Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label VPN. Show all posts

Hidden Dangers of Public Wi-Fi: What A Traveler Needs To Know

 

Public Wi-Fi networks have become ubiquitous in our modern world, offering convenience and connectivity to travellers and commuters alike. However, beneath the surface lies a web of hidden dangers that could compromise your privacy and security. As an expert in cybersecurity, it's crucial to shed light on these risks and provide travellers with the knowledge they need to protect themselves in an increasingly connected world. 

One of the most significant dangers of connecting to public Wi-Fi is the risk of falling victim to a cyberattack. These networks are often unsecured, making it easy for hackers to intercept sensitive information transmitted over them. From passwords to financial data, travellers risk exposing their most personal information to prying eyes. Another hidden danger of public Wi-Fi is the prevalence of rogue hotspots. 

These malicious networks are designed to mimic legitimate Wi-Fi networks, tricking unsuspecting users into connecting to them. Once connected, hackers can launch various attacks, from phishing scams to malware downloads, putting travellers' devices and data at risk. Furthermore, public Wi-Fi networks are often monitored by cybercriminals looking to steal valuable information from unsuspecting users. 

By intercepting unencrypted data packets, hackers can gain access to usernames, passwords, and other sensitive information, leaving travellers vulnerable to identity theft and fraud. To mitigate the risks associated with public Wi-Fi, travellers should take proactive measures to protect themselves and their data. One of the most effective ways to stay safe is to avoid connecting to public Wi-Fi networks altogether, especially when handling sensitive information such as online banking or email access. 

If connecting to public Wi-Fi is unavoidable, travellers should use a virtual private network (VPN) to encrypt their internet traffic and protect their data from prying eyes. Additionally, travellers should enable two-factor authentication on all their accounts to add an extra layer of security against unauthorized access. It's also essential for travellers to keep their devices and software up-to-date with the latest security patches and updates. 

By regularly updating their devices, travellers can patch known vulnerabilities and reduce the risk of falling victim to cyberattacks. In conclusion, while public Wi-Fi networks offer convenience and connectivity to travellers, they also pose significant risks to privacy and security. By staying vigilant and taking proactive measures to protect themselves and their data, travellers can minimize the hidden dangers of public Wi-Fi and enjoy a safer and more secure travel experience.

The Cyber Risks Of Using Unsecured Wi-Fi Networks And How To Avoid Them

 



In the hustle and bustle of our daily lives, public Wi-Fi has become a lifeline for many. Whether in coffee shops, airports, or local hangouts, the convenience of free Wi-Fi is undeniable. However, a recent study by NordVPN draws light on a concerning trend – 41% of Brits risk connecting to unsecured public Wi-Fi, despite being aware of the potential cyber threats. Let's break down why this matters and what you can do to protect yourself.


Understanding the Risks

Connecting to public Wi-Fi might seem harmless, but cybercriminals are ingenious opportunists. They can infiltrate your devices and compromise sensitive information. Even on seemingly secure sites, hackers can access your data, deposit malware, and use tactics like ARP spoofing and DNS poisoning. These techniques allow them to pretend to be your device, intercept data, and even lead you to malicious sites without your knowledge.

Recent advancements include malware components using Wi-Fi triangulation to determine your device's real-world location. The purpose of this geolocation remains unclear, but it could potentially be used for intimidation tactics. The good news is that having malware removal and antivirus programs installed can effectively combat infections and safeguard your device.


Safety Measures

To combat the risks associated with unsecured public Wi-Fi, consider using Virtual Private Networks (VPNs). These tools act as your cyber bodyguard by encrypting your online identity. This ensures your browsing history is not stored on your device. VPNs establish a secure connection between your device and a remote server, adding an extra layer of protection against potential threats on unsecured networks. They also allow you to hide your IP address and bypass content blocks or firewalls, enhancing both privacy and security. It's akin to sending a sealed letter through the internet. Choose reputable websites with secure connections when entering personal information online. 

Understanding the risks is crucial, but taking steps to protect yourself is equally important. Here's a user-friendly guide:

1. Avoid Unsecured Wi-Fi:

When possible, steer clear of unsecured public Wi-Fi. If you must connect, be mindful of the information you access.

2. Use VPNs:

Consider using a VPN to encrypt your online data, safeguarding your privacy while using public Wi-Fi.

3. Keep Software Updated:

Ensure your device has updated antivirus and malware removal tools to detect and prevent potential threats.

4. Stay Informed: 

Stay updated on the latest cybersecurity threats and best practices to navigate the digital landscape safely.


Public Wi-Fi is like leaving your front door unlocked; it's convenient, but it invites trouble. Hackers love unsecured Wi-Fi because it's an easy way to grab your sensitive data. By understanding these risks and implementing simple yet effective cybersecurity measures, you can enjoy the benefits of public Wi-Fi without falling victim to cyber threats. Prioritise your online safety and navigate the cyber world with confidence.


Ivanti US Faces Security Crisis, Threatening Worldwide Systems


In a recent development, a critical server-side request forgery (SSRF) vulnerability has been discovered in Ivanti Connect Secure and Ivanti Policy Secure servers, marked as CVE-2024-21893. Security experts have confirmed that this vulnerability is being actively exploited by multiple attackers, raising concerns over the security of affected systems worldwide. 

Let's Understand SSRF and Its Impact 

SSRF vulnerabilities allow attackers to send crafted requests from the vulnerable server, potentially leading to unauthorized access to internal resources, sensitive data exposure, or even full system compromise. Imagine you have a key to open doors in a building. Now, imagine someone tricks you into using that key to open doors you are not supposed to. That is what happens in an SSRF attack. 

Normally, a website can only talk to the outside world through your web browser. But in an SSRF attack, the bad guys make the website talk to other places it is not supposed to, like secret internal parts of a company's network or even random outside websites. This can lead to big problems. 

For example, if the website connects to a secret part of a company's network, the bad guys might steal important information. Or if it connects to a random website, it might give away sensitive data, like your passwords or credit card numbers. 

Ivanti and the Vulnerabilities 

Ivanti raised the alarm about a critical flaw in the gateway's SAML components on January 31, 2024. This vulnerability, identified as CVE-2024-21893, was immediately classified as a zero-day exploit, indicating that hackers were already taking advantage of it. Initially, the impact seemed limited, affecting only a small number of customers. 

However, the exploitation of CVE-2024-21893 opened the door for attackers to sidestep authentication measures and gain unauthorized access to restricted resources on vulnerable devices, specifically those operating on versions 9.x and 22.x. 

Now, according to the threat monitoring service Shadowserver, the situation has escalated. They have detected numerous attackers capitalizing on the SSRF bug, with a staggering 170 unique IP addresses attempting to exploit the vulnerability. This widespread exploitation poses a significant threat to the security of affected systems and the data they hold. 

