Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label VPN. Show all posts
VPN
Cyber Security Cyberattacks CyberThreat Smiths Group unauthorised access VPN

Smiths Group Reports Cybersecurity Incident: Systems Breached

 


Smiths Group, a London-listed engineering firm operating in energy, security, aerospace, and defence, has reported a cybersecurity incident involving unauthorised access to its systems. The company has taken immediate steps to mitigate potential disruptions and contain the breach. In a statement issued to the London Stock Exchange, Smiths Group confirmed the detection of unauthorised activity and outlined measures to protect business continuity, including isolating affected systems and ensuring normal operations are maintained.

The company emphasized its commitment to safeguarding operations, stating that swift action was taken to minimize the impact of the breach. Smiths Group is actively restoring affected systems and assessing the impact on its business operations. However, the company has not provided specific details about the nature of the cyberattack, though indications suggest it may have been a ransomware incident, given the common practice of taking systems offline in such cases.

Impact and Response

Following the announcement of the cybersecurity breach, Smiths Group’s share price dropped by nearly 2%. The company is collaborating with cybersecurity experts to assess the extent of the breach and facilitate the restoration of affected systems. While Smiths Group has confirmed adherence to regulatory requirements, it has not disclosed details about the cause of the incident, the exact timing of its discovery, or whether business or customer data was compromised. The company has promised to provide updates “as appropriate.”

This incident is part of a growing trend of cyberattacks targeting organizations across various sectors. Earlier this month, the International Civil Aviation Organization (ICAO), a United Nations specialized agency, confirmed a data breach affecting nearly 12,000 individuals in the aviation sector. The breach exposed approximately 42,000 recruitment records from April 2016 to July 2024, with 11,929 individuals directly impacted.

Similarly, Conduent, a business services company, recently confirmed a cyberattack that caused a system outage. Meanwhile, Hewlett Packard Enterprise (HPE) is investigating claims of a data breach after an adversary allegedly accessed documents associated with its developer environment. In the UK, the domain registry Nominet reported a network compromise in early January due to a zero-day vulnerability in Ivanti VPN, which has been linked to cyber espionage activities by the UNC5337 threat group.

Why Engineering and Manufacturing Are Targeted

Smiths Group, established in 1851, employs over 15,000 people and reported annual revenues of approximately $3.89 billion in fiscal 2024. The company’s Smiths Detection arm develops security screening systems for airports and other ports of entry, while its other divisions support industries such as mining, oil, gas, clean energy, and semiconductor testing. The engineering and manufacturing sectors are prime targets for cybercriminals and nation-state hackers due to their economic importance and the sensitive nature of their work.

For example, in August, Schlatter Group, a Swiss manufacturer of industrial welding machines, fell victim to a criminal cyberattack. Smiths Group, which reported annual revenues of £3.13 billion last year, supplies products to industries including energy, safety, security, aerospace, and defence, making it a lucrative target for cyberattacks.

The cybersecurity incident at Smiths Group highlights the increasing vulnerability of engineering and manufacturing firms to cyberattacks. As cybercriminals and nation-state actors continue to target these sectors, companies must prioritize robust cybersecurity measures to protect sensitive data and maintain business continuity. Smiths Group’s swift response to the breach underscores the importance of proactive incident management, but the incident serves as a reminder of the ongoing challenges in securing critical infrastructure and industrial systems.

Read more »
VPN
CyberCrime Cybersecurity CyberThreat Fake VPN Google malware SEO VPN

Malware Infections Surge from Fake VPN Downloads

 


An attacker is reportedly injecting malware into infected devices using popular VPN applications to gain remote control of the devices they are attacking. Google's Managed Defense team reported this disturbing finding, which sheds light on how malicious actors use SEO poisoning tactics to spread what is known as Playfulghost.

It has become increasingly important for individuals who prioritize the protection of their personal data and online privacy to use virtual private networks (VPNs). VPNs establish a secure, encrypted connection between users' devices and the internet, protecting their IP addresses and online activity against prying eyes. 

However, it should be noted that not all VPN applications are trustworthy. The number of fake VPN apps being distributed under the guise of legitimate services is increasing, stealing the sensitive information of unsuspecting users. Researchers have discovered that during the third quarter of 2024, fake VPN applications have become increasingly widespread globally, which is a worrying trend. In comparison to the second quarter, security analysts have reported a 2.5-fold increase in user encounters with fraudulent VPN apps.

These apps were either infected with malware or were built in such a way that they could be exploited by malicious actors. As a result of this alarming development, it is critical to be vigilant when choosing VPN services. Users should take precautionary measures when choosing VPN services and ensure that the apps they download are legitimate before downloading to safeguard their data and devices. 

As more and more home users turn to virtual private networks (VPNs) as a means to safeguard their privacy, to ensure their internet activity is secure, and to circumvent regional content blocks, these VPNs are becoming increasingly popular. Scammers and hackers are aware that the popularity of VPNs is growing, and so they intend to take advantage of that trend as much as possible. 

As an example, recently it has been found that some VPNs have been found to have security vulnerabilities that do not make them as secure as they should be. Playfulghost is a backdoor similar to Gh0st RAT, a remote administration tool that is well-known in the security community. According to Google's expert, Playfulghost is "a backdoor that shares functionality with Gh0st RAT." The latter has been around since 2008, and it is considered one of the best. 

The traffic patterns of Playfulghost can be distinguished from those of other known threats, especially in terms of encryption and traffic patterns. There are several ways hackers use phishing and SEO poisoning to trick their victims into downloading malicious software onto their computers, and according to a Google expert, one victim was tricked into opening a malicious image file for Playfulghost to run remotely from a remote location, which results in the malware being downloaded onto his computer. In the same vein, SEO poisoning techniques employed trojanized virtual private network (VPN) apps to download Playfulghost components from a remote server on the victims' devices (see GIF below). 

