Two serious vulnerabilities in virtual private networks (VPNs) have been discovered by a research team . These vulnerabilities had been dormant since 1996. It is possible to leak and read user traffic, steal information, or even conduct attacks on user devices by exploiting these vulnerabilities, which are present in practically every VPN product across all platforms. TunnelCrack is a combination of two common security flaws found in virtual private networks (VPNs). Even though a virtual private network (VPN) is designed to safeguard all of the data that a user sends, these attacks are able to circumvent this security. An enemy, for example, may take advantage of the security flaws to steal information from users, read their communications, attack their devices, or even just spill it all. Regardless of the security protocol that is utilized by the VPN, the uncovered flaws may be exploited and used maliciously. In other words, even Virtual Private Networks (VPNs) that claim to utilize “military grade encryption” or that use encryption methods that they themselves invented are vulnerable to attack. When a user joins to an unsecured Wi-Fi network, the initial set of vulnerabilities, which they  refer to as LocalNet attacks, is susceptible to being exploited. The second group of vulnerabilities, which are known as ServerIP attacks, are susceptible to being exploited by shady Internet service providers as well as by unsecured wireless networks. Both of these attacks involve manipulating the routing table of the victim in order to deceive the victim into sending traffic outside the secured VPN tunnel. This enables an adversary to read and intercept the data that is being sent.

The video that may be seen below demonstrates three different ways in which an attacker might take advantage of the disclosed vulnerabilities. In the first step of the attack, the LocalNet vulnerability is exploited to force the target to leak communications. This is used to intercept sensitive information that is being transferred to websites that do not have enough security, such as the victim’s account and password being exposed. They also demonstrate how an adversary may determine which websites a user is accessing, which is something that is not generally achievable when utilizing a virtual private network (VPN). Last but not least, a modification of the LocalNet attack is used in order to prevent a surveillance camera from alerting its user to any unexpected motion.

As the demonstration indicates, the vulnerabilities in the VPN may be exploited to trivially leak traffic and identify the websites that an individual is accessing. In addition, any data that is transferred to websites with inappropriate configurations or that is supplied by applications that are not secure may be intercepted.

Users may protect themselves by keeping the software for their VPNs up to date. Additionally, any data that is transferred cannot be stolen if a website is correctly set using HTTP Strict Transport protection (HSTS) to always utilize HTTPS as an additional layer of protection. These days, around 25 percent of websites are built in this manner. In addition, a few of browsers will now display a warning to the user if HTTPS is not being utilized. Last but not least, while they are not always error-free, most current mobile applications employ HTTPS by default and, as a result, also use this additional security.

In addition to being exploited to attack websites, virtual private networks (VPNs) sometimes defend outdated or less secure protocols, which presents an additional danger. These attacks now make it possible for an adversary to circumvent the security provided by a virtual private network (VPN), which means that attackers may target any older or less secure protocols that are used by the victim, such as RDP, POP, FTP, telnet, and so on.

LocalNet Attacks

The adversary in a LocalNet attack pretends to be a hostile Wi-Fi or Ethernet network, and they deceive the victim into joining to their network by using social engineering techniques. Cloning a well-known Wi-Fi hotspot, such as the one offered by “Starbucks,” is a straightforward method for achieving this goal. As soon as a victim establishes a connection to this malicious network, the attacker allots the victim a public IP address as well as a subnet. An illustration of this may be seen in the graphic below; the objective of the opponent in this case is to prevent traffic from reaching the website target.com:
The website target.com, which can be seen in the picture to the right, uses the IP address 1.2.3.4. The adversary will convince the victim that the local network is utilizing the subnet 1.2.3.0/24 in order to intercept traffic that is headed toward this website. The victim is told, in other words, that IP addresses in the range 1.2.3.1-254 are immediately accessible inside the local network. A web request will be sent to the IP address 1.2.3.4 if the victim navigates to target.com at this time. The victim will submit the web request outside the secured VPN tunnel because it believes that this IP address is immediately available inside the local network.

An adversary may potentially leak practically all of the victim’s traffic by assigning bigger subnets to the local network they have access to. In addition, although while the LocalNet attack’s primary objective is to send data outside the VPN tunnel, it may also be exploited in such a way as to prevent some traffic from passing through while the VPN is in operation.

