Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label VPN. Show all posts
Wireless
Cyber Security CyberCrime CyberThreat Public Wifi safeguard TVS VPN WiFi Wireless

Approaches Users Can Implement to Safeguard Wireless Connections

 


The Wi-Fi network is a wireless gateway that connects homes and businesses to the Internet via the air, and it is typically provided by a router, which transmits data signals across the network. Mobile devices, laptops, and tablets can access online services using this signal without the need for physical cables. However, if these networks are not properly protected by passwords, they are vulnerable to unauthorised access.

The internet can be accessed by any device within range, regardless of whether it belongs to the homeowner, a guest, or an unknown third party. While wireless internet has many advantages over the internet, it also presents significant security risks, and wireless internet is no exception. If an insecure network is in place, nearby users might be able to see users' online activities, and this could lead to an exposure of their personal information to unauthorised sources. 

Moreover, when malicious actors exploit open networks to engage in illegal activities, such as spreading spam or accessing prohibited content, they may be held accountable by the network's registered owner. These risks underscore why Wi-Fi connections need to be securely protected with robust protection measures to prevent these threats from occurring. 

Understanding Wi-Fi Technology and Its Security Implications


There is a widespread use of a wireless networking technology called Wi-Fi that allows devices such as smartphones, laptops, tablets, and computers to connect to the internet without using physical cables at all. It is important to understand that wireless routers are currently the most common way that internet connections are made, serving as a central hub for all Wi-Fi-enabled devices within a range to receive internet access.

Despite the popular belief that Wi-Fi is an acronym, the actual term "Wi-Fi" is a trademark created by a marketing firm for commercial purposes to promote wireless network certification standards. Essentially, the principle behind Wi-Fi is that data is transmitted through radio waves in the form of a signal. To minimise network congestion and reduce signal interference, it uses two radio frequency bands — usually 2.4 GHz and 5 GHz — that are divided into channels so that signal interference can be minimised. 

A device that attempts to connect to a wireless network transmits data in binary form (the fundamental language used by computers) by using these radio waves when it attempts to connect. Upon receiving this data, the router relays it through a physical internet connection, such as a broadband cable, which establishes a connection with the online servers. End users can gain seamless access to the web virtually instantaneously, which allows them to access the web seamlessly. 

As much as Wi-Fi is popular, it can also expose a network to potential vulnerabilities, as well as its convenience. The security of unsecured networks and poorly configured networks can lead to unauthorised access, data theft, or surveillance by unauthorised users. If an internet connection extends beyond the boundaries of a property—also known as a "signal footprint"—it becomes available for use by anyone nearby, including potentially malicious individuals. 

Depending on the actor, network traffic may be intercepted, credentials may be captured, or even devices may be taken over if they are connected to the network. Users must manage their Wi-Fi settings and ensure that they are secure to reduce these risks. Several basic practices can be employed to improve digital safety and prevent intrusions, including monitoring connected devices, adjusting router configurations, and minimising signal exposure. 

In the past, home security has always been viewed in terms of physical safeguards like door locks, alarms, and surveillance cameras; however, as everyday life becomes increasingly digital, the protection of a household's online presence has become equally important. The risk of a cyber-attack on a home Wi-Fi network that is not secured poses a serious cybersecurity threat, but it often goes unnoticed. If cybercriminals are not adequately protected, they are capable of exploiting network vulnerabilities to gain unauthorised access.

In these cases, the attacker may install malicious software, intercept confidential information like credit card numbers, or even gain access to live camera feeds that compromise both privacy and safety. In extreme cases, attackers may install malicious software, intercept credit card information, or even hijack connected devices. To mitigate these risks, it is crucial to strengthen the security of users' home Wi-Fi networks. 

As a result of a properly secured network, users reduce the possibility of unauthorised access, prevent sensitive data from being exploited, and act as a barrier against hackers. As well as protecting the homeowner's digital footprint, it ensures that only trusted users and devices can access the internet, thus preserving speed and bandwidth and protecting the homeowner's digital footprint. 

In today's connected world, robust Wi-Fi security is no longer optional—it is now an integral part of modern home security.

Configuring a Wi-Fi network to maximise security is an essential step. 