Infected with Payfulghost, an attacker can remotely execute a wide range of tasks on the device once it has been infected. It is particularly dangerous as a virus. Data mining is capable of capturing keystrokes, screenshots, and audio, as well as capturing screenshots. In addition to this, attackers can also perform file management activities, including opening, deleting, and writing new files. Security experts from Google have warned that a new malware threat has been detected that is very dangerous. It is known as Playfulghost and is distributed worldwide via fraudulent VPN apps. Researchers have warned that this scam uses sophisticated techniques to trick users into downloading infected VPN software, including what is called "SEO poisoning". 

There is something especially cruel about this latest cyberattack because signing up for one of the best VPN deals is usually an easy way to improve users' level of privacy and security online. Unfortunately, those who installed the fake VPN applications laced with malware in the last few days have now found themselves in the worst possible position due to the malware they have installed. As people know, the purpose of Playfulghost is to allow hackers to monitor every letter users type on their keyboard, a practice known as keylogging. 

It can also record audio from the built-in microphone on users' computers, laptops, tablets, or desktops, and it can also be used as a tool to record what they are seeing on the screen, which is often used for blackmail. The dangerous malware also enables attackers to remotely execute various file management activities, including opening, deleting, and writing new files, This can enable hackers to download and install other types of malware on machines infected with Playfulghost. Playfulghost also makes it possible for attackers to perform various file management activities remotely, such as opening, deleting, and creating files, allowing hackers to download and install other kinds of malware on computers infected with this dangerous malware. 

As it turns out, Playfulghost's functionality is quite similar to Gh0st RAT, which has wreaked havoc on PCs since 2001 and is now a public open-source tool, whose source code was released in 2008. Since this code is widely available, there have been several copies and clones created, including the latest variant. In addition to utilizing distinct traffic patterns and encryption, Google security researchers have pinpointed two methods by which the malware is being spread by hackers, according to their study. The first is using the infected computers' network cables and the second is via the Internet. 

 The first thing to know is that cybercriminals are utilizing phishing emails — unsolicited messages that entice people to download malicious software. One of the earliest examples that was spotted by Google's team involved emails with themes such as "Code of Conduct" which trick users into downloading the attached file, which turned out to be Playfulghost, a nasty infection. 

Another documented case has also been found in which a victim was tricked into opening a malicious image file and when they opened it in the background Playfulghost was automatically installed and activated on their computer from a remote server. Secondly, the malware may also be spread by bundling it with popular VPN apps in a process known as SEO poisoning. This method has been gaining popularity recently among virus creators. Search engine poisoning is the act of manipulating or hacking a search engine to make malicious downloads appear as an official import.
Read more »
WireGuard
IPsec Security VPN Vulnerabilities and Exploits WireGuard

Critical Flaws in VPN Protocols Leave Millions Vulnerable

 


Virtual Private Networks (VPNs) are widely trusted for protecting online privacy, bypassing regional restrictions, and securing sensitive data. However, new research has uncovered serious flaws in some VPN protocols, exposing millions of systems to potential cyberattacks.

A study by Top10VPN, conducted in collaboration with cybersecurity expert Mathy Vanhoef, highlights these alarming issues. The research, set to be presented at the USENIX 2025 Conference, reveals vulnerabilities in VPN tunnelling protocols affecting over 4 million systems worldwide. Impacted systems include:

  • VPN servers
  • Home routers
  • Mobile networks
  • Corporate systems used by companies such as Meta and Tencent

The Problem with VPN Tunneling Protocols

Tunneling protocols are essential mechanisms that encrypt and protect data as it travels between a user and a VPN server. However, the study identified critical weaknesses in specific protocols, including:

  • IP6IP6
  • GRE6
  • 4in6
  • 6in4

These vulnerabilities allow attackers to bypass security measures by sending manipulated data packets through the affected protocols, enabling unauthorized access and a range of malicious activities, such as:

  • Denial-of-Service (DoS) attacks disrupting systems
  • Stealing sensitive information by breaching private networks
  • Undetected repeated infiltrations

Advanced encryption tools like IPsec and WireGuard play a crucial role in safeguarding data. These technologies provide strong end-to-end encryption, ensuring data is decoded only by the intended server. This added security layer prevents hackers from exploiting weak points in VPN systems.

The vulnerabilities are not confined to specific regions. They predominantly affect servers and services in the following countries:

  • United States
  • Brazil
  • China
  • France
  • Japan

Both individual users and large organizations are impacted, emphasizing the need for vigilance and regular updates.

How to Stay Protected

To enhance VPN security, consider these steps:

  1. Choose a VPN with strong encryption protocols: Look for services that utilize tools like IPsec or WireGuard.
  2. Regularly update your VPN software: Updates often include patches for fixing vulnerabilities.
  3. Research your VPN provider: Opt for reputable services with a proven track record in cybersecurity.

This research serves as a critical reminder: while VPNs are designed to protect privacy, they are not immune to flaws. Users must remain proactive, prioritize robust security features, and stay informed about emerging vulnerabilities.

By taking these precautions, both individuals and organizations can significantly reduce the risks associated with these newly discovered VPN flaws. Remember, no tool is entirely foolproof — staying informed is the key to online safety.

Read more »
VPN
BitTorrent Cyber Security Cyberattacks Cyberbreach CyberThreat Server Torrent VPN

A Closer Look at Torrenting and Its Applications

 


Downloading through a peer-to-peer (P2P) network referred to as torrenting involves either using torrent files or magnet links to download files. Torrent files are index files that provide the necessary information to locate certain files, segments of files, or segments within a network. Using this method, the computer can download multiple parts of the same file from multiple peers across a network at the same time, greatly enhancing the efficiency of the download process. 

With magnet links, which function similarly to torrent files, it is unnecessary to host or download the torrent file itself, further streamlining the process and eliminating the need for hosting. As a result, both methods utilize the distributed nature of P2P networks to speed up and increase the efficiency of file transfers. It is worth mentioning that before streaming platforms made it possible to access digital content, torrents were used widely. 