ServerIP Attacks

In order to execute a ServerIP attack, the attacker has to have the ability to spoof DNS responses before the VPN is activated, and they also need to be able to monitor traffic going to the VPN server. Acting as a hostile Wi-Fi or Ethernet network is one way to achieve this goal; in a manner similar to the LocalNet attacks, this may also be done. The attacks may also be carried out via an Internet service provider (ISP) that is hostile or by a core Internet router that has been hacked.

The fundamental premise is that the attacker will attempt to impersonate the VPN server by forging its IP address. An attacker may fake the DNS answer to have a different IP address if, for instance, the VPN server is recognized by the hostname vpn.com but its actual IP address is 2.2.2.2. An illustration of this may be seen in the following image, in which the adversary’s objective is to intercept communication sent towards target.com, which has the IP address 1.2.3.4:

The attacker begins by forging the DNS reply for vpn.com such that it returns the IP address 1.2.3.4. This IP address is identical to the IP address of target.com. To put it another way, if you wish to leak traffic towards a certain IP address, you fake that address. After that, the victim will connect to the VPN server that is located at 1.2.3.4. This traffic is then redirected to the victim’s actual VPN server by the adversary, who does this to ensure that the victim is still able to successfully build a VPN connection. As a consequence of this, the victim is still able to successfully build the VPN tunnel even if they are using the incorrect IP address while connecting to the VPN server. In addition to this, the victim will implement a routing rule that will direct all traffic destined for 1.2.3.4 to be routed outside of the VPN tunnel.

A web request is now made to 1.2.3.4 whenever the victim navigates to target.com on their web browser. This request is routed outside of the secured VPN tunnel because of the routing rule that prevents packets from being re-encrypted when they are submitted to the VPN server. As a direct consequence of this, the web request is exposed.

The built-in VPN clients of Windows, macOS, and iOS were discovered to have security flaws by this study. Android versions 12 and above are not impacted by this issue. A significant portion of Linux-based virtual private networks (VPNs) are also susceptible. In addition, they discovered that the majority of OpenVPN profiles, when used with a VPN client that is susceptible to vulnerabilities, utilize a hostname to identify the VPN server, which may lead to behavior that is susceptible to vulnerabilities.

In order to keep customers safe, they worked together with CERT/CC and a number of other VPN providers to develop and release security upgrades over the course of a coordinated disclosure period of ninety days. Mozilla VPN, Surfshark, Malwarebytes, Windscribe (which can import OpenVPN profiles), and Cloudflare’s WARP are a few examples of VPNs that have been updated with patches. You can protect yourself against the LocalNet attack even if updates for your VPN are not currently available by turning off connection to your local network. You may further reduce the risk of attacks by ensuring that websites utilize HTTPS, a protocol that is supported by the majority of websites today.

The post TunnelCrack: Two serious vulnerabilities in VPNs discovered, had been dormant since 1996 appeared first on Information Security Newspaper | Hacking News.

A VPN connection allows a computer or mobile device connected to the Internet to send and receive data over shared or public networks as if it were a private network with all the functionality, security, and management policies of a private network. This is done by establishing a virtual peer-to-peer connection using dedicated connections, encryption, or even a mix of both methods.

These implementations have wide uses in business networks, such as connecting two or more branches of a company using the Internet as a link; allowing members of the technical support team to connect from their home to the computer center; or even allowing a user to access their home computer from a remote location, such as a hotel, all this using the Internet infrastructure.

The VPN connection over the Internet is technically a wide area network (WAN) link between the sites but appears to the user as if it is a private link (hence the designation “virtual private network”).

What are the main uses of VPN connections?

• Remote work: The most obvious use of a VPN connection is interconnectivity in networks that are not physically connected, such as workers who are currently out of the office or companies with branches in several cities that need access to a single network privately.
• Avoid censorship and geo-locking: VPN connections also have recreational uses, such as faking our IP addresses. When connecting to a VPN, your device communicates with the VPN server, and it is the VPN server that talks to the Internet. If you are in China and the VPN server is in the United States, the web servers believe that you are browsing from the latter, allowing you to access online content otherwise unavailable.
• Additional SECURITY LAYER: Logging into your online bank accounts through a public WiFi point is not actually secure. This is the ideal scenario to count on an extra security measure, since the packets would be sent blocked.