The disclosure of CVE-2024-21893 revealed a series of critical vulnerabilities affecting Ivanti Connect Secure and Policy Secure VPN appliances. Alongside CVE-2024-21893, two other zero-day vulnerabilities, CVE-2023-46805 and CVE-2024-21887, were also identified on January 10, 2024, prompting Ivanti to release temporary mitigations. 

These vulnerabilities were exploited by the Chinese espionage threat group UTA0178/UNC5221, resulting in the installation of webshells and backdoors on compromised devices. Despite initial mitigations, attackers managed to bypass defenses, compromising even device configuration files. 

What Measures Company is Taking? 

Ivanti postponed firmware patches scheduled for January 22 due to the sophisticated nature of the threat. Given the active exploitation of multiple critical zero-days, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) has mandated federal agencies to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances. 

Only devices that have been factory reset and updated to the latest firmware should be reconnected. However, older versions without a patch remain vulnerable. While this directive is not compulsory for private organizations, they are strongly advised to assess the security status of their Ivanti deployments and overall environment, considering the potential risks posed by these vulnerabilities. 

About the Company 

Ivanti is a company based in Utah, USA, that makes different kinds of computer software for things like keeping your computer safe, managing IT services, tracking IT assets, managing all your devices from one place, controlling who has access to what, and managing the supply chain. It was created in 2017 when two companies, LANDESK and HEAT Software, joined together. Later, they also bought another company called Cherwell Software. Ivanti became more famous because of some big problems with the security of the VPN hardware they sell.

Which is Better: VPN or Microsoft Security Service Edge (SSE)?


In the ever-evolving world of artificial intelligence and cybersecurity threats, Microsoft has unveiled Microsoft Global safe Access, also known as Security Service Edge (SSE), serving as a ground-breaking solution for safe remote access. 

Designed to improve the connectivity between workplaces, cutting-edge technology provides a safe and convenient substitute for conventional VPNs. 

In response to the changing needs of network security, Microsoft has released Global Secure Access, which is presently in preview. Microsoft Entra Internet Access and Microsoft Entra Private Access are its two primary components. These elements combine network, identity, and endpoint access restrictions into a comprehensive solution when combined with Microsoft Defender for Cloud Apps. This makes it possible to access any program or resource securely from anywhere.

Microsoft Entra Internet Access

This service secures access to Microsoft 365, SaaS, and public interest applications. It protect online users, devices, and data against online threats, offering top-level security and visibility. 

Its features involves:

  • Prevention of token replay with compliant network checks. 
  • Application of universal tenant restrictions. 
  • Enriched logs for enhanced security. 
  • Deployment alongside third-party SSE solutions. 
  • Protection of user access to the public internet through a cloud-delivered, identity-aware Secure Web Gateway (SWG).

Microsoft Entra Private Access

Whether working remotely or in an office, Microsoft Entra Private Access guarantees secure access to corporate and private resources for users. Without the need for a VPN, it increases access to any private resource, port, and protocol. Important characteristics consist of:

  • Zero Trust-based quick access to a range of IP addresses and/or FQDNs. 
  • Per-app access for TCP apps. 
  • Modernization of legacy app authentication. 
  • Seamless end-user experience with integration into existing third-party SSE solutions.

Security Security Edge (SSE) vs VPN 

To illustrate the differences between Security Service Edge (SSE) and Virtual Private Networks (VPN), below is a brief comparison:

Security Service Edge (SSE)

  • Definition: SSE is a comprehensive framework for cloud-based security that combines several security services. It is intended to safeguard user-accessed data, apps, and resources regardless of where they are located. 
  • Components: Includes services like Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS). 
  • Security Approach: Emphasizes identification and context-based security. It ensures secure access based on user identification and context by operating under the principle of "never trust, always verify." 
  • Deployment: Cloud-native, offering global scalability and ease of deployment without the need for on-premise hardware. 
  • Access Control: Provides granular access control to applications and data, often integrating with existing identity management systems. 
  • User Experience: provides an unparalleled user experience because it does not need consumers to join a particular network. When it operates, it is transparent.

Virtual Private Network (VPN)

  • Definition: VPN technology connects distant users to an organization's network by building a safe, encrypted tunnel across the internet. 
  • Components: Primarily consists of VPN client software and VPN servers. 
  • Security Approach: Encrypts data in transit from the user to the VPN server. Once users authenticate and establish a VPN connection, it starts to trust them. 
  • Deployment: Can be cloud-based or on-premise, often requires specific hardware and software setup. 
  • Access Control: Usually grant access to the entire network, which can be a security risk if not managed properly. 
  • User Experience: Since users must establish a VPN connection in order to access corporate resources, the user experience may be less effortless. Performance problems and slower connections may occasionally occur.

Key Differences

  • Security Scope: SSE provides much better and a range of security services than the primarily encryption-based VPN. 
  • Access Control: Whereas VPNs frequently allow for more extensive network access, SSE offers more context-based and granular access management. 
  • Deployment and Scalability: SSE is scalable and cloud-native by nature, whereas VPNs may have hardware and network capacity limitations. 
  • User Experience: Compared to VPNs, which need an active connection and might reduce internet speeds, SSE often provides a more transparent and frequently faster user experience.

Overall, while VPNs provide secure network access, SSC offers a rather accurate, flexible and contemporary approach to security, appropriate for cloud-based organizations and distant work scenarios. In summary, while VPNs are effective for secure network access, SSE offers a more comprehensive, flexible, and modern approach to security, especially suitable for cloud-based environments and remote work scenarios.  

Nym's Decentralized VPN: A Game-Changer for Online Privacy


Nym, a privacy technology company, is getting ready to introduce a decentralized VPN (Virtual Private Network) that aims to completely change how we safeguard our online data and preserve our privacy in a quickly changing digital environment where online privacy is getting harder to define. An industry game-changer in the field of online security, this breakthrough is scheduled to launch in early 2024.

Nym's ambitious project has garnered significant attention from the tech and cryptocurrency community. With concerns about surveillance, data breaches, and cyberattacks on the rise, the need for robust online privacy solutions is more critical than ever. Traditional VPNs have long been a popular choice for protecting one's online identity and data. However, Nym's decentralized VPN takes privacy to the next level.

One of the key features of Nym's VPN is its decentralized nature. Unlike traditional VPNs that rely on centralized servers, Nym's VPN leverages a decentralized network, making it far more resistant to censorship and government intervention. This feature is particularly important in regions where internet freedom is limited.

Furthermore, Nym's VPN is powered by a privacy-centric cryptocurrency called NYM tokens. Users can stake these tokens to access the VPN service or earn rewards for supporting the network. This innovative approach not only incentivizes network participation but also ensures a high level of privacy and security.

