Normal view
- Cybersecurity News and Magazine
- Norwegian National Cyber Security Centre Recommends Moving Away from SSLVPN and WebVPN
- CISO2CISO.COM & CYBER SECURITY GROUP
- How to Set Up & Use a VPN on Android (A Step-by-Step Guide) β Source: www.techrepublic.com
How to Set Up & Use a VPN on Android (A Step-by-Step Guide) β Source: www.techrepublic.com
Source: www.techrepublic.com β Author: Nicole Rennolds We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details. Trying to configure or set up a VPN on your Android? Learn how to get started with [β¦]
La entrada How to Set Up & Use a VPN on Android (A Step-by-Step Guide) β Source: www.techrepublic.com se publicΓ³ primero en CISO2CISO.COM & CYBER SECURITY GROUP.
New βTunnelVisionβ Technique Leaks Traffic From Any VPN System
A new VPN bypass technique allows threat actors to snoop on victimsβ traffic by forcing it off the VPN tunnel using built-in features of DHCP.
The post New βTunnelVisionβ Technique Leaks Traffic From Any VPN System appeared first on SecurityWeek.
New Attack on VPNs
This attack has been feasible for over two decades:
Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering.
TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloak the userβs IP address. The researchers believe it affects all VPN applications when theyβre connected to a hostile network and that there are no ways to prevent such attacks except when the userβs VPN runs on Linux or Android. They also said their attack technique may have been possible since 2002 and may already have been discovered and used in the wild since then...
The post New Attack on VPNs appeared first on Security Boulevard.
New Attack on VPNs
This attack has been feasible for over two decades:
Researchers have devised an attack against nearly all virtual private network applications that forces them to send and receive some or all traffic outside of the encrypted tunnel designed to protect it from snooping or tampering.
TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloak the userβs IP address. The researchers believe it affects all VPN applications when theyβre connected to a hostile network and that there are no ways to prevent such attacks except when the userβs VPN runs on Linux or Android. They also said their attack technique may have been possible since 2002 and may already have been discovered and used in the wild since then.
[β¦]
The attack works by manipulating the DHCP server that allocates IP addresses to devices trying to connect to the local network. A setting known as option 121 allows the DHCP server to override default routing rules that send VPN traffic through a local IP address that initiates the encrypted tunnel. By using option 121 to route VPN traffic through the DHCP server, the attack diverts the data to the DHCP server itself.
April updates for Windows 10 and 11 break some VPN software, Microsoft says
Microsoft is currently investigating a bug in its most recent batch of Windows 10 and Windows 11 updates that is preventing some VPN software from working properly. The company updated its list of known Windows issues to say that it has recreated the issue on its end and that it's currently working on a fix.
The VPN issue affects all currently supported versions of Windows: Windows 10 21H2 and 22H2; Windows 11 versions 21H2, 22H2, and 23H2; and Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, and 2022.
Microsoft says the problem was caused by update KB5036893, which was initially released on April 9, 2024. The update makes "miscellaneous security improvements to internal OS functionality," among a few other minor changes. The company hasn't provided specific information on what's been broken or what needs fixing, noting only that PCs "might face VPN connection failures" after installing the update.
Cisco: Multiple VPN, SSH Services Targeted in Mass Brute-Force Attacks
Cisco has observed an increase in brute-force attacks targeting web application authentication, VPNs, and SSH services.
The post Cisco: Multiple VPN, SSH Services Targeted in Mass Brute-Force Attacks appeared first on SecurityWeek.
A week in security (April 1 β April 7)
A list of topics we covered in the week of April 1 to April 7 of 2024
Last week on Malwarebytes Labs:
- 60% of small businesses are concerned about cybersecurity threats
- Cookie consent choices are just being ignored by some websites
- Bing ad for NordVPN leads to SecTopRAT
- Jackson County hit by ransomware, declares state of emergency
- Google patches critical vulnerability for Androids with Qualcomm chips
- Google Chrome gets βDevice Bound Session Credentialsβ to stop cookie theft
- AT&T confirms 73 million people affected by data breach
- Trusted Advisor now available for Mac, iOS, and Android
- 2024 State of Malware in Education report: Top 6 cyberthreats facing K-12 and Higher Ed
- Free VPN apps turn Android phones into criminal proxies
Stay safe!
Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
Free VPN apps turn Android phones into criminal proxies
Researchers at HUMANβs Satori Threat Intelligence have discovered a disturbing number of VPN apps that turn usersβ devices into proxies for cybercriminals without their knowledge, as part of a camapign called PROXYLIB.
Cybercriminals and state actors like to send their traffic through other peopleβs devices, known as proxies. This allows them to use somebody elseβs resources to get their work done, it masks the origin of their attacks so they are less likely to get blocked, and it makes it easy for them to keep operating if one of their proxies is blocked.
An entire underground market of proxy networks exists to service this desire, offering cybercriminals flexible, scalable platfroms from which to launch activities like advertising fraud, password spraying, and credential stuffing attacks.
The researchers at HUMAN found 28 apps on Google Play that turned unsuspecting Android devices into proxies for criminals. 17 of the apps were free VPNs. All of them have now been removed from Google Play.
The operation was dubbed PROXYLIB after a code library shared by all the apps that was responsible for enrolling devices into the ciminal network.
HUMAN also found hundreds of apps in third-party repositories that appeared to use the LumiApps toolkit, a Software Development Kit (SDK) which can be used to load PROXYLIB. They also tied PROXYLIB to another platform that specializes in selling access to proxy nodes, called Asocks.
Protection and removal
Android users are now automatically protected from the PROXYLIB attack by Google Play Protect, which is on by default on Android devices with Google Play Services.
The affected apps can be uninstalled using a mobile deviceβs uninstall functionality. However, apps like these may be made available under different names in future, which is where apps likeΒ Malwarebytes for AndroidΒ can help.
Recommendations to stay clear of PROXYLIB are:
- Do not install apps from third-party websites.
- Do not install free VPNs.
- UseΒ Malwarebytes for Android.
Victims of novel attacks like PROXYLIB might notice slow traffic, because their bandwidth is in use for other purposes. And at some point their IP address may be blocked by websites and other services.
The researchers included a list of applications they uncovered as part of PROXYLIB. If you installed any of the apps on the list before they were removed from Google Play you will need to uninstall them.
We donβt just report on privacyβwe offer you the option to use it.
Privacy risks should never spread beyond a headline. Keep your online privacy yours by usingΒ Malwarebytes Privacy VPN.