It has been estimated that many individuals are turning to torrent websites to download movies, music albums, and video games; however, such practices often fall into the category of questionable and legally questionable behaviour. Digital piracy and its complex relationship with modern technology will continue to be relevant in 2025, despite controversies such as Meta's claims of using pirated books to train artificial intelligence, according to an article that discusses the principles and mechanisms of torrenting.

There has been an increase in the use of torrents as a method of sharing and downloading files over the Internet. As well as providing fast download speeds, torrenting also offers access to a wide variety of content, including movies, television shows, and music. However, torrenting carries significant legal and security risks, which make it difficult for torrenting to be successful. The possibility of inadvertently downloading copyrighted materials, which may result in legal consequences, or finding malware-containing files, which may compromise system security, is well known to users. 

The Torrent protocol, which is a peer-to-peer (P2P) file-sharing system that utilizes BitTorrent, is a decentralized method of file sharing. A torrent is an open-source file-sharing service that allows users to share and download files directly from one another, as opposed to traditional file sharing which relies on a central server to distribute content. 

To create a torrent, users connect and share files directly. Its decentralized nature enables the system to work efficiently and faster than other existing file transfer systems, especially for large files since it leverages the resources of multiple users instead of relying on a single source for file transfers. 

Understanding Torrent Files 


When it comes to torrenting, a torrent file plays a crucial role. A torrent is simply a small file containing metadata about the content downloaded. However, it does not contain the actual content of the downloaded content itself, such as a video, a music file, or a document. 

Instead, it is a roadmap that guides the torrent client, software that manages and facilitates the torrenting process, in finding and assembling the file you are looking for. Torrent files contain a lot of essential information, including the names and sizes of the files being shared, the structure and content of the content, as well as the location of the network servers that assist in coordinating the download process. 

There are certain pieces of information that the torrent client needs to reassemble the complete file, including the following information, as they are required for it to be able to break the content down into smaller segments, to retrieve these segments from multiple sources within the swarm, and then to reassemble them. As opposed to traditional methods of downloading, this approach to file sharing offers a significant advantage. 

Besides making these processes more effective and faster, it is also more resilient to interruptions as different parts of the image can be sourced from multiple peers simultaneously, making this process very fast and more reliable. Even if one peer goes down, the client will still be able to download the files from other active peers, ensuring that minimal interruption will occur. There is, however, a risk associated with torrenting not only that it provides a convenient way of sharing files, but also that there are some legal and security risks associated with it. 

Ensure that users exercise caution to make sure they do not unintentionally download copyrighted content or malicious files, as this can compromise both their legal standing as well as the integrity of their systems. There has been a negative perception of torrenting over the years due to its association with illegally downloading copyright-protected media. There were some early platforms, such as Napster, Kazaa, and The Pirate Bay, which gained attention and criticism as they began to enable users to bypass copyright laws and enable them to disseminate content illegally.

Although torrenting can be unlawfully used, it is equally important to remember that it is not inherently illicit and that its ethical implications depend on how it is employed. Similarly, seemingly benign objects can be misused to serve unintended purposes, just as any tool can have ethical implications. The reputation of torrenting has been diminishing in recent years because its potential for legitimate applications has been increasingly acknowledged, resulting in its decreased controversy. 

In addition to providing a variety of practical benefits, peer-to-peer (P2P) file-sharing technology allows for faster file transfers, decentralized distribution, and improved accessibility when it comes to sharing large quantities of data. To minimize the risks associated with torrenting, it is very important to observe certain safety practices. 

There is no inherently illegal aspect of torrenting technology, however, its reputation has often been shaped by its misuse for bypassing copyright laws, which has shaped its reputation. It is the most reliable and efficient way to ensure the safety of content is to restrict it to materials that do not possess any copyright protection, and by adhering to "legal torrenting" users will be able to avoid legal repercussions and promote ethical use of the technology safely. 

The use of Virtual Private Networks (VPN) is another important step in ensuring secure torrenting when users are downloading files. By encrypting the internet connection of a user, a VPN makes file-sharing activities more private and secure, while ensuring that the user's IP address remains hidden so that the user's online actions can remain safe. VPNs also offer a significant layer of protection against the possibility of monitoring by Internet Service Providers (ISPs) and third parties, thereby reducing the risk of being monitored. 

In addition to offering robust security features and user-friendly interfaces, trusted platforms such as uTorrent, qBitTorrent Transmission, and Deluge make it very easy for users to navigate torrenting. In addition to protecting against malicious files and potential threats, these clients help facilitate a seamless file-sharing experience. Torrents, while they are an efficient method of sharing content, can also pose several risks as well. 

There are several concerns associated with the use of copyrighted material without the proper authorization, one of which is the potential legal repercussions. Serious problems can arise if improper authorization is not obtained. Furthermore, torrents can contain malicious software, viruses, or any other dangerous element that can compromise the security of a user's device and their personal information. A user should practice caution when downloading torrents, remain informed about the risks, and take the appropriate steps to ensure that their torrenting experience is safe and secure.
Read more »
Websites
address Privacy VPN Websites

Remove Your Home Address From the Internet - Here's How

 




This is not only an issue of personal privacy but also safety. Many organisations sell address data to brokers, who then distribute their contents to advertisers, identity thieves, or even burglars. Here's the step-by-step process of how to delete your home address off the web.


Share Your Address Only When Necessary 


Keep your address private by limiting how often you give out your home address. Share it only when you must, like when opening a bank account or registering to vote. You can use an alternate address elsewhere, for example, when signing up for a gym membership or getting deliveries. That little change makes a big difference to the privacy of your home address online.


Mask Your Address in Mapping Apps


Online maps usually have very clear street views of your home. Thankfully, apps such as Google Maps and Apple Maps can blur your home for privacy. For Google Maps, enter your address, go to Report a Problem, then the areas you'd like to blur. For Apple Maps, write to their team at mapsimagecollection@apple.com, with details of your home, and they will handle it.

Remove Your Address from Search Results


You have the right to request its removal, if it appears on a search engine. Google offers users the ability to track and control personal information online. One can visit their Google Account and navigate to the Results About You section to set alerts and even request removal of the address from certain search results. Remember that Google could retain content from government or business sites.