The decentralized VPN is designed to protect users from surveillance and data harvesting by hiding their IP addresses and routing their internet traffic through a network of anonymous servers. This means that users can browse the web, communicate, and access online services without revealing their true identity or location.

In addition to its privacy features, Nym's VPN is being developed with a strong focus on speed and usability. This means that users can enjoy the benefits of online privacy without sacrificing their internet connection's speed and performance.

Since Nym is a big step toward a more secure and private internet, the IT industry is excited about its impending introduction. Users seeking to protect their online activity will have access to a cutting-edge, decentralized solution as 2024 draws near.

Nym's decentralized VPN stands out as a ray of light in a world where threats to internet privacy are omnipresent. Its distinctive approach to privacy, robust security features, and intuitive design have the power to revolutionize the way we safeguard our personal information and identities online. When Nym launches in early 2024, it will surely be a turning point in the continuous struggle to protect internet privacy in a connected society.

Enhancing Online Privacy: Google Trials IP Address Masking Option

 


Currently, Google is in the process of perfecting Gnatcatcher, which used to be called Gnatcatcher. Under the new name "IP Protection," Gnatcatcher is called more appropriately. By doing this, Chrome is reintroducing a proposal to hide users' IP addresses, thereby making it harder to track their activities across sites. 

When users add their computer to a network, it receives a unique address called an Internet Protocol (IP) address that indicates what it will do over the network. A number acts as a means of identifying the user's location on the network when they are connected. Messages must be delivered to the right location for a computer to communicate with another computer without the need for each computer to know the other's address. 

To track the user behaviour of sites and online services, IP addresses are used to create digital profiles that can be used for targeted advertising purposes on websites and online services. The fact that this tracking can be circumvented without third-party tools raises significant privacy concerns, as bypassing this tracking is not as straightforward as dealing with third-party cookies without using these tools. 

While navigating the web, Google recognizes that it is crucial to balance the requirement for a user's privacy with practical functionality. Essentially, the solution they have devised involves disguising the IP address of the user through the redirection of traffic from certain third-party domains through proxy servers, so that the IP address remains invisible for these domains even though traffic is coming from them. 

The IP Protection feature will initially be available as an opt-in service, so users will have the option of obfuscating their IP addresses from third parties whenever they wish. It was decided that IP Protection should be rolled out in stages to ensure regional considerations can be accommodated and to ensure that there is a shallow learning curve. The first phase of this initiative will have Google proxying requests to its domain to satisfy regional considerations. 

The proxies will only be accessible by US-based IP addresses for a short period until Google has fine-tuned the list of affected domains. For now, only US-based IP addresses can access them. Despite the possibility of tracking you, your IP address also plays a huge role in routing traffic, preventing fraud, as well as other important tasks that are required by the network. 

The Google IP Protection feature for Chrome was designed to do this by routing all third-party traffic from specific third-party websites through proxy servers to hide your IP address from those sites on the Internet. It is also pointed out that when this feature is introduced to Chrome users, it will be an opt-in feature. 

It is the responsibility of users to decide whether they wish to obscure their IP address from third parties or not, so IP Protection will be a feature they can opt in to. To accommodate regional differences and ensure a shallow learning curve, IP Protection will be rolled out in stages. Phase 0, which will be a proxying of Google's domains, will serve as the first step towards Phase 0. 

It is expected that this situation will continue until Google has had sufficient time to fine-tune the list of affected domains. In the beginning, those proxy servers will only be accessible to IP addresses from the US at least. 

It has been decided that Google to use a two-hop approach to improve privacy in the next phase, which will include Google managing the first hop while an external Content Delivery Network (CDN) will manage the second hop.

Ideally, IP addresses are a must-have for Internet traffic routing, fraud prevention, and a wide variety of other functions. Thus, Google has designed a system that will cover traffic routing, fraud prevention, and a wide variety of other functions while thwarting tracking at the same time. 

It is a feature of Google's 'The Privacy Sandbox' toolkit which has been known as 'Gnatcatcher' previously. It is specifically designed for users to be able to avoid being tracked between websites through their IP address. 

At first, this proxy will remain optional for users, and its implementation will be phased out, so each region is allowed to adapt to this innovation at its own pace. Google intends to facilitate a phased approach so that each region adapts to the new technologies at its own pace. It will be possible to only affect domains within third-party contexts at first, with an emphasis on tracking domains that are well known. 

Users do not want to reveal their IP addresses, which is why they use proxy servers or VPNs to hide their IP addresses. A proxy or a VPN masks the real IP address of a user by masking it with one of the proxy operator's IP addresses. Only the proxy operator or the VPN provider knows a user's real address. A proxy is being used by Google to hide the IP addresses of its users under its IP Protection proposal. 

The feature will be tested and rolled out in multiple phases due to the potential side effects it may cause. Google wants to learn as it goes. The first phase of the feature will only support users with IP addresses from the United States and will only work with a single Google-owned proxy that will only redirect requests to Google-owned domains. 

Google is interested in testing out the infrastructure without impacting any third-party companies that may be using it. In addition to services such as Gmail, Google also owns the Ad Services domain, which is used for advertising purposes. 

There is a small percentage of users who will be automatically enrolled by Google in the current phase, and these users must also be logged into Chrome to participate. In a future phase, Google plans to use a chain of two proxy servers to prevent both of the proxy servers from seeing both the origin IP address as well as the destination IP address. 

There have been some interesting developments recently when it comes to Google's privacy options, as it has now launched its Privacy Sandbox which is aimed directly at making third-party cookies a thing of the past. 

According to the company, cookies will be disabled in the year 2024. By combining IP Protection with third-party websites, data will be less likely to be gathered from multiple sites by third-party sites in the future.

Guard Your Data: The Pitfalls to Avoid on Public Wi-Fi Networks

 


Since remote and hybrid working has become increasingly prevalent, many office workers no longer have to be in the office constantly. Many people can work from their homes, but sometimes it is nice to change scenery – which is why some people work from cafes, coffee shops, or even unconventional locations such as a boat or van – even though working from home is a great option for many people. 

It is possible that working people may be on their way to work, or even on vacation, and need to be able to check in on e-mail, social media, or banking applications from an airport, hotel lobby, or conference centre as they go, such as while in an airport, hotel lobby, or conference centre.  

This will make it likely that the public spaces in which they stay will have free Wi-Fi available to all visitors. As a result of the venue's free Wi-Fi, customers can make use of the internet, which is useful for them, and could encourage them to stay in public areas for a longer period.  

It is common for public Wi-Fi networks not to be equipped with the necessary security measures called encryption, which scrambles the information that is sent from their computer or device to the router so strangers cannot access it. 

