recommends that users audit their logs for any signs of unauthorized access occurring between December 21st, 2022, and January 4th, 2023. The purpose of this is to prevent the same event from happening again. 
 
The wording of CircleCI's 'reliability update' seems to suggest that CircleCI was compromised on December 21st - the same day it published the "reliability update" underlining its commitment to improving its services and reaffirming its commitment to enhancing security. 
 
A series of similar updates, beginning with a reliability update released in April of 2022, preceded its said reliability update, with CircleCI admitting that its reliability was not up to the standards of its users. Zuber wrote in a report that CircleCI is an organization dedicated to managing change to enable software teams to innovate faster. But lately, they have learned that our reliability has not met our customers' expectations. 
 
Following another unavailability in September 2022 as a result of a "significant portion of a day," CircleCI issued another such update to address the issue. This was causing many teams to struggle with managing their workload as a result of the problem. 

In recent years, CircleCI has faced a series of security issues that threaten its operations. A data breach occurred in mid-2019 at CircleCI due to the compromise of a third-party vendor which resulted in the loss of confidential information. 

In response, the data of some GitHub and Bitbucket users which includes their login credentials and email addresses including their GitHub and Bitbucket accounts were compromised. Further, it gives access to their IP addresses, company names, repositories' URLs, etc. 

An investigation was conducted in 2022 in which threat actors were caught using fake CircleCI email notifications to steal GitHub accounts from users, as a result of these phishing attempts, CircleCI was reassured at the time of their being secure since the fraudulent attempts did not necessarily come from latest compromise. Despite this, threat actors have been known to target customers of affected companies with phishing scams by using email addresses obtained from an earlier breach (such as the one found in 2019). 
 
In regards to the security incident that CircleCI announced on Wednesday, the company sincerely apologizes to all those who may have faced inconvenience following this announcement. When the investigation is concluded, the company intends to share additional information about the incident in the upcoming days.   
Read more »
WiFi
Cyber Security IP Address Public Network User Privacy VPN WiFi

When Using Open Wi-Fi, Users Don't Employ a VPN

A VPN is a software program that masks the actual IP address and encrypts all data leaving any device. 
Using a VPN, enables users to connect to a secure network via a public network and transport all of the data into an encrypted channel, safeguarding their online activity. 

The user's authentic IP address is concealed and next-generation encryption is used to mask user activities when the web server is redirected via another private internet server.

The likelihood of connecting to free public Wi-Fi to stream a network, watch YouTube videos, or browse through social media feeds increases as a result. This is where one of the finest VPN services is useful and essential throughout the holiday season. 

A recent poll reveals that when connecting to a risky Wi-Fi, the majority of users continue to refrain from using such protection software. 

Business VPNs were not required in the past when cybersecurity experts were in high demand. To safeguard online activity in the present digital environment, each user must use a secure VPN. However, for individuals who frequently connect to open internet hotspots, it is all the more important. It appears that a majority of us still do not adhere to this crucial privacy-friendly habit, which is a concern.

More than 56% of participants in a recent survey of 1,000 American users aged 18 and older who use public Wi-Fi claimed they were not using a VPN. And to make matters harder, 41% do not use any encryption software at all.

The top travel hazards to be aware of this festive season have been compiled by cybersecurity company Lookout, which also makes antivirus software like Lookout Security and other security, privacy, and identity theft detection solutions.

Some of the key guidelines are as followed:
  • Stay aware of insecure Wi-Fi networks because hackers may conceal themselves behind a similar deceptive network to deceive careless passengers and steal their login information. 
  • Using USB charging outlets in public places can be risky.
  • Do not fall for travel-related phishing schemes, hackers may also attempt to con users using these scams.

Reliable VPN services are of utmost importance for browsing the web securely in any situation and avoiding prying governments and nefarious individuals from getting access to user data. 
 


Read more »
VPN Leak
Android Cyber Security Encryption Google HTTP Attacks IP Address VPN Leak

Android Spills Wi-Fi Traffic When VPNs Are Enabled

Regardless of whether the Block connections without VPN or Always-on VPN options are turned on, Mullvad VPN has found that Android leaks traffic each time the device links to a WiFi network. 

Source IP addresses, DNS lookups, HTTPS traffic, and most likely NTP traffic are among the items that are being leaked outside VPN tunnels. With the help of a VPN, encrypted data can flow anonymously and be untraceable between two sites on the internet. Consider passing a ping pong ball to someone else across a table as an example. The ball is freely available for third parties to take, manipulate, and return to their intended location. It would be far more difficult to intercept the ball if it were to roll through a tube. 

Information is difficult to obtain because data goes through VPNs similarly. The source and destination of the data packet are likewise obscured because it is encrypted. The Android platform was intentionally designed with this behavior. However, due to the erroneous description of the VPN Lockdown functionality in Android's documentation, users were probably unaware of this until now.

The finding was made by Mullvad VPN while conducting an unpublished security check. The supplier has submitted a feature request to Google's Issue Tracker to fix the problem. A Google developer, however, stated that the functionality was working as intended and that Google has no plans to change it.

"We have investigated the feature request you have raised, and we are pleased to inform you that everything is operating as intended. We don't believe there is a compelling reason to offer this because we don't believe most consumers would grasp it," the Google engineer added.

Unfortunately, Always-on VPN is not totally functioning as intended and contains a glaring weakness, according to a Swedish VPN company by the name of Mullvad. The issue is that Android will send a connectivity check, every now and then to see whether any nearby servers are offering a connection. Device information essential to connectivity checks includes IP addresses, HTTPS traffic, and DNS lookups. Even with Always-on VPN turned on, anyone monitoring a connectivity check could view bits of information about the device because none of this is encrypted since it doesn't travel over the VPN tunnel.

The traffic that escapes the VPN connection contains metadata from which critical de-anonymization information, such as the locations of WiFi access points, may be derived.

The blog post by Mullvad explains that "the connection check traffic could be observed and evaluated by the party controlling the interconnect check server and any entity noticing the network traffic. Even if the message only indicates that an Android device is connected, the metadata, which includes the source IP, can be used to derive additional information, especially when combined with information like WiFi access point locations."

People who use VPNs to shield themselves from persistent attacks would still perceive the risk to be high, even though this is difficult for inexperienced threat actors. Mullvad adds that even if the leaks are not rectified, Google has to at least update the documentation to accurately state that the Block connections without VPN function would not safeguard Connectivity Checks. 

Mullvad is still discussing the data leak's relevance with Google and has requested that they make it possible to turn off connectivity checks and reduce liability points. Notably, this option has the intended capability thanks to GrapheneOS, Android-based anonymity and safety os version that can only be utilized with a select few smartphone models.

Read more »
Subscribe to: Posts (Atom)