Know your Social Media Profiles


Review your social media profiles for those instances where you published your house address. Never post a photo with your street or house number. Periodically update your privacy setting to restrict access to your information.


Opt Out from Whitepages


Whitepages is the biggest collection of addresses online. To remove yourself from it, visit their Suppression Request page, search for your profile, and make a suppression request for removal of it. You can easily do this in a few minutes.


Cleaning Up Unused Accounts


Most websites and services save your address whenever you sign up. Accounts you don't use anymore—like old shopping sites or subscription services—and delete them or request that your data be erased. That's fewer chances of a leak or misuse. You could also use a Post Office Box as an alternative.

The use of a post office box can make certain that one private home address does not have to be revealed. You can apply through USPS to lease a box for as low as $15 monthly online. This address could be used for deliveries or other accounts; it conceals your place of residency.

 

Use a Virtual Mailbox


Added to that is the security factor - virtual mailboxes have a secure option. They scan and forward your mail and allow you to access it online. It's thus comfortable for a frequent traveller, thus anyone who wants to avoid physical mail at his doorstep.


Securing Your Address with a VPN


Finally, make use of a virtual private network (VPN) to encrypt your internet data. Also, keep the physical location private. It conceals where you are physically based as you go online. Many browsers also have this built-in VPN option for additional security as well.

Removing your home address from the internet may take some effort, but the peace of mind it brings is worth it. By following these steps, you can protect your privacy and stay safer in an increasingly connected world. 


Read more »
VPN
Cyberattacks CyberCrime Cyberhackers Cyberthreats Default End-to-End Encryption E222 Technology VPN

The Role of End-to-End Encryption in Modern Cybersecurity

 


It is a type of messaging that is protected from everyone, including the messaging service itself, because of end-to-end encryption (E2EE). Using E2EE, a message cannot be decrypted until the sender and the recipient can see it in the form that was originally intended to be decrypted. As a result, sending an email represents the beginning of the conversation, and the recipient represents the end of the conversation. 

Consider end-to-end encryption like a sealed envelope through which a letter is sent through the mail in which no one can read the contents. Those who sent the letter, as well as those who received it, may read the letter. Both may read it, and each may open and read it on their own. Postal service employees can't read the letter because it is enclosed in an envelope and remains sealed.

A device where data or communications are created, received, or transmitted can be encrypted at the time of creation and sent. The encrypted data or communications can then be decrypted once it reaches the intended recipients, where the data can be accessed. Therefore, the data is protected at every stage of its transmission, thereby ensuring that it remains safe throughout.  

It is unlikely that any third party or unauthorized viewer will be able to read the communication even if it has been intercepted by third parties. It is vitally important that E2EE maintains a secure communication system and data storage system. In order to read it, one must be a recipient as well as a sender who has an intended recipient. As far as the encrypted messages are concerned, not even the service provider or server can read them.  An end-to-end encryption process can be described as a relatively simple approach in which data is converted from its original form into an unreadable format, transmitted securely, and finally converted back into its original form at the destination after it has been transmitted. 

A typical E2EE process consists of the following four steps: 
Encryption 
Transmission 
Decryption 
Authentication 

1. Encryption   In all of the E2EE applications, sensitive data is encrypted as soon as it is received before it goes through encryption. In this algorithm, the data is scrambled up into an unreadable form that is known as ciphertext to protect it from access by unauthorized people. The messages can only be read by authorized users who have a secret key, which is known as the decryption key, for decrypting them. The E2EE system has two different types of encryption schemes: asymmetric, in which the encryptor and decryptor use two different keys to encrypt and decrypt the data, and symmetric, in which there is one shared key to encrypt and decrypt the data.  E2EE does use both of these methods (see "Symmetric versus asymmetric encryption" for a description of the two).  

2. Transmission The data that is encoded (ciphertext) is transported over a communication channel, such as the Internet or any other network that uses encryption. Despite this, the message retains its unreadable nature when it moves to its destination. Neither application servers, internet service providers (ISP), hackers, nor other entities can read the message as it moves. Any person who intercepts that message will see random unintelligible characters flowing across the screen. 

3. Decryption In asymmetric encryption, it is the recipient's private key that is used to decrypt the ciphertext when it receives the ciphertext, while in symmetric encryption, it is the shared key. Data that is encrypted by a private key can only be decrypted by the recipient that possesses that key. 

4. Authentication Upon the decryption of data, it is verified to make sure that its integrity and authenticity have been retained. As part of this step, the recipient might be required to verify the sender's digital signature or other credentials to verify that the data was not tampered with during transmission by anyone else. There is no doubt that end-to-end encryption provides the highest level of security. 

Even though hackers could intercept the communication, they would not be able to read it without the private key that has been shared only by the sender and recipient.  In the case of E2EE, however, the devices that send the communications need to be secured to work. Whenever even one of these elements is compromised, the entire message chain becomes readable as a whole. When using encryption-in-transit, the information can be protected more often than when using encryption from end to end, since the server can also read these messages. 

Senders and recipients of E2EE can only decipher the message to get into the intended recipient's mind.  It should be mentioned that end-to-end encryption, like many other methods of encryption, makes use of cryptography to convert readable text into indecipherable text by the use of cryptography. As a result of this technology, the user will be able to make sure their VPN is as secure as possible. This encryption technique protects users' messages from being read by anyone else besides users' intended recipient, thus keeping them safe from prying eyes and increasing the level of privacy users can maintain.  

It is a more secure method of encrypting data since it encrypts users' message before encrypting it and only decrypts the message when it is deciphered by the recipient's device, which is why it maintains users' data's security from beginning to end. There are several messaging services available today that use end-to-end encryption to ensure that users' communication is protected from unauthorized access and theft, which include WhatsApp, Signal, Telegram, and SMS messaging.  The most popular encryption method for end-to-end communication uses asymmetric cryptography, in which a public key and a private key are used to encrypt and decrypt data.