Main benefits of a VPN connection

• It works in all applications, as they route all Internet traffic.
• Easily connects and disconnects; once set, you can turn the connection on and off as you want to.
• Additional security in WiFi access points.
• Fake your location. A VPN connection is an effective way to bypass censorship or access content limited to a certain region.
• Your Internet service provider with a VPN won’t be able to know what you do on the Internet, but you must be careful as your VPN provider will still know your online habits.

Things to consider before getting a VPN service

There are a number of details to consider:

• Price: There are some free VPNs, but in most cases they have limited connections and you can’t expect much from them. A paid VPN service will always work better, but you should check prices and subscription details.
• Speed issues: If your VPN server is too far away, you will experience a lot of latency when browsing.
• Security is not foolproof: Just because the connection icon has a padlock, it doesn’t mean that it is secure (PPTP Protocol).
• You can’t always spoof your location: There are technologies able to triangulate and calculate your real IP address. This happens especially on mobile devices.

Surfshark, through its Try Surfshark Secure VPN service, offers its customers a comprehensive solution that meets companies’ security and availability needs. It enables users outside the company facilities to connect to the corporate private network easily and securely.

Besides, it allows establishing a secure communication channel between the offices of the same company, as it will help save costs, have a greater tolerance to any failure, greater service availability, more security, support and other benefits.

The post Why should you use a secure VPN connection? appeared first on Information Security Newspaper | Hacking News.

The use of virtual private network (VPN) solutions has become incredibly common over the past couple of years, although some interested users are still struggling to find the best option in a constantly growing market. Among these options, Surfshark has become one of the most eye-catching, highlighting its rapid growth and wide availability, so it is worth asking: Is Surfshark really a good option or is it just one more?

Below, we’ll look at the main features of this tool, as well as determine whether Surfshark can earn a spot among the best VPN solutions or fall against its main competitors in this Surfshark VPN review.

Is Surfshark different from other VPN services?

Like most of its counterparts, Surfshark boasts a great interface design, plus it supports cryptocurrency payment and is sustained by an impressive server infrastructure around the world. This does not mean that there are no characteristic features of this service, since Surfshark stands out for:

• Low prices: Surfshark’s annual plan is a bit more expensive than that of other large VPN companies, although this is compensated by offering two-year plans at a significantly lower cost than its competitors, as well as offering discounts of up to 80%
• Unlimited access: Unlike other companies, Surfshark allows access to the service on any number of devices simultaneously
• Warrant canary: Surfshark has official documentation that maintains that its service has never received disclosure orders from any authority, so its users can feel completely free when using the service

Generally speaking, these are the main features of Surfshark; in the following lines, we will address more specific features of the service.

Privacy & Security

For Surfshark developers, privacy and security are the most serious matter, and the implementation of the following characteristics is proof of their commitment with users’ experience:

• MultiHop: It allows to mask the user IP in the most advanced way possible, since this data is handled by a chain of VPN servers that eliminates any trace that leads to the identification of the user
• Camouflage Mode: This is an additional security protocol. By activating this protection, not even internet service providers could detect that their customers are using a VPN service
• Emergency Switch: This function disables the users’ Internet connection in case Surfshark systems fail, ensuring a completely safe environment under any possible circumstances

In addition to these advanced features, users can rely on Surfshark’s Privacy Policy to support all technical features of the platform. For example, Surfshark emphasizes the fact that sensitive information such as the real IP address of its users will never be stored, in addition to the fact that the company only safeguards minimal details about its users.

On the other hand, this service is fully compatible with privacy-focused platforms, such as ProtonMail, while its privacy terms are governed under the legislation of the British Virgin Islands, so it is complicated that the governments of other countries can demand access to the few data protected by Surfshark.

It’s clear that enhanced privacy is one of Surfshark’s strengths, although a VPN service must meet other features, mainly when it comes to the service’s performance.

Speed and locations

According to its own website, Surfshark operates more than 1,000 servers in more than 60 countries. While all servers are physical, some of the locations are digital: “For example, if you want to connect through Albania or Chile, you will get a local IP, but the server that properly handles your connection may be located in Germany or Colombia, respectively”, mention Surfshark website.

The company assures that this mode of operation does not affect the performance of the service, although it is possible that sometimes users find some content written in unfamiliar languages.