It is important to remember that in addition to adopting general security habits, configuring the router correctly is also an important part of maintaining a reliable and secure wireless network. Numerous key measures are often overlooked by users but are essential in preventing unauthorised access to personal data. 

Set up strong network encryption. 


To keep Wi-Fi communication secure, all modern routers should support WPA3 Personal, which is the industry standard that offers enhanced protection from brute force attacks and unauthorised interceptions. When this standard is not available, there is always the possibility of using WPA2 Personal, which is a strong alternative to WPA3. In the case of older routers, users who have not updated their firmware or have not replaced their router hardware should take note that outdated protocols like WEP and WPA are no longer enough to provide safe and secure connections. 

Change the default router credentials immediately. 


The router manufacturer usually assigns a default username, password, and network name (SSID) to its routers, which information is widely available online, and which can be easily exploited. By replacing these default credentials with unique, complex ones, unauthorised access risk is significantly reduced. In addition to the password used by devices to connect to the Wi-Fi network, the router's administrative password is used to manage the router's settings.

Maintain an up-to-date firmware.


Keeping the router software or firmware up-to-date is one of the most important aspects of keeping it secure. If users intend to configure a new router or make changes, they should visit the manufacturer's website to verify the latest firmware version. 

When users register their routers with the manufacturer and choose to receive updates, they are assured to be informed about critical patches promptly. Users of routers provided by Internet Service Providers (ISPS) should verify whether the updates are automatically handled or if they need to be manually performed. 

Disable High-Risk Features by Default 


There is no denying that certain convenience features, such as Remote Management, Wi-Fi Protected Setup (WPS), and Universal Plug and Play (UPnP), can introduce security weaknesses. Though they simplify the process of connecting devices to a network, they are vulnerable to malicious actors if left active for extended periods. To minimise the potential for attack surfaces, these functions should be disabled during initial setup. 

Establish a Segmented Guest Network


The guest network is a unique way of enabling visitors to use the internet without gaining access to the main network or its connected devices by creating a separate guest network. This segmentation minimises the chance that a guest device could be compromised unintentionally by malware or spyware. Assigning a separate network name and password to the guest network reinforces this layer of isolation, so the guest network doesn't get compromised by the main network. 

The administrator should log out and lock down access to the system.


To prevent unauthorised changes to users' router settings, it is important to log out of the administrative interface after they have configured it. Leaving the administrative interface logged in increases the probability of accidental or malicious changes being made. There are other measures in place to protect their router. 

Turn on the router's built-in firewall.


In most modern routers, a built-in firewall prevents malicious traffic from reaching connected devices, as it filters suspicious traffic before it reaching the device. A router’s firewall can provide additional protection against malware infections, intrusion attempts, and other cyber threats. Users need to verify that the firewall is active in the router’s settings. 

Keep all connected devices secure.

A network's security is just one part of the equation. All connected devices, including laptops, smartphones, smart TVS, and Internet of Things appliances, should be updated with the latest software and protected by anti-virus or anti-malware software. In most cases, an intruder can gain access to a larger network using a compromised device. 

With a blurring of the lines between the physical and digital worlds and the ongoing blurring of the boundaries in which they exist, protecting users' home or office Wi-Fi network has become not just an issue of convenience but a necessity as well. Cybersecurity threats are on the rise, often targeting vulnerabilities within household networks that have been overlooked. 

As a precautionary measure to protect personal data, maintain control over bandwidth, and maintain digital privacy, users need to take a proactive, layered approach to wireless security, so that they can protect themselves against unauthorised access. As well as updating firmware, restricting access, monitoring device activity, and disabling exploitable features, it is crucial that users go beyond default settings. 

Users can create a resilient digital environment by treating Wi-Fi networks in the same manner as physical home security systems do—one that is resistant to intrusion, protects sensitive information, and guarantees uninterrupted, safe connectivity. By doing this, users can build a resilient digital environment. When it comes to protecting themselves against emerging cyber threats, it remains paramount to stay informed and vigilant about the latest developments in technology.
Read more »
VPN
Companies Online Services Privacy Switzerland VPN

Switzerland’s New Law Proposal Could Put VPN Privacy at Risk


Switzerland is thinking about changing its digital surveillance laws, and privacy experts are worried. The new rules could force VPN companies and secure messaging services to track their users and give up private information if requested.