Cybercrooks could intercept the information that they send over these networks if there is no security measure in place to protect it from them. There are several security risks associated with public Wi-Fi, including hackers taking advantage of the lax security of the network to monitor users' Wi-Fi connection and steal their personal information and passwords, or even take over their accounts online if proper precautions are not taken.

Among the information gathered could be the passwords of bank accounts and social media accounts, as well as personal information. An internet snoop could also observe which websites the users visit and the data they enter into web forms, which could help access the information gathered. 

At the time, the conventional wisdom was that one should not access a bank website or social media account on a WiFi network while on a public Wi-Fi network. Today, they do not have to be as strict, however, that does not mean they should not be cautious. 

Their data should be protected by at least one layer of encryption so that at least one layer of encryption is applied to all of their data. To steal sensitive information from unsecured networks, cybercriminals use both their professional know-how and free tools to sneak in and take control of the network. 

Some of the information that they steal will include passwords, banking information, and personal information that could be used to steal someone's identity. Generally, bank websites and social media websites use Hypertext Transfer Protocol Secure (HTTPS), which is a secure version of the HTTP protocol, which is indicated in the address bar by the prefix "https://" or the lock icon. 

The data that you send to and from a website is encrypted in transit when you log into it with the HTTPS version of that website. A virtual private network (VPN) is a technology that allows WiFi users to route all their internet traffic through a trusted network such as a virtual private network (VPN). 

Although VPNs are often used to bypass geo-blocked content, they have many other great advantages including being secure. As a result, the traffic is encrypted and hidden, as well as routed through one of their servers. Whether Wi-Fi users are looking for a VPN that is reliable, secure, and convenient, the list of 2023's best VPNs is a good starting point, but Google One subscriptions also have a VPN that comes included with them. 

To make sure that the device does not automatically reconnect when people use public Wi-Fi, they must ensure they have disabled auto-reconnecting or have chosen the "forget this network" option when they are using public Wi-Fi. 

When auto-reconnect is enabled and the users' device is connected to a nearby network, their device is broadcasting to potential bad actors that they accept nearby networks as being on par with their home network and treat them as such. Threat actors may connect stealthily to their devices with the help of their SSIDs (network names) because devices recognize known networks by their SSIDs. 

How to Use Public Wi-Fi Safely  


Confirm the Network's Legitimacy

To ensure that the Wi-Fi network people are connecting to is authentic, make sure they look for official signs or consult the establishment staff to confirm its authenticity. Trustworthy networks reduce the risk of cyber threats. 

Steer Clear of Entering Sensitive Data

Do not enter confidential data, such as credit card details or passwords, while using public Wi-Fi. Keep your personal information private by refusing to enter sensitive data, such as passwords. By taking this precaution, there will be less chance of a breach of personal information. 

Employ a VPN for Added Security

Whenever people connect to a public Wi-Fi network, it is strongly advised that they should use a Virtual Private Network (VPN). VPNs encrypt their data and shield their digital activities from prying eyes.

VPN Intrusions From North Korea Expose Businesses to New Security Threats

 


FBI and Department of Justice officials revealed that several U.S.-based companies with employees working in information technology have hidden the fact that millions of dollars of wages are being sent secretly to North Korea for the purposes of its missile programs for years. 

In an announcement on Wednesday, the Justice Department announced that North Korean IT workers were used to provide remote and in-office assistance to companies in St. Louis and other parts of the country under false identities, the department said. 

A news conference held by FBI officials in St. Louis revealed that most of the money earned by these individuals was funnelled into the North Korean weapons program. It is still unclear when such a campaign began, however, investigators are convinced that thousands of North Korean freelancers have succeeded in securing jobs in US companies by concealing their identities for at least the last 5 years, even if they have only succeeded for a short period. 

The workers are suspected of using this money to buy weapons for Kim Jong Un, steal company secrets, and plant malware on company computers and devices. Both the South Korean and US authorities have updated their recommendations to employers following the latest evidence of North Korean agents working as freelancers for a company, in an attempt to help them avoid hiring them.     

An investigation involving the seizure of $1.5 million, as well as 17 domain names, has recently been announced by federal authorities as part of the ongoing investigation. A special agent with the FBI's office in St. Louis, Jay Greenberg, said that any company that hires freelance IT workers has a greater chance of hiring someone to take part in the scheme since they hire many freelance workers. 

Neither the officials nor the companies that have unknowingly hired North Korean workers have named the companies. According to court documents, the government of North Korea has dispatched thousands of skilled IT workers to live mainly in China and Russia as a means of deceiving businesses all over the world into believing they would be eligible for remote employment under a freelancer contract. 

It is estimated that North Korea's weapons programs receive millions of dollars in wages every year from the IT workers. The Justice Department asserts that in some cases, the North Korean workers gained access to computer networks and stole information from the companies they worked for to achieve their goals. 

As part of a hacking and extortion scheme that they kept access to, the agency asserted that they also retained access to future hacks. To make it appear as if they were working in the United States, Greenberg said the workers utilized various methods, including paying American citizens to use their Wi-Fi connections at home to make it look as if they were there. 

Since the start of 2022, there have been over 100 missile tests carried out by North Korea and the United States has expanded its military exercises with its Asian allies, in response to these test-firings in tit-for-tat response. Tensions on the Korean Peninsula have increased as a result of North Korea's testing. 

A joint statement made by state media, the North Korean government, and the North Korean military has come to the conclusion that the leader of the country Kim Jong Un believes nuclear weapons should be produced at an exponential rate, as well as that North Korea should be an important component of a coalition of nations opposed to the United States in a "new Cold War."

North Korean hackers working for the government claimed in February that they stole record-breaking virtual assets worth between $630 million and over $1 billion last year which was estimated by United Nations experts to be worth between $630 million and over $1 billion. 

An expert panel from the University of Chicago reported that hackers were using increasingly sophisticated techniques to access digital networks that were involved with cyberfinance, and they used those tools to steal information that could have been useful to North Korea's nuclear and ballistic missile programs from government officials, individuals and companies to build up the nuclear and ballistic missile programs. 

According to the FBI, employers should conduct an online background check when recruiting new employees to see if the same identity is linked to multiple profiles, and they should also record all interactions with prospective employees as necessary. 

If employers are concerned about online security, then they should always require their freelancers to turn off their private VPN when they access company networks to protect their data. In addition, business owners are also advised to adopt a strict zero-trust cybersecurity policy, in which sensitive proprietary information should not be accessed by remote employees when possible. 

Aside from the fact that North Korean hackers are mostly targeting the technology industry because of high salaries, it is also important to remember that it is just one of the areas in which North Korean hackers operate – John Hultquist, director of threat intelligence at Cybersecurity firm Mandiant, told the Associated Press on Monday. 