To test Surfshark’s speed, the SpeedTest and Fast.com tools were used, averaging a speed of 50 MB/s on both platforms. Below we can see the results of the most popular locations using Surfshark:

Connection speeds around the world on average are close to 30 Mb/s for SpeedTest and 20 Mb/s for Fast.com; a more than acceptable performance for an emerging VPN service, closely following the world’s leading VPN firms.

Conclusions

In conclusion, Surfshark offers virtually the same services as the big companies, only at a considerably lower cost, not to mention that this platform has additional security features and its focus on user privacy is much more attractive than that of its counterparts.

It is understandable that new users have more confidence in companies with more time in the market or that offer other payment plans, although cybersecurity experts do not see any significant advantage to consider that those companies offer an objectively better service than Surfshark, so it is certainly a great option to start using VPNs.  

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post How does Surfshark VPN stand up against its competitors? appeared first on Information Security Newspaper | Hacking News.

Cloud computing is changing out traditional way of communication and working system in a business. Previously, businesses could only access data through hardware. But now, users can access it anywhere, even with a mobile device. This technology allows you to store or access a program, application or data over the internet.

It can be categorized into three types:

1. The public cloud, a computing model delivered over the internet and shared across an organization or company.
2. Private cloud, which is only for your organization or company.
3. A combination of public and private clouds is called ‘hybrid cloud computing.

Well, the hybrid cloud computing model is an exciting offer in itself. It can have a different impact with the other two types, especially regarding cost and security. In addition, this hybrid model can be a solution for companies that require extra or spare capacity in their existing information technology infrastructure.

How important is it of using a hybrid cloud infrastructure model in enterprise data management? What can you do to protect your data?

Hybrid Cloud Computing Solutions Help Enterprises to Grow Their Businesses

Theoretically, hybrid cloud computing allows companies to use a private cloud for their IT, then equip the infrastructure with a public cloud to accommodate the occasional spike in traffic.

It depends on the design and architecture of the system that you implement. Still, many large organizations use the private cloud as the primary infrastructure, while the public cloud is a secondary or backup network used only when needed. 

In short, you use a public cloud for non-sensitive data to save costs but still have a private cloud for sensitive data security.

Hybrid cloud computing solutions can solve problems for companies that need additional capacity and resources quickly. If procuring new devices for the private cloud takes months, power and resource expansion in the public cloud can be done in minutes.

Benefits of Hybrid Cloud

1. Optimizing the Costs 

In the hybrid cloud, there is a process called cloud bursting. This process will help to expand workloads to the public cloud on demand when spikes occur. After that, it will scale back to the original server when the spike is complete.

Because of this, cloud bursting can help you overcome various problems, including cost and performance.

How could that be? This is because when you use a hybrid cloud, you can monitor the dashboard thoroughly. That way, you can adjust it to your needs, including budget adjustments in using hybrid clouds. You can save costs up to 24%!

2. Facilitate Infrastructure Repair

Sometimes, you will encounter obstacles such as damaged infrastructure and data due to certain factors. When this happens, it will usually cause panic. Not only is fear because the data/infrastructure cannot be recovered, but the repair costs are pretty large most of the time.

However, you can overcome this panic by using a hybrid cloud. The hybrid cloud system is equipped with a backup feature. This feature will undoubtedly make it easier for you to restore damaged data/infrastructure.

On the other hand, you can also migrate easily in stages, especially when you need a bigger cloud. Because of this convenience, many mid-to-high-end companies have switched to using hybrid clouds.

3. Maintain Better Data Security

Data becomes the most important asset when you decide to start a company or business. Without data, you will not be able to work optimally. This is one of the benefits of a hybrid cloud.

For this reason, it is not surprising that companies are looking for highly secure containers such as hybrid clouds to protect data. Hybrid cloud has the advantage of private cloud, securing essential data in the company. You can even share and store important data privately.

Hybrid Cloud Data Protection Tips

1. Make Sure to Have Decent Protection

The first simple step to add another layer of protection is by having a VPN service. Having premium services is always preferable to free ones. With the performance and protection features you can always depend on, you can be more confident in your data security.

Other than that, the VPN service also allows users to enter the internet without any interruption. So, you can now easily unblock Netflix using a VPN.

2. Choose the Right Cloud Storage Service

There are many cloud storage services and several options that will continue to grow in the years to come. This means that you owe it to yourself to research carefully and consider all available alternatives before using a particular service.