At the center of the issue is a proposed change that would expand government powers over online services like email platforms, messaging apps, VPNs, and even social media sites. These services could soon be required to collect and store personal details about their users and hand over encrypted data when asked.

This move has sparked concern among privacy-focused companies that operate out of Switzerland. If the law is approved, it could prevent them from offering the same level of privacy they are known for.


What Could the New Rules Mean?

The suggested law says that if a digital service has over 5,000 users, it must collect and verify users’ identities and store that information for half a year after they stop using the service. This would affect many platforms, even small ones run by individuals or non-profits.

Another part of the law would give authorities the power to access encrypted messages, but only if the company has the key needed to unlock them. This could break the trust users have in these services, especially those who rely on privacy for safety or security.


Why VPN Providers Are Speaking Out

VPN services are designed to hide user activity and protect data from being tracked. They usually don’t keep any records that could identify a user. But if Swiss law requires them to log personal data, that goes against the very idea of privacy that VPNs are built on.

Swiss companies like Proton VPN, Threema, and NymVPN are all worried. They say the law could damage Switzerland’s reputation as a country that supports privacy and secure digital tools.


NymVPN’s Warning

NymVPN, a newer VPN service backed by privacy activist Chelsea Manning, has raised strong objections. Alexis Roussel, the company’s Chief Operating Officer, explained that the new rules would not only hurt businesses but could also put users in danger—especially people in sensitive roles, like journalists or activists.

Roussel added that this law may try to go around earlier court rulings that protected privacy rights, which could hurt Switzerland’s fast-growing privacy tech industry.


What People Can Do

Swiss citizens have time to give feedback on the proposal until May 6, 2025. NymVPN is encouraging people to spread the word, take part in the consultation process, and contact government officials to share their concerns. They’re also warning people in other countries to stay alert in case similar ideas start appearing elsewhere.

Read more »
zero Day vulnerability
Cyber intrusion Cyber Security CyberThreat DDoS FortiGate IoT IP Address Networkk Infrastructure ransomware-as-a-service (RaaS) VPN Vulnerabilities Firewalls zero Day vulnerability

Firewalls and VPNs Under Siege as Businesses Report Growing Cyber Intrusions

 


A security researcher has discovered an ongoing cyberattack that is active, exploiting a newly discovered vulnerability in Fortinet's FortiGate Firewalls to infiltrate corporate and enterprise networks and has been conducting this activity for some time. A security advisory published on Tuesday by Fortinet confirmed the existence of the critical security flaw known as CVE-2024-55591 and indicated that the vulnerability is currently being exploited in the wild. 

Nevertheless, cybersecurity experts are voicing their concerns over the possibility that malicious actors are exploiting this flaw as a zero-day vulnerability - a term that refers to a software vulnerability exploited before the vendor is made aware of or has issued a patch for it. According to a report by Fortinet, attackers may have actively targeted this vulnerability since at least December, many months before it was publicly disclosed and patched. 

In particular, organisations that heavily rely on FortiGate Firewalls for perimeter defence face a significant threat when the vulnerability is exploited by exploiting CVE-2024-55591. As a result of the vulnerability's criticality, enterprises should apply security updates as soon as possible and examine their systems for any indications of unauthorized access as soon as possible. Even though zero-day exploits remain a threat, this development highlights the fact that cybercriminals are increasingly focusing on foundational network infrastructure to gain a foothold in high-value environments. 

The use of virtual private networks (VPNs) as a critical defence mechanism against a variety of cyber threats has long been regarded as a crucial aspect of protecting digital communications from a wide range of threats. VPNs are effective in neutralising the risks associated with man-in-the-middle attacks, which involve unauthorised parties trying to intercept or manipulate data while it is in transit by encrypting the data transmissions. Through this layer of encryption, sensitive data remains secure, even across unsecured networks. 

One of the most prominent use cases for VPNs is that they serve the purpose of protecting people using public Wi-Fi networks, which are often vulnerable to unauthorised access. It has been shown that VPNs are significantly less likely to expose or compromise data in such situations because they route traffic through secure tunnels. Additionally, VPNs hide the IP addresses of users, thereby providing greater anonymity to users and reducing the possibility of malicious actors tracking or monitoring them. 