Public keys are issued by trusted certificate authorities, which are anonymous and accessible to the general public.  Decrypting messages is done by using a public key that is stored on a server. E2EE makes perfect sense for protecting communications because it prevents third parties from eavesdropping on conversations. Without it, cybercriminals could intercept and read sensitive information, including personal messages, files, and login details. Hackers could exploit this information to access accounts, steal credit card data, or even impersonate someone online. That said, not all messaging apps use end-to-end encryption, and even those that do might not have it turned on by default. 

It’s always a good idea to check and ensure that E2EE is enabled to keep users' conversations secure. But encryption doesn’t stop at messaging. If someone wants to protect all their online data, not just messages, using a Virtual Private Network (VPN) is a simple solution. A reputable VPN encrypts all internet traffic, so no one can spy on browsing activity, banking information, or file sharing. Even if a messaging service doesn’t offer end-to-end encryption, a VPN will automatically provide it, covering not only communication but all online activities.

Most VPNs use military-grade AES-256-bit encryption, which is incredibly secure and almost impossible to crack. Some VPN providers are even preparing for the future by offering post-quantum encryption. Quantum computers, once fully developed, could potentially break current encryption methods, so advanced VPNs are already adopting encryption methods designed to resist such threats. For example, NordVPN, one of the leading VPN providers, is already implementing these cutting-edge security measures. 

E2EE has been around for a while, with Pretty Good Privacy (PGP) being one of the first widely used applications for securing emails, stored files, and digital signatures. Nowadays, end-to-end encryption is common in messaging apps like Apple’s iMessage, Jabber, and Signal Protocol (formerly TextSecure Protocol). Even Point-of-Sale (POS) providers like Square use E2EE to help maintain PCI compliance and protect transactions. In 2019, Facebook made waves by announcing that all its messaging services would adopt E2EE. 

However, this sparked a debate. While E2EE ensures user privacy, law enforcement agencies argue that it makes it harder to police illegal activities, especially when it comes to child abuse on private messaging platforms. This debate continues, as companies balance the need for privacy with the demands for security and monitoring illegal content on their platforms.
Read more »
VPN
crypto industry Cyber Crime Cypto North Korea VPN

How North Korea is Exploiting the Crypto Industry

How North Korea is Exploiting the Crypto Industry

North Korean operatives have penetrated the blockchain world, and the covert operation has significant implications for global cybersecurity and the integrity of the crypto market.

Recent warnings from U.S. authorities highlight that North Korean IT workers are infiltrating tech and crypto companies, channeling their earnings to support the state's nuclear weapons program. A 2024 UN report states these workers generate up to $600 million annually for Kim Jong Un's regime. 

Hiring these workers, even unintentionally, violates U.N. sanctions and is illegal in the U.S. and many other countries. It also poses a significant security risk, as North Korean hackers often use covert workers to target companies.

North Korea's Cyber Arsenal

North Korea's cyber operations are nothing new, but their infiltration into the crypto industry represents a new frontier. Using fake identities and fabricated work histories, North Korean IT workers managed to secure positions in over a dozen blockchain firms. These operatives, often disguised as freelancers from countries like South Korea, Japan, or China, have leveraged the decentralized nature of the crypto industry to mask their origins and intentions.

The Crypto Industry's Blind Spot

The crypto industry's decentralized and often anonymous nature makes it an attractive target for cybercriminals. The article reveals how North Korean operatives exploited this blind spot, slipping through the cracks of standard vetting procedures. They infiltrated companies by providing fake credentials and using VPNs to obfuscate their actual locations. This tactic allowed them to access sensitive information and potentially manipulate blockchain networks.

Economic Warfare

North Korea's entry into the crypto industry is part of a broader strategy to circumvent international sanctions. By infiltrating blockchain firms, North Korean operatives can siphon off funds, conduct illicit transactions, and launder money. The stolen assets are then funneled back to the regime, bolstering its finances and supporting its nuclear ambitions.

Consequences and Countermeasures

The infiltration severely affects the targeted firms, exposing them to legal risks and undermining their credibility. It also raises broader concerns about the security of the crypto industry. To combat this threat, companies must adopt more stringent vetting processes, enhance cybersecurity measures, and collaborate with international agencies to identify and neutralize such threats.

Read more »
VPN
Compromised Passwords Data Breach Specops User Privacy VPN

Specops Unearths Millions of Compromised VPN Passwords

 

The moment a password is discovered, a virtual private network (VPN) becomes public quickly. In a report published last week, password management provider Specops Software revealed 2,151,523 VPN credentials exposed by malware over the past year.

One professional at the company revealed that many users aren't protecting, or even caring all that much about, a valuable network entrypoint based on the 2 million+ VPN passwords that were pulled from the company's threat-intelligence platform. 

“If we look at some of the content of those passwords, that’s where we really start seeing where there’s still, unfortunately, a general apathy around security, and password security in particular,” Darren James, senior product manager at Outpost24 (which acquired Specops in 2021), stated. 

This is Qwerty. The report's most popular passwords are certainly familiar to you; they are the usual consecutive numbers and versions of "password" and "qwerty." The top compromised password—found 5,290 times, according to Specops—is "123456.” 

And, in fact, 5,290 represents progress—a "quite low" figure, according to the Specops team, given that the information contained almost 2 million VPN passwords. "This could suggest that end users may have generally been using unique, or even strong passwords for their VPN credentials," according to the Sept. 17 blog. 

Even complex passwords can be stolen, according to James, when spyware known as keystroke loggers monitor logins and phishing emails trick users into disclosing VPN credentials. According to a recent report by cyber insurance provider At-Bay, self-managed VPNs accounted for 63% of remote-access ransomware attacks in 2023. 

While several VPN-specific discoveries suggested consumer-level vulnerabilities, given the linked email addresses, the analysis also revealed corporate risk. Several discovered passwords meet the length and complexity requirements for Active Directory in many organisations.