3. Save Multiple Copies of Data

One of the most significant risks of using cloud services is that the lifespan of the data you store is entirely out of your control. It could be that today you downloaded the data, and tomorrow morning it’s gone. Therefore, you should never use cloud storage as the sole location for storing data.

The post Everything About Hybrid Cloud Data Protection Tips appeared first on Information Security Newspaper | Hacking News.

This feature operates similarly to a VPN service in that it encrypts web browsing traffic and sends it through a relay to hide the user’s content, location, and IP address. All visited websites should only see the proxy IP address assigned by iCloud.

Just a few hours ago, a researcher discovered that it is possible to filter IP addresses through WebRTC, a browser API that allows websites to initiate direct communication between their visitors. This functionality has been the subject of multiple web security reports on previous occasions.

WebRTC communication is initiated using the Interactive Connectivity Establishment (ICE) framework, which requires collecting so-called “ICE candidates” such as IP addresses, domain name, ports, protocols, and other data. Subsequently, the web browser will return the ICE candidates to the browser applications.

On the other hand, researcher and developer Sergey Mostsevenko mentions that Safari passes ICE candidates containing real IP addresses to the JavaScript environment: “Deanonymizing this information becomes a matter of analyzing your real IP address of ICE candidates, something trivial and achievable with just a web application.”

The expert recommends switching to a real VPN service or disabling JavaScript in your Safari browser settings to disable WebRTC. Mostsevenko mentions that the vulnerability was fixed in the beta version of macOS Monterey, released this week.

Finally, the researcher mentions that a patch could also be available for Safari under iOS, in addition to the stable version is about to be released.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Zero-day vulnerability in Apple’s new iCloud Private Relay service for iOS 15 allows seeing user real IP addresses appeared first on Information Security Newspaper | Hacking News.

Tracked as CVE-2019-16651, the flaw was reported almost two years ago, although given its nature and delay in correction the technical details are known until now.

The researchers also claimed to have postponed their investigation for a year at the request of Virgin, which later acknowledged that its security teams were already working to find a solution to this flaw, described as an “external problem that could affect a small set of VPN clients.”

During its tests, Fidus was able to mount a DNS relay attack that revealed the IP address of a VPN user, for which it was only enough to redirect the target to a malicious website for a few seconds: “This attack variant turns the victim’s browser into a lethal weapon,” experts claim.

Experts managed to find the real IP addresses of multiple targets using some of the most popular VPN services today. It is important to mention that some providers seem to have this possibility, since in cases like this they can block access to a local IP address by default.

Still, experts believe that the risk to the privacy of millions of VPN users should not be underestimated, as this flaw is easily exploitable in the wild: “In theory, this flaw could be used on any popular website, revealing the true IP address of up to millions of users.”

Moreover, members of the cybersecurity community believe that it would also be possible for hacking groups sponsored by state actors to deploy large-scale exploitation campaigns of this flaw, which would put countless targets around the world at risk. In this regard, a Virgin spokesperson only commented that “hackers would require the conjunction of highly specific circumstances for a user to be affected, a possibility that is further reduced by talking about hundreds, thousands or millions of users.”

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post CVE-2019-16651: Vulnerability in Virgin Media Super Hub 3 routers allow determining the real IP address of VPN users appeared first on Information Security Newspaper | Hacking News.

Data leaks, ransomware, deep fake videos and audios, incredible hacking feats, the dark web – the cyber world gets scarier and scarier every day. What’s even scarier is that no one is safe – individuals, organizations, businesses, large corporations, and even entire industries are at risk. 

But besides hackers that wait around every cyber corner, we also have to be wary about internet giants, like Google and Facebook, who make a living out of invading our privacy and following us around wherever we go online. 

Luckily, both individuals and organizations have a few methods of protection they can use to reduce the risk of being hacked or followed online. A VPN (Virtual Private Network) is one such solution, and the offer is diverse enough so everyone can choose their favorite. 

But how do you actually choose a VPN solution? If you’re feeling a bit confused by the multitude of offers and features, below we listed the top five features to keep in mind:

#1: The Size of the Network

VPNs allow users to stay safe by creating a secure connection between their device and the server they select. Once the connection is established, the user’s real identity and location will be obscured and they can use the internet as a new persona, with a new identity and the location of the server they selected. 

Now this also means users can unblock geographically limited content (usually streaming platforms) or view sites that are not available in their country. 

Therefore, a reliable VPN solution should support a solid number of servers, in some of the most popular areas of the world. 