As a result of this concealment, network resources are also protected against distributed denial-of-service (DDoS) attacks, which often use IP addresses as a method of overloading network resources. Even though VPNs have been around for decades, their use today does not suffice as a standalone solution due to the increasingly complex threat landscape that exists in today's society. To ensure comprehensive protection against increasingly sophisticated attack vectors, it is important to integrate their capabilities with more advanced, adaptive cybersecurity measures. 

It seems that conventional security frameworks, such as Firewalls and VPN,s are becoming increasingly outpaced as the cybersecurity landscape continues to evolve due to the sophistication and frequency of modern threats, which have increased significantly over the past few years. Businesses across many industries are experiencing an increasing number of breaches and vulnerabilities, and traditional methods of addressing these vulnerabilities are no longer capable of doing so. 

Due to the widespread transition from on-premises infrastructure to remote and digitally distributed work environments, legacy security architectures have become increasingly vulnerable, forcing enterprises to reassess and update their defence strategies. Firewalls and VPNs were once considered to be the cornerstones of enterprise network security; however, in today's increasingly complex threat environment, they are having trouble meeting the demands. 

In the past, these technologies have played an important role in securing organisational boundaries, but today, the limitations of those technologies are becoming increasingly apparent as organisations transition to a cloud-based environment and undergo rapid digital transformation. In the year 2025, technological advances are expected to change the way industry operations are conducted—for instance, the adoption of generative artificial intelligence, automation, and the proliferation of Iot and OT systems. 

Despite these innovations, there are also unprecedented risks associated with them. For example, malicious actors use artificial intelligence to automate spear-phishing efforts, craft highly evasive malware, and exploit vulnerabilities more quickly and accurately than they could previously. In addition, as Ransomware-as-a-Service (Raas) is on the rise, the barrier to entry for hackers is dropping, enabling a broader set of threat actors to conduct sophisticated, scalable attacks on businesses. To respond effectively to the complexities of a digitally driven world, organisations must adopt proactive, adaptive cybersecurity models that are capable of responding to the challenges of this dynamic threat environment and moving beyond legacy security tools.

There has been a significant shift in cybersecurity dynamics that has led to a worrying trend: malicious actors are increasingly exploiting Virtual Private Networks (VPNs) as a strategy to gain an advantage over their adversaries. Since VPNs were originally developed as a way to enhance privacy and protect data, they are increasingly being repurposed by cybercriminals to facilitate complex attacks while masking their identity digitally. Because VPNs are dual-purpose devices, they have become instruments of exploitation, which poses a significant challenge for cybersecurity professionals as well as digital forensics teams to deal with. 

There is one particularly alarming technique for using VPN software to exploit vulnerabilities, which involves deliberately exploiting these vulnerabilities to bypass perimeter defences, infiltrate secure systems, and deploy malware without being it. When attackers identify and target these vulnerabilities, they can easily bypass perimeter defences, infiltrate secure systems, and deploy malware without being detected. 

Frequently, such breaches act as entry points into larger campaigns, such as coordinated phishing campaigns that attempt to trick individuals into revealing confidential information. Further, VPNs are known for the ability to mask the actual IP addresses of threat actors, a technique known as IP address masquerading, which enables them to evade geographical restrictions, mislead investigators, and remain anonymous when they launch cyberattacks.

In addition to enabling adversaries to circumvent Firewalls, VPNs also offer the option of encrypting and tunnelling, thus enabling them to penetrate networks that would otherwise be resistant to unauthorised access with greater ease. As a matter of fact, VPNs are often used as a means of spreading malicious software across unreliable networks. By using an encrypted VPN traffic, malware can be able to bypass traditional detection methods, thereby circumventing traditional detection methods. The shield of anonymity provided by VPNs can also be used by threat actors to impersonate legitimate organisations and initiate phishing campaigns, compromising the privacy and integrity of users. 

VPNs can also facilitate the spreading of Distributed Denial-of-Service (DDoS) attacks, which is equally troubling. As these networks are anonymised, it makes it difficult to trace the origin of such attacks, which hinders the development of appropriate response strategies and mitigation strategies. This paradox underscores the complexity of modern cybersecurity, since one security tool can serve both as a tool for cybercrime and a tool for security. 