Specops researchers recommend blocking several of the alleged stolen business passwords, such as Abcd@123# and Lordthankyou2.

“Ultimately, it comes down to password reuse. Even if you’ve got a super-strong password, you need to be able to check that that password hasn’t become breached or hasn’t been stolen since the last time you’ve set it,” James added.
Read more »
Web browsing
Internet Privacy Tor project VPN Web browsing

Tor Project Assures Users It's Safe Amid Controversy of Deanonymizing Users

Tor Project Assures Users It' Safe Amid Controversy of Deanonymizing Users

Tor Project, A Privacy Tool

Tor is a privacy software used for keeping your identity secret by rerouting your web traffic through several nodes (computers) worldwide, which makes it difficult to track where the user traffic is coming from. In a change of events, an investigative report warned that law enforcement from Germany and across the have collaborated to deanonymize users via timing attacks. 

The Tor project, however, is trying to assure users that the network is still safe. The team behind Tor assures proper measures are followed for users using the latest versions, stressing that timing attacks is an old technique and solutions can mitigate it.

Catching Child Abusers Using Tor

Known for its privacy services, Tor is generally used by journalists and activists while communicating with sources to avoid censorship in countries that curb press freedom. The project boasts a long list of genuine users, but because of its secrecy, threat actors also use Tor to host illegal marketplaces and avoid law enforcement.

German portal Panorama has issued an investigative that says court documents revealed that law agencies use timing analysis attacks via Tor nodes in large numbers to track and arrest the main culprits behind the child abuse platform “Boystown.”

In the Tor timing attack, the users are deanonymized without abusing any vulnerabilities in the tool, the focus is on noticing the timing of data entering and exiting the network.

If the threat actor is controlling the Tor nodes or tracking exit and entry points, they can compare the entry and exit time data, and in case of a match, use the data to trace the traffick back to a particular user.

If the attacker controls some of the Tor nodes or is monitoring the entry and exit points, they can compare the timing of when data enters and leaves the network, and if they match, they can trace the traffic back to a particular person.

Tor’s Reply 

The Tor Project is not happy about not getting access to the court documents that can help them understand and verify security-related questions. “We need more details about this case. In the absence of facts, it is hard for us to issue any official guidance or responsible disclosures to the Tor community, relay operators, and users,” reads the Tor statement.

Read more »
VPN
Digital Security Online Activity Technology Torrent VPN

Can VPN Conceal Torrenting? Is it Safe to Torrent With a VPN?

 

Nowadays, keeping your internet behaviour private can seem impossible, especially if you torrent. This type of file sharing is strongly discouraged by both ISPs, which may throttle your internet connections if you are detected, and government organisations, which are looking out for copyright offences. 

So, what's the solution if you still want to torrent? A VPN (virtual private network). A VPN not only hides your traffic inside a private tunnel, preventing prying eyes from tracking you, but it also encrypts your data for further security. Below, I'll explain how torrents operate, if a VPN truly covers your torrent activity, and whether using a VPN to torrent is good for you. 

What is torrenting? 

Torrenting is a method of sharing files across a decentralised, peer-to-peer (P2P) network. Rather than downloading a full file from a single source, a torrent file is divided into "packets" that are downloaded/uploaded from multiple sources on the network simultaneously. This strategy minimises network load and accelerates the download process.

Torrenting is an excellent method for efficiently sharing and downloading files. However, decentralisation might have consequences. Torrenting is typically prohibited by internet service providers (ISPs) because it is frequently used to share pirated content, creating a liability for the ISP; and torrenting can consume a significant amount of bandwidth on the ISP's network. 

Furthermore, downloading and sharing data from many sources via torrents puts you at increased risk of malware and infections. When torrenting, you should use both a reliable VPN and efficient antivirus software to help mitigate these threats. 

Role of VPN

When you use your regular home internet connection, your ISP can monitor everything you do online. As previously stated, ISPs dislike torrenting (regardless of the content), and if you torrent regularly, your internet connection may be throttled. If you download something you shouldn't, your ISP can see it and may report your conduct to government officials, potentially resulting in a DMCA violation email and a significant penalty.

It just goes to explain how closely this type of conduct is being monitored. By employing a VPN, all of your traffic is diverted through the VPN's private servers rather than your ISP's, ensuring that your ISP cannot snoop on your online activities while connected. 

The VPN encrypts data to create a private tunnel. Most VPNs employ military-grade AES-256 encryption technology or something similar for all data that passes through their servers. This makes it unreadable to outside organisations, providing an additional layer of protection, especially when downloading torrent files. 

Finally, because your traffic is routed through VPN servers, the IP address allocated to your computer by your ISP is changed to that of the VPN's servers, ensuring that your activity cannot be traced back to your house. 

Furthermore, if your VPN has a certified no-logs policy, as it should, no record of your activities will ever be gathered or retained for further review. This is significant because law enforcement's most common data sharing request to VPN providers is for information on DMCA violations.
Read more »
VPN
Data Leak malware Middle East Palo Alto VPN

Threat Actors Install Backdoor via Fake Palo Alto GlobalProtect Lure

 

Malware disguising itself as the authentic Palo Alto GlobalProtect Tool is employed by malicious actors to target Middle Eastern firms. This malware can steal data and run remote PowerShell commands to further penetrate company networks. A reliable security solution from Palo Alto Networks that supports multi-factor authentication and offers secure VPN access is called Palo Alto GlobalProtect. 

The tool is frequently used by businesses to guarantee that partners, contractors, and distant workers may securely access private network resources. By utilising Palo Alto GlobalProtect as bait, it is evident that attackers target high-value business entities that use enterprise software, as opposed to random users.

Trend Micro researchers have not been able to figure out how the malware is delivered, but based on the bait employed, they believe the attack begins with a phishing email. It checks for indicators of running in a sandbox before executing its main code. Then it sends profile information about the compromised system to the command and control (C2) server. 