This FBI investigation reveals a covert channel for funnelling millions to North Korean missile programs via unsuspecting U.S. companies employing information technology staff. This alarming discovery highlights the urgency of safeguarding against such international cyber threats due to freelancers who work under false identities, raising security concerns and requiring enhanced hiring practices.

Risks of Free VPNs: Proceed with Caution

Virtual Private Networks (VPNs) have developed into an essential tool for protecting online security and privacy in today's digitally connected society. Despite the wide range of options, a sizable portion of consumers favour free VPN services. However, it's important to be aware of any risks connected to these ostensibly cost-effective alternatives before jumping on the bandwagon.

Free VPN services frequently have restrictions that limit how much security and privacy they can offer. They might impose a data cap, slow connection rates, or impose server access restrictions. 'You get what you pay for,' is true in the world of VPNs. 

Free VPNs' data logging rules are among their most alarming features. Numerous of these services gather and keep track of user data, including browsing patterns, IP addresses, and even private data. Data breaches or targeted advertising may result from the sale of this information to outside parties. This lack of transparency poses a serious threat to user privacy.

  • Security Vulnerabilities: An additional weakness of free VPNs is their insufficient security measures. The strong encryption methods that paying equivalents offer are frequently absent from these sites. Users become more vulnerable to online dangers as a result, leaving them open to potential hacks or attacks from online criminals.
  • Malware and Adware ConcernsFree: VPNs have a reputation for injecting viruses or bothersome adverts during customers' browsing sessions. These intrusive activities, not only damage user experience but also offer serious security threats. 
  • Unreliable Customer Support: Free VPN providers typically offer limited or no customer support, leaving users on their own if they encounter technical issues or need assistance with the service. This lack of support can be frustrating and potentially detrimental in critical situations.

With VPNs, quality is a function of price. Although they may be alluring, free VPN services carry a number of dangers that could jeopardize your online privacy and security. Prioritizing trustworthy, paid VPN services with strong security, open policies, and dependable customer support is crucial. Keeping your online identity secure is ultimately a worthwhile investment. 





Top 5 Ways to Encrypt Your Internet Traffic for Enhanced Securit

 

Encryption involves converting data into a format that is unreadable without the corresponding decryption key, thereby bolstering security and preventing unauthorized access.

Securing your internet connection with encryption is indeed possible, but it necessitates a multi-pronged strategy. Here are five approaches to encrypting your internet traffic:

1. Utilize a Private Browser:

Your browser serves as the primary gateway to the internet. If it doesn't shield you from tracking, other security measures won't be as effective. The Tor Browser stands out as a truly private option. It redirects traffic through a series of relays, encrypting it at each step. While it's indispensable for privacy-conscious tasks, its speed may be a limitation for everyday use. In such cases, browsers like Brave or Firefox, while not as robust as Tor, offer enhanced privacy and tracking protection compared to mainstream options like Chrome or Microsoft Edge.

2. Employ a VPN:

The use of a Virtual Private Network (VPN) is recommended, especially when combined with browsers other than Tor. A VPN enhances privacy and complicates efforts to track online activities. However, not all VPN providers are equal. It's crucial to choose one with robust encryption, a strict no-logs policy, protection against DNS leaks, a kill-switch feature, and reliable performance. Ensure thorough testing after selection, and extend VPN use to all devices, not just computers.

3. Embrace Encrypted Messaging Apps:

While a secure browser and VPN are crucial, using an encrypted messaging app is equally important. Opt for apps with end-to-end encryption, ensuring only the sender and recipient can read messages. Signal is highly recommended due to its reputation and emphasis on user privacy. Telegram offers a good alternative, especially for those seeking social features. WhatsApp, despite being owned by Meta, also provides end-to-end encryption and is more secure than many mainstream messaging apps.

4. Switch to an Encrypted Email Provider:

Email services from major companies like Google, Microsoft, and Yahoo collect substantial amounts of user data. By using their services, you not only contribute to Big Tech profits but also expose yourself to potential risks. Consider migrating to an encrypted email provider, which typically offer superior encryption, advanced security measures, and a focus on user privacy. While some advanced features may require payment, providers like ProtonMail, TutaNota, and Mailfence enjoy excellent reputations.

5. Invest in Encrypted Cloud Storage:

File storage plays a crucial role in internet traffic encryption, especially with the widespread use of cloud storage for personal data. Opt for providers offering end-to-end encryption and robust security practices. While numerous options are available, paid encrypted cloud storage services like Icedrive, pCloud, Tresorit, and Proton Drive provide reliable and secure solutions. Free options are scarce due to the substantial costs associated with providing this level of security and infrastructure.

By implementing these measures, you can significantly enhance the encryption of your internet traffic and fortify your overall cyber infrastructure. Additionally, consider local encryption and encrypting your entire hard drive for added security.

Navigating the Risks: Is Airport Wi-Fi Safe for Travelers?

Airport Wi-Fi has become a need for travelers in a time when keeping connected is crucial. It acts as a lifeline for anything from last-minute travel adjustments to professional correspondence. However, worries about its security have led some people to wonder whether utilizing public networks comes with any inherent risks.

According to a report by Explore.com, accessing airport Wi-Fi networks might not be as secure as one would hope. The convenience it offers often comes at the cost of compromised cybersecurity. Cybercriminals can exploit vulnerabilities in these networks, potentially gaining access to sensitive information.

Aura, a cybersecurity company, emphasizes that travelers should exercise caution when connecting to airport Wi-Fi. "Public networks are prime targets for cyberattacks. It's like leaving your front door unlocked in a high-crime area," warns their security expert. Hackers can employ various techniques, such as "Man-in-the-Middle" attacks, to intercept data transmitted over these networks.

MarketSplash echoes these concerns, urging travelers to take proactive measures. Using a Virtual Private Network (VPN) is one of the most effective ways to secure online activities. A VPN creates a secure tunnel between the device and the internet, encrypting data and making it significantly harder for cybercriminals to intercept.

Additionally, it's advised to avoid accessing sensitive information, like banking accounts or private emails, while on public Wi-Fi. Instead, it's safer to use cellular data or wait until connecting to a trusted network.

While these warnings might sound alarming, it's important to note that not all airport Wi-Fi networks are equally risky. Some airports invest heavily in cybersecurity measures, offering safer browsing experiences. As a rule of thumb, using well-known airports and verifying the network's legitimacy can reduce risks.

Airport Wi-Fi is a useful tool for travelers, but it's important to be aware of any security hazards. One can find a balance between staying connected and remaining secure by taking steps like using a VPN and avoiding important tasks on public networks. Better safe than sorry, as the saying goes. Travelers can avoid future hassles by making a minor investment in cybersecurity.