Even though VPNs remain an important tool to keep users safe and anonymous, their misuse requires a proactive and multifaceted response. To combat this misuse, people need robust technological defences combined with ongoing awareness and education initiatives, which will help us address this misuse effectively. Only through such comprehensive measures can organisations ensure the integrity of VPN technology and ensure trust in the digital privacy infrastructure as long as the technology remains intact. 

Check Point has issued a formal warning regarding the active targeting of its VPN devices as part of an ongoing increase in cyber threats against enterprise infrastructure. As a result of this disclosure, people have been reminded again that there is a sustained campaign aimed at compromising remote access technologies and critical network defences. It is the second time in recent months that a major cybersecurity vendor has released such an alert in the past couple of months. 

According to Cisco, in April 2024, organisations are being warned about a widespread wave of brute-force attacks against VPNs and Secure Shell (SSH) services that are likely to impact several devices from Cisco, Check Point, SonicWall, Fortinet, and Ubiquiti, among others. In the first observed attack around March 18, attackers used anonymised tools, such as TOR exit nodes, proxy networks, and other techniques to obfuscate and avoid detection and block lists, to launch the attacks. 

In March of this year, Cisco had also noticed that passwords were being sprayed at their Secure Firewall appliances that were running Remote Access VPN (RAVPN) services. According to analysts, this is a reconnaissance phase, likely intended to lay the groundwork for more advanced intrusions to follow. Following a subsequent analysis by cybersecurity researcher Aaron Martin, these incidents were linked to a malware botnet dubbed "Brutus", which was previously undocumented. 

Over 20,000 IP addresses were found to be associated with this botnet that was deployed from both residential and cloud-hosted environments, which greatly complicated the process of attribution and mitigation. The threat landscape has only been compounded by Cisco's announcement that a state-sponsored hacker group, also known as UAT4356, has been utilising zero-day vulnerabilities found within its Firepower Threat Defence (FTD) and Adaptive Security Appliances to exploit zero-day vulnerabilities. 

Known by the codename ArcaneDoor, the cyber-espionage campaign has been ongoing since November 2023, targeting critical infrastructure networks as well as governments around the world as part of a broader cyber-espionage campaign. As the frequency and complexity of cyber attacks continue to increase, it is apparent that legacy perimeter defences are no longer adequate in terms of security. 

A layered, intelligence-driven approach to security includes detecting threats in real time, hardening systems continuously, and responding to incidents in a proactive manner. As well as strengthening cybersecurity resilience, fostering collaboration between public and private sectors, sharing threat intelligence, and providing ongoing training to employees can make sure that they remain ahead of their adversaries. There is no doubt that the future of secure enterprise operations is going to be determined by the ability to anticipate, adapt, and remain vigilant in this rapidly evolving digital age.
Read more »
VPN
At-Bay Cyber Security CyberCrime Cyberhackers CyberThreat Digital Threat RaaS Ransomware remote access VPN

Increasing Exploitation of Remote Access Tools Highlights Ransomware Risks

 


Among the latest findings from cybersecurity insurance provider At-Bay, ransomware incidents witnessed a significant resurgence in 2024, with both the frequency and the severity of these attacks escalating significantly. Based on the firm's 2025 InsurSec Report, ransomware activity rose 20 percent from the previous year, returning to the high level of threat that had been experienced in 2021, when ransomware activity soared to 20 per cent. 

There is an overwhelmingly large number of remote access tools and virtual private networks (VPNS) that have been exploited as entry points for these attacks, according to the report. In particular, mid-market organisations, particularly those with annual revenues between $25 million and $100 million, have been severely hit by this surge, with targeted incidents on the rise by 46 per cent. As a result of the At-Bay claims data, it is apparent that the severity of ransomware breaches has increased by 13 per cent year over year, highlighting how sophisticated and financially destructive these threats are becoming. 

It was also found that attacks originating from third parties, such as vendors and service providers, have increased by 43 per cent, compounding the risk. It is also important to note that the economic toll of these supply chain-related incidents increased by 72 per cent on average, which increased the overall cost associated with them. This study highlights the need to reassess the cybersecurity postures of businesses, especially those that are reliant on remote access infrastructure, as well as strengthen defences across the entire digital ecosystem. 