As an additional evasion layer, the malware encrypts the strings and data packets that will be exfiltrated to the C2. The C2 IP detected by Trend Micro used a newly registered URL containing the "sharjahconnect" string, making it appear to be a legal VPN connection portal for Sharjah-based offices in the United Arab Emirates. Given the campaign's targeting scope, this choice allows the threat actors to blend in with normal operations while minimising warning signs that could raise the victim's suspicion. 

Using the Interactsh open-source tool, beacons are sent out at regular intervals to communicate the malware status with threat actors during the post-infection phase. While Interactsh is a legal open-source tool employed by pentesters, its linked domain, oast.fun, has already been spotted in APT-level operations, such as the APT28 campaigns. However, no attribution was provided in this operation involving the Palo Alto product lure. 

The following commands were received from the command and control server: 

  • time to reset: Stops malware operations for a specified duration. 
  • pw: Implements a PowerShell script and sends the result to the hacker's server.
  • pr wtime: Reads or writes a wait time to a file. 
  • pr create-process: Starts a new process and returns the output.
  • pr dnld: Downloads a file from a specified URL. 
  • pr upl: Uploads a file to a remote server. 
  • invalid command type: Returns this message if an unrecognized or erroneous command is encountered.

Trend Micro reports that, while the attackers are unknown, the operation looks to be highly targeted, with unique URLs for the targeted companies and newly established C2 domains to avoid blocklists.
Read more »
VPN
Cyber Attacks PLCs Security Sensitive data VPN

Ewon Cosy+ Industrial Devices Vulnerable to Serious Security Exploits


 

Recently, severe security flaws were identified in the Ewon Cosy+ industrial remote access devices, which could allow attackers to gain complete control over the systems. This vulnerability presents a serious risk, as it could lead to unauthorised access, allowing attackers to decrypt sensitive data, steal credentials, and hijack VPN sessions to launch further attacks on industrial networks.

Root Access Exploits and VPN Session Hijacking

Security researcher Moritz Abrell from SySS GmbH brought these critical vulnerabilities to light during a presentation at DEF CON 32. The identified flaws could enable attackers to achieve root-level access on Ewon Cosy+ devices, providing them with the ability to decrypt protected firmware and data, such as passwords stored in configuration files. More alarmingly, attackers could obtain valid VPN certificates, enabling them to take over VPN sessions, thereby compromising the security of both the devices and the connected industrial networks.

Ewon, in response to these findings, issued a security update on July 29, 2024, which addresses these vulnerabilities in the latest firmware versions. The update tackles several issues, including data leaks through cookies, cross-site scripting (XSS) vulnerabilities, and improper encryption practices. Notably, the update fixes critical issues such as the ability to execute processes with elevated privileges and vulnerabilities that could allow attackers to inject malicious code.

How the Vulnerabilities Were Exploited

The Ewon Cosy+ system relies on a VPN connection that is managed through a platform called Talk2m, which uses OpenVPN for secure communication. Researchers found that it was possible to exploit a command injection vulnerability within the system, allowing unauthorised access to the device. Additionally, a persistent XSS vulnerability was discovered, which could be used to gain administrative control.

One particularly troubling vulnerability involved the storage of session credentials in an unprotected cookie, encoded in Base64. This flaw allows an attacker to gain root access by simply waiting for an administrator to log in to the device. With root access, attackers can install persistent threats, extract encryption keys, and decrypt sensitive firmware files. The presence of a hard-coded encryption key within the system further heightens the risk, as it can be used to extract even more sensitive data.

Risk of VPN Session Takeover

Among the concerning risks associated with these vulnerabilities is the possibility of VPN session hijacking. The Ewon Cosy+ devices communicate with the Talk2m platform via HTTPS, using mutual TLS (mTLS) for authentication. However, the system's reliance on the device's serial number for generating Certificate Signing Requests (CSR) poses a security flaw. An attacker could exploit this weakness by creating a CSR with a serial number matching the target device, thereby hijacking the VPN session and rendering the original device inaccessible.

Once the VPN session is taken over, the attacker can reroute the connection to their infrastructure, potentially intercepting critical data, such as programmable logic controller (PLC) programs, which are essential to the operation of industrial systems.

This is a reminder of the challenges faced in securing industrial remote access solutions. The potential for attackers to gain root access and hijack VPN sessions could have devastating consequences, not only for the individual devices but also for the wider industrial networks they are connected to.

Organisations using Ewon Cosy+ devices are strongly urged to apply the recommended firmware updates immediately and review their security protocols to minimise the risk of exploitation. Regular updates and stringent security practices are essential to protecting industrial systems from the developing threat of cyberattacks.

As attackers continue to exploit weaknesses in remote access tools, it is critical for companies to remain proactive in securing their systems. By addressing these vulnerabilities promptly and ensuring their systems are up to date, organisations can protect their infrastructure from the risks posed by these security flaws.


Read more »
VPN
Bug Exploit malware North Korea Organization security VPN

How North Korean Attackers Deployed Malware Via VPN Bug Exploit

How North Korean Attackers Deployed Malware Via VPN Bug Exploit

In a concerning event, North Korean state-sponsored have again displayed their advanced cyber capabilities by abusing flaws in VPN software updates to plant malware. The incident highlights the rising threats from state-sponsored actors in the cybersecurity sector. "The Information Community attributes these hacking activities to the Kimsuky and Andariel hacking organizations under the North Korean Reconnaissance General Bureau, noting the unprecedented nature of both organizations targeting the same sector simultaneously for specific policy objectives," NCSC said.

Attack Vector Details

The NCSC (National Cyber Security Center) recently detected two infamous North Korean hacking groups named Kimsuky (APT43) and Andariel (APT45) as the masterminds of these attacks. The groups have a past of attacking South Korean companies and have set their eyes on exploiting bugs in VPN software updates. Threat actors leveraged these flaws, gained access to networks, deployed malware, and stole sensitive data, including trade secrets.

How the attack works

The actors used a multi-dimensional approach to attack their targets. First, they identified and compromised vulnerabilities in the VPN software update mechanisms. Once the update started, the attackers secretly installed malware on the victim's system. The malware then set up a backdoor, letting the hackers build persistent access to the compromised network.