#2: Look for a Money-Back Guarantee Option

It’s important to understand that a free VPN solution is not really free (every business needs a source of income). Therefore, you should look for a paid solution, with good reviews, and a money-back-guarantee option. 

This way, you can download a VPN app for free, test it for a period of time, and see if it truly fits your needs.

#3: Experience on the Market

New VPN solutions and providers are everywhere you turn. Moreover, new companies and products pop up overnight, promising increased security and protection. 

Still, it’s best to select a reliable brand, supported by an experienced provider, with a wide range of customers. This way, you know the solution is working and people are happy to keep using it. 

#4: Data Caps

When you’re connected to the VPN, you will be navigating at their bandwidth and speed. This means that, even if your Internet Service Provider offers high-speed and unlimited uploads and downloads, your speed and data usage will be limited by the VPN. 

You will also notice that most solutions offer several monthly submissions. Usually, the free or the cheapest one is the one with the most limitations in speed and data usage. Also, you may be limited to only a few servers. However, even when you buy a more expensive package, you may still be limited since this is a resource shared by thousands of other users. 

#5: Read the Fine Print

The big promise of any VPN solution is complete anonymity and privacy online. But, when you read their Terms of Use, you’ll learn they keep logs and save some user data that can be used for user identification (at least partial). All these are normal and useful in preventing cyber crimes committed via their network. 

However, it’s equally important to know when they are willing to hand over the data and to who. This also depends on the country where the provider is located (their headquarters). 

Wrap Up

In summary, a reliable VPN helps you stay safe from a wide range of cyber attacks and privacy intruders, but you need to be careful when you’re choosing the provider.

The post 5 Important Things to Look Out For When Choosing a VPN (and Why) appeared first on Information Security Newspaper | Hacking News.

The flaw, reported by the Digital Defense team of researchers last August, is a root command injection condition that can be exploited remotely if it is possible to access the “Unified Services Router” web interface using the conventional Internet.

According to the report, hackers could use their access to intercept or modify traffic and even attack other connected devices on the same network. The company has already recognized the problem by publishing some details a few days ago and recognizing that some CGI LUAs are accessible without authentication, which could be abused to run a LUA library function to pass user input.

The following is a list that lists vulnerable router models:

D-Link explains that hackers could enter malicious data into a command designed to calculate a hash that is processed by the “os.popen()” function. Following the Digital Defense report, which concerned only the DSR-250 router model, D-Link assessed that the vulnerable firmware version powered the other models (DSR-250/N, DSR-500, and DSR-1000AC).

The company released firmware version 3.17B401C, which contains fixes for compromised models.

In addition, the researchers reported two other low severity failures. The first failure is an exploitable root command injection using Unified Services Router that requires authentication, while the last failure is a crontab injection that would allow arbitrary commands with root privileges to run.

The post Vulnerability in D-Link VPN routers could fully compromise your systems appeared first on Information Security Newspaper | Hacking News.

Pulse Secure is the company that has received the most reports lately, with a total of 10 vulnerabilities identified since March last year. The most severe of these flaws (tracked as CVE-2019-11510) could be exploited for arbitrary code execution. This vulnerability received a score of 10/10 on the scale of the Common Vulnerability Scoring System (CVSS).

According to reports from the National Security Agency (NSA), over the past year, more than 14,000 VPN servers were located exposed to the exploitation of this failure worldwide, in addition to the identification of active exploitation campaigns. Although Pulse Secure issued patches to fix this vulnerability in August 2019 network perimeter security experts from the US Cybersecurity and Infrastructure Security Agency (CISA) state that the installation of these patches has not been enough to prevent the exploitation of CVE-2019-11510.

According to CISA, threat actors could have access to compromised networks even after patch installation, as the vulnerability consisted of raw password extraction, and risk mitigation involved resetting VPN users’ passwords: “Despite security patches being released, we have detected security incidents involving the use of Exposed Active Directory credentials during the time after release, we have detected security incidents involving the use of Exposed Active Directory credentials during the time after release, we have detected security incidents involving the use of Active Directory credentials exposed during the time after release mitigations,” says CISA.

Threat actors reportedly used the Tor browser to connect to compromised environments and VPN servers to avoid detection. Hackers then create scheduled tasks, install remote access malware, and employ other tools to generate persistence on the target system, network perimeter security specialists mentioned.