Akira Ransomware Unleashes a New Wave of Attacks via Compromised Cisco VPNs

 


The Cisco Network Security Division is aware of reports suggesting that malicious individuals are infiltrating organizations through Cisco VPNs that are not configured for multi-factor authentication with the Akira ransomware threat. In some instances, threat actors are targeting organizations that do not configure multi-factor authentication for their VPN users. Some instances have been observed where threat actors are targeting organizations that are not doing so. 

It has been verified by several cybersecurity firms that Cisco VPN products are being targeted with ransomware, and there are reports that the perpetrators are members of a relatively new gang known as Akira who have perpetrated the attack. 

Typically, this ransomware campaign is targeted at corporate entities to gain sensitive information about them and make money through charging ransoms as a means of obtaining this sensitive information. All members of Akira have to do to access their accounts is to log in to the VPN service by using their Akira account details. 

As part of Cisco's investigation of similar attack tactics, the company has actively collaborated with Rapid7. Thanks to Rapid7 for providing Cisco with a valuable collaboration over the last few months. To provide secure, encrypted data transmission between users and corporate networks, Cisco VPN solutions are widely adopted across a wide range of industries, primarily by employees who work remotely and rely on these solutions to do so. 

The Akira Ransomware Attack 


As of March 2023, there have been multiple instances of the Akira ransomware. To attack VMware ESXi servers, the group developed an encryptor for Linux that, like many other ransomware gangs, targets this server type.

If the ransom demands are not met, the threat actors responsible for the Akira ransomware will employ a variety of extortion strategies and they will run a website using the Tor network (with an IP address ending in .onion) that lists victims and the information they have stolen from them. To begin negotiations, victims are instructed to contact the attackers via a TOR-based website, through a unique identifier provided in the ransom message, that can be used to contact them. 

It was first discovered by Sophos researchers in May that the ransomware gang was abusing VPN accounts to breach a network with the use of "VPN access using Single Factor authentication." A person known as 'Aura', who responded to multiple Akira attacks as part of the Akira operation, shared on Twitter further information about how he and other incident responders dealt with incidents that were carried out using Cisco VPN accounts that were not protected by multi-factor authentication. 

Akira is a malicious program that targets not only corporations but also educational institutions, real estate, healthcare, manufacturing, as well as the financial sector. As part of its encryption capabilities, the Linux versions of Akira ransomware make use of the Crypto++ library to enable the encryption process on the target device. Akira offers only a limited number of commands, but there are no options to shut down VMs before encrypting them using Akira. 

With the -n parameter of the command, there is still the possibility of the attacker modifying the encryption speed and the chance that the victim's data can be recovered. Consequently, if the encryption speed is high, there is a slim chance that the victim who is hiding the data will be able to recover it with the help of a decryption tool. 

The first indication of Akira's activities was picked up by a cybersecurity firm based in the US in March 2023, called Arctic Wolf. Their research shows that small and medium-sized businesses worldwide have been the main target of attackers and that they have paid particular attention to the US and Canada in particular. Akira, as well as Conti's operators, have also been linked between the researchers. 

There was a recent report from the SentinelOne WatchTower, shared privately with BleepingComputer, that looked at the same attack method and speculated that Akira may have exploited a newly discovered vulnerability in Cisco VPN software that may be able to bypass authentication in the absence of the multi-factor authentication mechanism. 

In leaked data posted on the Akira group's extortion page, SentinelOne found evidence that the ransomware group used Cisco VPN gateways. At least eight instances were observed that displayed Cisco VPN-related characteristics, which shows that the ransomware gang is continuing to use Cisco VPN gateways as part of their ongoing extortion scheme. 

Implementing VPNs Without MFA


As a general rule, when an attacker tries to target VPNs or any other type of network services or applications, the first stage of their attack is to exploit an exposed service or application. In many cases, attackers focus on the fact that there is no multi-factor authentication (MFA) or there is a known vulnerability in VPN software in the form of software that has multi-factor authentication. 

Once the attackers have gained access to a target network, they attempt to breach the network using LSASS dumps (Local Security Authority Subsystem Service) to obtain credentials that will enable them to move further within the network and raise privileges if necessary. 

There have also been reports that this group has been using other tools, such as Living-Off-The-Land Binaries (LOLBins) or Commercial Off-The-Shelf (COTS) tools, or creating minidump files, to gather further intelligence about or pivot within the target network, as well as using other tools commonly referred to as Living-Off-The-Land Binaries (LOLBins) or Commercial Off-The-Shelf tools (COTS). 

Moreover, SentinelOne researchers observed that Akira operators maintained access to compromised networks by using the legitimate open-source remote access tool RustDesk which works similarly to RustDesk. It has been announced that cybersecurity company Avast has released a free decryptor that can be used by victims of the Akira ransomware to restore their valuable data without having to pay a ransom.

It was decided by the threat actors to encrypt their encryptors by patching them. By doing so, they would prevent victims from using them to recover data that was encrypted by the newer version of the encryption. Business users prefer Cisco VPN products due to their reliability and ease of use. 

Data transmission between networks/users can be made more secure with this technique, which is relied upon by organizations. Those who work in a hybrid or remote environment are expected to comply with it as a matter of course. That is why there might be a desire on the part of threat actors to exploit the vulnerability. Data loss and computer extortion attempts from ransomware operators can be prevented by organizations remaining vigilant and ensuring foolproof digital security measures.

Security Concerns Escalate as Unsafe VPNs Pose Major Threat to Businesses

New research conducted by Zscaler has revealed that an overwhelming majority of organizations worldwide are facing a significant issue with unsafe Virtual Private Networks (VPN). According to the report, a staggering 88% of these organizations expressed deep concerns about the potential for breaches stemming from VPN vulnerabilities. 

The primary worries among respondents were related to phishing attacks, accounting for 49% of the concerns, closely followed by ransomware attacks at 40%. These findings highlight the critical need for enhanced security measures and vigilance when using VPNs for regular business operations. 

What is VPN? 

A Virtual Private Network (VPN) plays a vital role in ensuring cybersecurity by establishing a secure and encrypted network connection for users accessing the internet via public networks. The encryption process employed by VPNs serves to safeguard sensitive data and communications, preventing unauthorized access. 

Furthermore, VPNs obscure users' online identities, making it difficult for malicious individuals to monitor their internet activities or compromise personal information. This real-time encryption and privacy mechanism offers organizations and individuals an added layer of online security, guaranteeing the confidentiality and integrity of data during internet usage. 

How VPN works? 

Imagine a Virtual Private Network (VPN) as your secret online protector. When you use a VPN, your internet traffic takes a detour through a special remote server managed by the VPN host. So, instead of your data directly coming from you, it appears to come from the VPN server. 

This clever trick hides your real IP address from your Internet Service Provider (ISP) and snoopy third parties. It's like wearing an invisible cloak online. The VPN acts like a filter, turning all your data into a secret code that nobody can understand. 