A study published by At-Bay highlights the widespread misuse of conventional cybersecurity tools, particularly those intended to enhance remote connectivity, as well as the deterioration of the effectiveness of traditional cybersecurity tools. Virtual private networks (VPNS) and remote access software, which are frequently deployed to ensure secure access to internal systems from off-site, are increasingly being repurposed as a gateway for malicious activities. 

As a matter of fact, At-Bay’s analysis illustrates a concerning trend that threatens the flexibility of work environments. Threat actors are frequently exploiting these same tools to get access to corporate networks, extract sensitive data, and carry out disruptive operations. Due to their visibility on the public internet, cybercriminals are actively searching for potential vulnerabilities in these systems to attack them. 

The Remote Access Tools are essentially a front door that provides access to your company's network and can typically be viewed by the general public. For that reason, remote access tools are prone to being attacked by attackers, according to Adam Tyra, Chief Information Security Officer for At-Bay's customer service department. In addition to this, the report highlights the disproportionately high risk posed by mid-sized enterprises, which generate annual revenue of between $25 million and $100 million. 

The number of direct ransomware claims has increased significantly within the segment, which highlights both the increased exposure to cyber threats as well as the potential limitations in resources available to defend against them. As part of this report, the authors point out that “remote” ransomware activity has increased dramatically, a tactic that has gained considerable traction among threat actors over the past few years. 

In 2024, this type of attack is expected to have increased by 50 per cent compared to the year before, representing an astounding 141 per cent increase since the year 2022. As far as traditional endpoint detection systems are concerned, remote ransomware campaigns are typically carried out by unmanaged or personal devices. In these kinds of attacks, rather than deploying a malicious payload directly onto the victim's machine, networks file-sharing protocols are used to access and encrypt data between connected systems by using the network file-sharing protocol. Therefore, the encryption process is often undetected by conventional security tools, such as malware scanners and behaviour-based defences. 

These stealth-oriented methodologies pose a growing challenge to organizations, particularly small and medium-sized businesses (SMBS), as a result of this stealth-oriented methodology. In the study conducted by Sophos Managed Detection and Response (MDR), the most common threat vector in the SMB sector is ransomware and data exfiltration, which accounted for nearly 30 per cent of all cases tracked within this sector. 

Even though sophisticated attack techniques are on the rise, the overall volume of ransomware-related events in 2024 saw a slight decline in volume compared with 2023 despite the rise in sophisticated attack techniques. There has been a marginal decrease in ransomware-as-a-service (Raas) incidents. 

The advancement of defensive technologies and the dismantling of several of the most high-profile ransomware-as-a-service (Raas) operations have both contributed to this decline. This combined study emphasises the urgent need for businesses to modernise their cybersecurity strategies, invest in proactive threat detection, and strengthen the security of their remote access infrastructure to combat cybercrime. 

With the development of ransomware tactics in complexity and scale, the resilience of organisations targeted by these threats has also evolved. As a result of these developments, organisations are increasingly expected to reevaluate their risk management frameworks to adopt a more proactive cybersecurity policy. To ensure that a robust defense strategy is implemented, it is imperative that remote access security systems are secured and access controls are implemented and advanced monitoring capabilities are deployed. 

Besides raising awareness of cybersecurity throughout the workforce and fostering close cooperation between technology and insurance partners, it is also possible to significantly reduce the risk of ransomware being a threat to organisations. In the wake of cyber adversaries that keep improving their methods, businesses will have to take not only technical measures to strengthen their resilience, but also a wide range of strategic measures to anticipate and neutralise emergent attack vectors before they can cause significant damage.
Read more »
VPN
Breach Cyber Security DomainControllers Hackers Ransomware Reconnaissance VPN

Majority of Human-Operated Cyberattacks Target Domain Controllers, Warns Microsoft

 

Microsoft has revealed that nearly 80% of human-operated cyberattacks involve compromised domain controllers, according to a recent blog post published on Wednesday. Alarmingly, in over 30% of these incidents, attackers use the domain controller—a central system in corporate IT networks—to spread ransomware across the organization.