CISA revealed a report on a specific attack, in which the threat actor attempted to sell the stolen credentials after completing numerous attempts to connect to a Pulse Secure deployment and install malware on the compromised system. This hacker (or hacker group) has been linked to other attack attempts.

In this regard, the International Institute of Cyber Security (IICS) recommends that any user, individual or corporate, of Pulse Secure VPN update their deployments as soon as possible, in addition to resetting their login credentials, to avoid exploiting this vulnerability.   

The post Pulse Secure VPN patch doesn’t prevent hackers spying on you appeared first on Information Security Newspaper | Hacking News.

Typically, when a user connects to a VPN, their device’s operating system closes all existing Internet connections and then resets them through the VPN tunnel. In iOS version 13.3.1, the operating system fails to close existing connections appropriately. Most connections are short-lived and eventually reset themselves through the VPN tunnel. However, some are persistent and can remain open for minutes, and even hours, outside the VPN tunnel.

For example, Apple push notification service, which maintains a long-lasting connection between the device and the company’s servers, information security awareness specialists say. Although the problem was detected at Apple, researchers say any other similar services could be affected. 

This flaw would allow user data to be exposed if the affected connections are not encrypted, although it should be mentioned that this would not be a normal situation. In fact, this condition could be able to generate an IP leakage scenario, which could allow threat actors to access to affected users’ data.

According to the information security awareness specialists, the most at-risk users are those living in countries where monitoring and monitoring online activities are common, such as China, besides other countries where civil and free Internet use rights scarce.  

The International Institute of Cyber Security (IICS) mentions that connections established after VPN is enabled are not affected by this security flaw. However, connections that are already running prior to VPN service enablement are compromised. Users are encouraged to expect an Apple update. Details about this vulnerability existing in other operating systems could be publicly disclosed in the near future.  

The International Institute of Cyber Security (IICS) also recommends checking the official platforms of the developers of this distribution to download the corresponding updates and find more details about these flaws.

The post IOS vulnerability prevents VPN networks from encrypting web traffic correctly appeared first on Information Security Newspaper | Hacking News.

Cyber attacks are on the rise, hundreds of thousands of new malware strains hit the web every day, and hackers are just waiting for you to use public WiFi so that they can spy on all your online communications.

And your privacy isn’t safe either – government agencies are doing everything they can to violate it. Also, your ISP sees every single thing you do online (yes, even if you use Incognito Mode), and they sell that info to the highest bidder.

There’s good news, at least – there are things you can do to protect yourself online:

Use Secure Email Providers

Not all email services are reliable. Popular providers like Yahoo! and AOL actually suffered data breaches. Not to mention they both scan emails for data to sell to advertisers.

And yes, Google does the same thing.

That’s why you need a service that respects your privacy. A secure email provider, like ProtonMail, would be an excellent choice.

The service is completely open-source, and it uses end-to-end encryption, has self-destructing emails, doesn’t log your IP address, and protects your data with privacy-oriented Swiss laws.

Oh, and there are two passwords that protect your account – not just one.

Use a VPN

VPNs are a great way to keep your data safe online.

For starters, they hide your IP address, preventing people from using it to find out personal details about you (where you live, what your ZIP code is, who your ISP is).

Also, a VPN encrypts your traffic, making it completely unreadable to anyone – hackers, ISPs, and government surveillance agencies.

The post Best Online Security Tools and Their Uses appeared first on Information Security Newspaper | Hacking News.

One of the challenging parts about picking a VPN (virtual private networking) – if you’re new to the market and technology – is understanding some of the terms that VPN services use and how they affect users. One of the more confusing terms thrown around is “split tunneling” which often makes new users pause. What is split tunneling, and why does it matter when you’re online?

Don’t worry: It’s not a difficult concept once you learn what split tunneling refers to! In fact, it’s all about having more control over how your VPN service operates when you use it. Here’s everything you need to know about the technology and why it could matter to you.

The Concept of VPN Tunneling

Before we get to split tunneling, lets talk about the VPN technology of tunneling: This is what enables a VPN to protect user information and privacy, so it’s core to the use of a VPN.

A “tunnel” is basically a route that the VPN creates to pass information back and forth online, inside the internet connection that someone is using. Inside this tunnel, everything has an extra layer of encryption managed by the VPN. Every packet of data sent through this tunnel is encrypted according to the protocols the VPN is using (there are many different types of encryption that the VPN can choose to use for this project, with newer protocols providing better protection ).