Even if someone manages to catch your data, it will be gibberish to them – totally useless. So, you can surf the web with peace of mind, knowing that your online activities stay private and secure. 

How is it becoming a threat? 

A significant number of organizations, almost half of those polled, reported being targeted by cybercriminals who exploited vulnerabilities in their chosen VPN services. The vulnerabilities mainly stemmed from using outdated protocols or experiencing data leaks. 

Over the past year, one-fifth of the organizations experienced at least one attack, while one-third encountered ransomware attacks specifically aimed at their VPNs. These findings highlight the importance of keeping VPN services up to date and implementing robust security measures to safeguard against potential threats. 

Another concerning aspect is the potential for third-party vendors to become targets of exploitation, leading to successful supply chain attacks. External users, such as contractors and vendors, often have varying security standards and may not provide adequate visibility to their partners. 

Managing external third-party access is a really tough challenge, as the researchers pointed out. Making sure these external connections are secure is super important because it helps prevent any possible breach that could mess up the entire network and compromise data integrity. It's like locking the doors tightly to keep the bad guys out.

To combat these challenges, businesses are turning to an exciting approach called Zero Trust architecture. Imagine it as a digital bouncer at the entrance of your network party. In this model, no one gets a free pass. Every user and device must prove their identity, even if they are already inside the trusted corporate network.

Picture this: before anyone can join the party, they have to show their ID, and their devices must pass a security check. Once they are in, they only get access to the areas they really need – no sneaking into the VIP section. It is all about granting the least privilege access to keep potential threats at bay.

By adopting Zero Trust, companies create a super-safe environment where everyone has to earn their place and only gets what they need. This way, the network stays protected from any unwelcome gatecrashers.


The Safety of VPN Use: A Closer Look

The usage of Virtual Private Networks (VPNs) has experienced an unprecedented surge in recent years, as individuals and organizations seek enhanced online privacy and security. However, amidst this widespread adoption of VPNs, it is crucial to question whether users are truly safeguarded in their digital endeavors. 

According to a recent report by Cybersecurity Insiders and Zscaler, VPN usage has reached an all-time high, with 78% of organizations employing VPN services to safeguard their network traffic. Additionally, a study conducted by Security.org revealed that 30% of internet users globally rely on VPNs for various purposes, including bypassing geo-restrictions, securing public Wi-Fi connections, and shielding their digital footprints from prying eyes.

While VPNs offer several benefits, such as encryption and anonymity, it is crucial to understand that not all VPNs are created equal. Some low-quality or free VPN services may pose significant risks to users' online safety. Dr. Max Vetter, Chief Cyber Officer at Immersive Labs, emphasizes this concern, stating, "A VPN is only as secure as its provider. Users must exercise caution when selecting a VPN service, as not all providers prioritize security and privacy."

In the pursuit of privacy and security, users often overlook the fact that their VPN provider may still have access to their online activities. Some VPN companies log user data, including browsing history and connection timestamps, raising concerns about privacy breaches. To ensure maximum protection, it is essential to choose a reputable VPN service that follows a strict no-logging policy.

Moreover, a VPN cannot shield users from all threats. It encrypts internet traffic and masks IP addresses, making it difficult for hackers or cybercriminals to intercept data. However, users must remain vigilant against other online risks, such as phishing attacks, malware, and social engineering. As Denis Legezo, Security Expert at Kaspersky, advises, "VPNs are not a panacea. They must be used in conjunction with other cybersecurity measures to ensure comprehensive protection."

It is worth noting that VPNs are not immune to vulnerabilities themselves. A recent industry report by Zscaler highlights that 91% of VPN services exhibit at least one potential security vulnerability. These vulnerabilities range from outdated protocols to weak encryption standards, putting users at risk. Regularly updating VPN software and opting for services with robust security protocols are essential steps in mitigating such vulnerabilities.

VPN Split Tunneling: A Better VPN Option?

 


As long as your VPN connection is encrypted, you can protect your privacy and security because you cannot see your IP address. A VPN is an application that offers users a secure tunnel through which they can send and receive data securely from and to their devices. 

A cybercriminal (crime ring, invasive advertiser, etc.) attempting to spy on your online activities so as to discover your VPN's IP address, instead of your own, which sabotages your privacy will be met with 'built-in encryption' which will prevent him from intercepting your traffic. 

Using a virtual private network can also be a great way to circumvent geographic restrictions on online content, allowing you to watch content that isn't available in your region or country.  

It would be extremely useful to have this feature while connected to a local area network (LAN), to be able to access foreign networks and at the same time protect bandwidth by accessing foreign networks. There is no need to worry about security threats when you are accessing a network printer or downloading sensitive files, for example.   

Due to the encryption applied to all data traveling through it, you may experience slower network speeds and bandwidth issues when using a VPN.

Split Tunneling - What Does it Mean? 

The splitting of tunnels is a feature that many VPN software providers offer so that you can choose which apps, services, and games connect to your VPN and which are connected to your standard Internet connection. An encryption-based VPN setup is different from regular VPN setups, which send all traffic on your system, regardless of its origins or destinations, through an encrypted tunnel on your system. Using split tunneling will allow you to use your standard connection when you wish to use your VPN and disable it when you desire additional security as you would need to do otherwise.  

Newer split tunneling techniques usually allow you to choose which apps you want to secure and which apps you want to leave open. It is possible to send some of the internet traffic through an encrypted VPN tunnel and allow the rest of it to travel through another tunnel that is available on the open internet through a VPN split tunnel connection. There is a default option in the settings of a VPN which routes 100% of the internet traffic through the VPN, but if you require higher speeds while encrypting certain data and being able to access the local devices, then splitting tunneling might be an option for you. 

You might find this to be a helpful feature if you are trying to keep some of your traffic private, yet at the same time want to maintain access to some device on your local network. Thus, you can have access to both local networks as well as foreign networks at the same time. Additionally, you can save some bandwidth in the process by using this method. 

The VPN Split Tunneling Process: How Does it Work?

Having the ability to split the tunnel through a VPN is a very useful feature because it allows you to select what data you wish to encrypt via a VPN and what data you wish to leave open for other users to see. Traditionally, a VPN is used to route your traffic over a private network through a tunnel that is encrypted to ensure integrity. 

Using VPN split tunneling, you can route some traffic from your applications or devices through a VPN. You can also point other applications or devices to the internet directly, while others are routed through an encrypted VPN.

If you want to enjoy the benefits of services that perform best when your location is recognized while enjoying the security of accessing potentially sensitive communications and data through this method, it may be particularly useful to you.  While considering this option, it is essential to keep in mind that there can be some security risks involved. 