A key tactic used by attackers was to disguise the malware as a genuine software update. Not only did it help escape detection, but it also ensured that the dangerous malware was planted successfully. The malware was built to extract sensitive information, including intellectual property and secret business info that can be used for economic espionage purposes or can be sold on the dark web.

Learnings for the Cybersecurity Sector

The incident underscores important issues in cybersecurity, the main being the importance of strengthening software update mechanisms. Software updates are a routine part of keeping the system secure, and users trust them easily. This trust gives threat actors leverage and allows them to attack, as shown in this case.

The second issue, the attack highlights an urgent need for strong threat intelligence and monitoring. Organizations must stay on alert and constantly look out for signs of attacks. A sophisticated threat detection system and frequent security audits can help detect and mitigate possible threats before they can cause major damage.

Tips on Staying Safe

Here are some key strategies organizations can adopt for multi-layered security:

Regular patching and updates ensure all software like VPNs, are updated with the latest security patches, reducing the risk of flaws being abused.

Implementing a "Zero Trust Framework" which assumes internal and external threats, the model requires strict authorization for each user and device trying to access the network.

Using advanced endpoint protection solutions that can identify and respond to suspicious activities on individual systems.

Read more »
VPN security
CISA Cyber Attacks Ivanti Ivanti security flaws Ivanti VPN Exploitation Security Breach VPN VPN security

Lessons from the Ivanti VPN Cyberattack: Security Breaches and Mitigation Strategies

 

The recent cyberattack on Ivanti’s VPN software has prompted swift action from the Cybersecurity and Infrastructure Security Agency (CISA). This incident not only highlights the need for stronger cybersecurity measures but also raises important questions about exploit techniques, organizational responses to security breaches, and the escalating costs associated with downtime. 

The vulnerabilities in Ivanti’s VPN gateway allowed threat actors to bypass authentication and gain unauthorized access. Attackers could send maliciously crafted packets to infiltrate the system without needing to steal credentials, giving them access to user credentials, including domain administrator credentials. A second vulnerability enabled the injection of malicious code into the Ivanti appliance, allowing attackers to maintain persistent access, even after reboots or patches. Security researchers, including Mandiant, identified that Ivanti’s initial mitigations were insufficient. 

CISA warned that Ivanti’s interim containment measures were not adequate to detect compromises, leaving systems vulnerable to persistent threats. This uncertainty about the effectiveness of proposed mitigations necessitated CISA’s prompt intervention. The ability of attackers to gain persistent access to a VPN gateway poses significant risks. From this trusted position, attackers can move laterally within the network, accessing critical credentials and data. The compromise of the VPN allowed attackers to take over stored privileged administrative account credentials, a much more severe threat than the initial breach. In response to the breach, CISA advised organizations to assume that critical credentials had been stolen. 

Ivanti’s failure to detect the compromise allowed attackers to operate within a trusted zone, bypassing zero-trust principles and exposing sensitive data to heightened risks. The severity of the vulnerabilities led CISA to take the unusual step of taking two of Ivanti’s systems offline, a decision made to protect the most sensitive credentials. Despite later clarifications from Ivanti that patches could have been applied more discreetly, the miscommunications highlight the importance of clear, open channels during a crisis. Mixed messages can lead to unnecessary chaos and confusion. System-level downtime is costly, both in terms of IT resources required for shutdown and recovery and the losses incurred from service outages. 

The exact cost of Ivanti’s downtime remains uncertain, but for mission-critical systems, such interruptions are extremely expensive. This incident serves as a warning about the costs of addressing the aftermath of a cyberattack. CISA’s decision to shut down the systems was based on the potential blast radius of the attack. The trusted position of the VPN gateway and the ability to export stored credentials made lateral movement easier for attackers. 

Building systems based on the principle of least privilege can help minimize the blast radius of attacks, reducing the need for broad shutdowns. The Ivanti VPN cyberattack underscores the pressing need for robust cybersecurity measures. Organizations must adopt proactive infrastructure design and response strategies to mitigate risks and protect critical assets. Reducing the number of high-value targets in IT infrastructure is crucial. Privileged account credentials and stored keys are among the highest value targets, and IT leaders should prioritize strategies and technologies that minimize or eliminate such targets. 
Read more »
VPN
Cyber Security Data Safety IP Address User Privacy VPN

Here's How to Change IP Address Without VPN

 

The internet is becoming an increasingly important aspect of people's lives since it allows them to perform an array of activities with minimal effort. However, it is also becoming a more dangerous place, as many hackers harm you by breaking into your servers and networks and stealing your private data. Hiding or changing your IP address is one way to secure your online activity. In this article, we'll go over how to change it without a VPN and why you should use one. 

What is an IP address? 

IP addresses, often known as "internet protocol," are a string of digits that help identify the network that each individual is using. They will let you send and receive data across a network. They normally include a lot of data on your online activities, location, and data. They are an important aspect of the internet and how it functions. 

However, because it contains a large amount of private information about internet users, it can lead to a variety of issues and cybercrimes, which is why remaining safe and protected is critical, and one way to do so is to change your IP address, with or without a VPN. 

You may be wondering how you can change your IP address without using a VPN. That is possible, and to assist you change it so that you stay safe and keep your data secure, here are multiple ways to change IP address without VPN: 

Change your network: This is the most obvious and straightforward approach to change your IP address. Changing your network and using a new one will instantly generate you a new IP address. 

Tor Browser: When you use the Tor browser, nodes conceal your IP address when you connect to any network. The nodes will change every time you use them. That ensures your privacy as well. 

Disconnect the modem: If you unplug your modem for a few hours, you can get a new IP address when you turn it back on. 

Proxy server: Depending on the server you connect to, a proxy will mask and disguise your IP address before assigning a new one. 

Your internet service provider might be able to modify your IP address for you if you request it and provide an appropriate reason.
Read more »
Subscribe to: Posts (Atom)