A breached domain controller can give hackers access to password hashes for every user in the system. With these credentials, cybercriminals can identify and exploit privileged accounts, including those held by IT administrators. Gaining control of these accounts allows attackers to escalate their access levels.

"This level of access enables them to deploy ransomware on a scale, maximizing the impact of their attack," Microsoft stated.

One such attack, observed by the tech giant, involved a group known as Storm-0300. The hackers infiltrated a company’s systems by exploiting its virtual private network (VPN). After acquiring administrator credentials, they tried to access the domain controller through the remote desktop protocol (RDP). Once inside, they carried out a series of actions including reconnaissance, bypassing security measures, and escalating their privileges.

Despite the growing frequency of attacks, Microsoft emphasized the difficulty in protecting domain controllers due to their critical role in network management and authentication.

Defenders often face the challenge of “striking the right balance between security and operational functionality,” the blog noted.

To improve protection, Microsoft suggested enhancing domain controllers’ ability to differentiate between legitimate and malicious activity—an essential step toward minimizing server compromises.

Jason Soroko, senior fellow at cybersecurity firm Sectigo, stressed the importance of proactive security measures.

"Ultimately, even the most advanced defense mechanisms may falter if misconfigured or if legacy systems create vulnerabilities. Hence, vigilant customer-side security practices are critical to fortifying these systems against modern cyberthreats," Sectigo said.

While Microsoft offers strong protective tools, their success hinges on users maintaining up-to-date systems and activating features like multifactor authentication.


Read more »
Vulnerability
China Cybersecurity espionage Ivanti malware VPN Vulnerability

Chinese Cyber Espionage Suspected in New Ivanti VPN Malware Attack

 

A newly discovered cyberattack campaign targeting Ivanti VPN devices is suspected to be linked to a Chinese cyberespionage group. Security researchers believe the attackers exploited a critical vulnerability in Ivanti Connect Secure, which was patched by the Utah-based company in February. The attack is yet another example of how state-backed Chinese threat actors are rapidly taking advantage of newly disclosed vulnerabilities and frequently targeting Ivanti’s infrastructure.

On Thursday, researchers from Mandiant revealed that a group tracked as UNC5221 exploited a stack-based buffer overflow vulnerability to deploy malicious code from the Spawn malware ecosystem—an attack technique often associated with Chinese state-sponsored activity. Mandiant also identified two previously unknown malware families, which they've named Trailblaze and Brushfire. As seen in earlier attacks tied to Chinese hackers, this group attempted to manipulate Ivanti’s internal Integrity Checker Tool to avoid detection.

The vulnerability, officially tracked as CVE-2025-22457, was used to compromise multiple Ivanti products, including Connect Secure version 22.7R2.5 and earlier, the legacy Connect Secure 9.x line, Policy Secure (Ivanti’s network access control solution), and Zero Trust Access (ZTA) gateways. Ivanti released a patch for Connect Secure on February 11, emphasizing that Policy Secure should not be exposed to the internet, and that "Neurons for ZTA gateways cannot be exploited when in production."

Ivanti acknowledged the attack in a statement: "We are aware of a limited number of customers whose appliances have been exploited." The incident follows warnings from Western intelligence agencies about China's increasing speed and aggression in leveraging newly disclosed software vulnerabilities—often before security teams have time to deploy patches.

Many of the devices targeted were legacy systems no longer receiving software updates, such as the Connect Secure 9.x appliance, which reached end-of-support on December 31, 2024. Older versions of the Connect Secure product line, which were set to be replaced by version 22.7R2.6 as of February 11, were also compromised.

This marks the second consecutive year Ivanti has had to defend its products from persistent attacks by suspected Chinese state-backed hackers. Thursday’s advisory from Mandiant and Ivanti highlights a vulnerability separate from the one flagged in late March by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which had allowed attackers to install a Trojan variant linked to Spawn malware in Ivanti systems.
Read more »
VPN
Apple Data Privacy Data Regulation Google Internet Privacy VPN

Apple and Google App Stores Host VPN Apps Linked to China, Face Outrage

Apple and Google App Stores Host VPN Apps Linked to China, Face Outrage

Google (GOOGL) and Apple (AAPL) are under harsh scrutiny after a recent report disclosed that their app stores host VPN applications associated with a Chinese cybersecurity firm, Qihoo 360. The U.S government has blacklisted the firm. The Financial Times reports that 5 VPNs still available to U.S users, such as VPN Proxy master and Turbo VPN, are linked to Qihoo. It was sanctioned in 2020 on the charges of alleged military ties. 