The tunnel itself is mostly a concept, while this encryption is what does all the work of protecting data as it journeys to and from destinations on the internet. This tunnel is useful because it’s very complete – it encrypts data from the moment it is sent. This means that ISPs (internet service providers) and others are unable to analyze this data or tell where exactly it’s coming from.

Of course, a VPN offers many additional services based on this encryption, such as the ability to choose which server your connection is using, but tunneling is the central purpose of a VPN and you need to understand it before we move on!

The Addition of Split Tunneling

Now we come to the concept of split tunneling. In a normal VPN tunnel, all the data you move online is encrypted, no matter what – that’s the point! A VPN makes great efforts to avoid data leaks from data that is accidentally not encrypted.

But in split tunneling, a portion of the data is moved aside and sent outside the tunnel. That means that it is not encrypted, and can be seen by ISPs, websites, etc. Meanwhile, the other data is still sent through the VPN tunnel and encrypted as usual. Your internet connection is essentially split between encrypted and unencrypted data.

How does the VPN choose which data doesn’t use the tunnel? Users tell it what to do. A VPN that enables split tunneling includes a number of options to choose what “types” of data or what sites should not use the VPN. This type of selection and rule-creation can become very complex if users want to dig into the details!

When Split Tunneling is Used

At first, split tunneling may sound very strange to users. After all, if the goal of a VPN is to protect privacy by masking an entire connection, doesn’t split tunneling ruin the whole concept?

Well, that depends on what you are using a VPN for. Those who want complete protection and anonymity probably won’t want to use split tunneling. But for other purposes, this option can be very useful. Here are a few examples of when split tunneling can come in handy for those who use VPNs in their everyday lives.

• Speed up whitelisted sites: A VPN protects privacy, but it can slow your internet connection down depending on how you use it. This is one reason many VPNs offer split tunneling. Surfshark’s split tunneling with Whitelister lets you target specific apps and websites for use outside of the VPN to help speed them up, without the need to constantly turn your VPN on and off based on what you’re doing.
• Using two regional services at the same time: Suppose you want a VPN to say your location is in Canada to access specific streaming content, but you also want access to content only available in the United States, preferably at the same time. Split tunneling allows you to seamlessly use two different server locations so that this can be done.
• Online banking: Online banking portals already have great protection, for obvious reasons, so there isn’t much that a VPN can add here. Additionally, online banking security may flag your connection if it looks like it’s coming from an unusual place, so a VPN may event cause additional problems here.
• LAN device setups: Some LAN setups won’t work with a VPN, so split tunneling allows for VPN use while maintaining access to the LAN, which can be handy in many business situations and some home setups (for example, you may not be able to access a network printer when you are on a full VPN).

Risks of Split Tunneling

Split tunneling is not without its risks. Websites and ISPs can track your activity, which you may want to avoid for privacy reasons. If using a VPN or specific sites are banned in your country, split tunneling can be dangerous because it may open up ways for the government to track you more easily. In some situations (although this isn’t common), using split tunneling may use up more data than only using a VPN, too.

Different Types of Split Tunneling

There are also a couple other types of split tunneling worth mentioning to help avoid confusion when choosing the right settings or understanding how tunneling works.

• Inverse Split Tunneling: Inverse split tunneling is a setup up where most of your internet data exists outside the VPN by default, and you choose a few services or devices where the VPN is activated. Depending on how much or how often you use a VPN, inverse split tunneling may be more useful for your than normal split tunneling, and you should look for VPNs that allow this.

IPv6 Dual Stacking: This is a bit more complicated, but essentially the internet is in the process of switching IP address protocols from IPv4 to IPv6. Unfortunately, that means that right now both address options are supported, and sometimes you can’t pick just one. To manage this – especially for businesses and developers – a unique type of split tunneling has been developed that allows users to use both IPv4 and IPv6 at the same time, bypassing any issues.

Enabling Split Tunneling on Your Device

First, you need to find a VPN, like Surfshark, that includes split tunneling options. There are many different ways to offer split tunneling, and each VPN offers its own tools for setting up the option and choosing what content or devices are split from the VPN tunnel.

The post Understanding How Split Tunneling Works and How You Can Use it appeared first on Information Security Newspaper | Hacking News.