Split tunneling is a technique that encrypts your traffic like a VPN and it comes with two main benefits: speed and security. The full tunnel option is the most secure because all traffic is routed through your VPN connection, making it the safest option; however, since there is so much traffic to be encrypted, it will also result in slower speeds. This is because when all traffic passes through headquarters, the infrastructure gets overloaded as well. 

Split tunneling allows you to only send a small amount of your traffic through a VPN, which means that things like video streaming and video calls will have better performance, and this will mean that the infrastructure in HQ will be under less strain because only part of your traffic goes through a VPN. 

Split tunneling is beneficial in terms of conserving bandwidth since it allows you to use less of it. You will be able to enjoy faster internet access by choosing certain applications to send traffic through the VPN server, which will not clog up your bandwidth as it will filter applications through the VPN server. 

It is planned to offer a complete split tunneling solution within the next few months as NordLayer works on this area. NordLayer is currently only able to assist us partially in resolving the use cases related to split tunneling. 

Split Tunneling is Advantageous for VPNs 

There may be a situation where VPN split tunneling is not a suitable choice for all organizations, but it is an option you can set up when setting up your VPN service. VPNs are often a problem for organizations with restricted bandwidth, primarily because the VPN is responsible for encrypting the data and sending it to a server located in another location at the same time. Without split tunneling, performance issues can result in the implementation of a virtual private network. 

Ensure Bandwidth Conservation

Split tunneling is a method that allows traffic that would have been encrypted on one tunnel to be sent through the other tunnel that is likely to transmit more slowly, as opposed to being encrypted by the VPN. In the case of routing traffic through a public network, there is no need to encrypt the traffic, which leads to improved performance. 

Connect Remote Workers Securely

Through a VPN, remote employees can have access to sensitive files and email that they would normally be unable to get to without a secure network connection. Additionally, their internet service provider (ISP) can also offer them access to other internet resources at a faster speed, allowing access to a wider variety of resources.

Developing a Network For the Local Area Network (LAN)

A VPN may prevent you from accessing your LAN when connected to it through encryption. Split tunneling allows you to use LAN resources like printers, while still utilizing VPN security and also having access to local resources like printers through your local network. 

Without the use of foreign IP addresses, stream content 

The ability to stream YouTube videos while traveling abroad is a very convenient way to get access to web services that rely on an IP address local to that area of the globe. When the split tunneling feature is enabled on the VPN, you will be able to use websites and search engines that work better when they know your location in your home country, and you will be able to access content in your home country by connecting to your VPN.

Free VPN Experiences Massive Data Breach, Putting Users at Risk

 

SuperVPN, a popular free VPN service, is said to have experienced a huge data breach, compromising over 360 million customer accounts. The leak is reported to have exposed 133GB of sensitive information, including user email addresses, originating IP addresses, and geolocation data. According to sources, the material exposed included secret programme keys, unique user identity numbers, and visited website logs. 

The size and scope of the breach highlight the importance of selecting a reliable free VPN service from the hundreds now available, as many fail to provide their users with adequate security cover - despite the fact that many people use a Virtual Private Network for privacy and security in the first place.

The SuperVPN data leak was first revealed on the vpnMentor website by security researcher Jerimiah Fowler, emphasizing the need of conducting thorough research when choosing a secure VPN provider. 

While the contents of this data breach appear to suggest otherwise, SuperVPN promises to offer extensive privacy protection on its help pages, claiming that it:  ‘…keeps no logs which enable interference with your IP address, the moment [sic] or content of your data traffic. We make express reference to the fact that we do not record in logs communication contents or data regarding the accessed websites or the IP addresses”.

In fact, this is the second major data incident involving the widely used free VPN programme. User information related to a few of dodgy providers was released to the tune of over 20 million customers in May 2022, while SuperVPN was also identified as a hazardous malware-ridden VPN programme as early as 2016.

According to Fowler, the situation is especially concerning because SuperVPN appears to be situated in China, a country that has strict regulations on internet usage and regulates the flow of information within its borders.

Rather than being alarmist or jumping on the anti-China bandwagon, Fowler is emphasizing the obvious conflict of interest when an online privacy tool is managed from a country with little to no online privacy. Indeed, he adds that the terms and conditions of SuperVPN included an Orwellian prohibition on "subverting state power, undermining national unity, undermining social stability, and or damaging the honor and interests of the State."

He advocates individuals looking for a VPN to "pay attention to where the company is based" since "certain countries are known for internet censorship (like China or Iran) or surveillance (like the US, the UK, and other members of the Fourteen Eyes alliance)."

Despite the SuperVPN data breach, using a VPN is essentially safe if you choose the proper one.  

Tackling the Top Initial Attack Vectors in Ransomware Campaigns

Ransomware attacks remain a major concern for organizations worldwide, causing significant financial losses and operational disruptions. A recent report by Kaspersky sheds light on the primary attack vectors used in ransomware campaigns, highlighting the importance of addressing these vulnerabilities to mitigate the risk of an attack.

According to the report, three common initial attack vectors account for the majority of ransomware campaigns: phishing emails, vulnerable remote access services, and software vulnerabilities. These vectors serve as entry points for threat actors to gain unauthorized access to systems and initiate ransomware attacks.

Phishing emails remain one of the most prevalent methods used by attackers to distribute ransomware. These emails often employ social engineering techniques to deceive users into opening malicious attachments or clicking on malicious links, leading to the execution of ransomware on their devices. It is crucial for organizations to educate employees about recognizing and avoiding phishing attempts and to implement robust email security measures to filter out such malicious emails.

Vulnerable remote access services pose another significant risk. Attackers target exposed Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) services, exploiting weak or compromised credentials to gain unauthorized access to networks. Organizations should implement strong authentication mechanisms, enforce secure password practices, and regularly update and patch their remote access solutions to mitigate this risk.

Software vulnerabilities also play a crucial role in enabling ransomware attacks. Threat actors exploit known vulnerabilities in operating systems, applications, or plugins to gain a foothold in networks and deploy ransomware. It is essential for organizations to establish a comprehensive patch management process, promptly applying security updates and patches to address known vulnerabilities.

To effectively combat ransomware campaigns, organizations should adopt a multi-layered security approach. This includes implementing strong perimeter defenses, such as firewalls and intrusion detection systems, to detect and block malicious traffic. Endpoint protection solutions that utilize advanced threat detection and prevention mechanisms are also critical in identifying and mitigating ransomware threats.

Regular backups of critical data are essential to recovering from ransomware attacks without paying the ransom. Organizations should ensure that backups are stored securely, offline, and tested regularly to verify their integrity and effectiveness in restoring data.

Reducing the risk of ransomware attacks requires addressing the three primary attack vectors: phishing emails, weak remote access services, and software flaws. Businesses may fortify their defenses and lessen the effects of ransomware events by implementing strong security measures, employee education, timely patching, and backup procedures.