Ilusion of Privacy: VPNs collecting data 

In 2025 alone, three VPN apps have had over a million downloads on Google Play and  Apple’s App Store, suggesting these aren’t small-time apps, Sensor Tower reports. They are advertised as “private browsing” tools, but the VPNs provide the companies with complete user data of their online activity. This is alarming because China’s national security laws mandate that companies give user data if the government demands it. 

Concerns around ownership structures

The intricate web of ownership structures raises important questions; the apps are run by Singapore-based Innovative Connecting, owned by Lemon Seed, a Cayman Islands firm. Qihoo acquired Lemon Seed for $69.9 million in 2020. The company claimed to sell the business months late, but FT reports the China-based team making the applications were still under Qihoo’s umbrella for years. According to FT, a developer said, “You could say that we’re part of them, and you could say we’re not. It’s complicated.”

Amid outrage, Google and Apple respond 

Google said it strives to follow sanctions and remove violators when found. Apple has removed two apps- Snap VPN and Thunder VPN- after FT contacted the business, claiming it follows strict rules on VPN data-sharing.

Privacy scare can damage stock valuations

What Google and Apple face is more than public outage. Investors prioritise data privacy, and regulatory threat has increased, mainly with growing concerns around U.S tech firms’ links to China. If the U.S government gets involved, it can result in stricter rules, fines, and even more app removals. If this happens, shareholders won’t be happy. 

According to FT, “Innovative Connecting said the content of the article was not accurate and declined to comment further. Guangzhou Lianchuang declined to comment. Qihoo and Chen Ningyi did not respond to requests for comment.”

Read more »
VPN
AI Cyber Attacks cyber resilience Internet phishing VPN

Experts Suggest Evolving Cyber Attacks Not Ending Anytime Soon

Experts Suggest Evolving Cyber Attacks Not Ending Anytime Soon

In a series of unfortunate events, experts suggest the advancement of cybercrime isn’t ending anytime soon.

Every day, the digital landscape evolves, thanks to innovations and technological advancements. Despite this growth, it suffers from a few roadblocks, cybercrime being a major one and not showing signs of ending anytime soon. Artificial Intelligence, large-scale data breaches, businesses, governments, and rising target refinement across media platforms have contributed to this problem. However, Nord VPN CTO Marijus Briedis believes, “Prevention alone is insufficient,” and we need resilience. 

VPN provider Nord VPN experienced first-hand the changing cyber threat landscape after the spike in cybercrime cases attacking Lithuania, where the company is based, in the backdrop of the Ukraine conflict. 

Why cyber resilience is needed

In the last few years, we have witnessed the expansion of cybercrime gangs and state-sponsored hackers and also the abuse of digital vulnerabilities. What is even worse is that “with little resources, you can have a lot of damage,” Briedis added. Data breaches reached an all-time high in 2024. The infamous “mother of all data breaches” incident resulted in a massive 26 billion record leak. Overall, more than 1 billion records were leaked throughout the year, according to NordLayer data

Google’s Cybersecurity Forecast 2025 included Generative AI as a main threat, along with state-sponsored cybercriminals and ransomware.

Amid these increasing cyber threats, companies like NordVPN are widening the scope of their security services. A lot of countries have also implemented laws to safeguard against cyberattacks as much as possible throughout the years. 

Over the years, governments, individuals, and organizations have also learned to protect their important data via vpn software, antivirus, firewall, and other security software. Despite these efforts, it’s not enough. According to Briedis, this happens because cybersecurity is not a fixed goal. "We have to be adaptive and make sure that we are learning from these attacks. We need to be [cyber] resilience."

The plan forward

In a RightsCon panel that Briedis attended, the discourse was aimed at NGOs, activists, and other small businesses, people take advantage of Nord’s advice to be more cyber-resilient. He gives importance to education, stressing it’s the “first thing.”

Read more »
Subscribe to: Posts (Atom)