The Hacker News — Cyber Security, Hacking, Technology News

PornHub wants you to keep your porn viewing activities private, and it is ready to help you out with its all-new VPN service.

Yes, you heard that right.

Adult entertainment giant PornHub has launched its very own VPN service today with "free and unlimited bandwidth" to help you keep prying eyes away from your browsing activity.

Dubbed VPNhub, the VPN service by PornHub is available for both mobile as well as desktop platform, including Android, iOS, MacOS, and Windows.

VPN, or Virtual Private Network, allows users to transmit data anonymously, avoids ISP-level website blocking or tracking and keeps your browsing activity private by encrypting your data, even when you are on public Wi-Fi connections.
VPNhub promises never to store, collect, sell, or share your personal information with any third parties for their marketing, advertising or research purposes.

However, in its privacy policy under the heading, "How We Use Your Information," the company says it can sell "aggregate or non-personally identifiable information with non-affiliated third parties for advertising, marketing or research purposes."

Since some government, including that of United Kingdom, are regulating adult content online, launching a VPN service by Pornhub makes sense.
VPNhub is available in countries across the globe except for Burma/Myanmar, Cuba, Iran, North Korea, Sudan, and Syria, due to the ban imposed by the U.S. government.

While mobile users (both iOS and Android) can download and use the VPNhub app for free, desktop users (MacOS and Windows) have to purchase a premium account.

You can also upgrade your free account to a premium subscription for $13 a month or $90 for a full year, which eliminates ads, provides faster connection speeds, and opens up "servers from a wide range of countries."

You can give premium VPNhub a try by using its use 7-day free trial.

Apple is making it easier for its users to download their data the company has collected about them so far.

On Wednesday, Apple just launched a new Data and Privacy website that allows you to download everything that the company knows about you, from Apple ID info, device info, App Store activity, AppleCare history, your online shopping habits to all of your data stored in its iCloud.

A similar feature was recently offered by Facebook, enabling its users to download all of their data, not only what they have posted, but also information like facial recognition and location data, following the Cambridge Analytica scandal.

Apple has currently made this feature only available for people having accounts in European Union (along with Iceland, Liechtenstein, Norway and Switzerland), to comply with the General Data Protection Regulation (GDPR) act, which goes into effect on May 25.

However, Apple is planning to roll out this feature worldwide in the coming months. "We intend to provide these capabilities to customers around the world in the coming months," the company wrote.

The new GDPR act was passed with an aim to completely transform the way companies handle its users' personal data, giving users more control over their data. The act applies to all companies that collect the data of EU people, regardless of where they are based.

The GDPR will replace the British Data Protection Act 1998 from 25 May 2018.

The government has also warned businesses that if they fail to make changes in their policies before Friday, they could face fines of up to £17 Million (more than $22 Million), or 4% of their global turnover—whichever amount is higher.

That's why big companies like Apple have decided to inform their European customers about the new privacy policies.

Here's How to Download Your Data:

You can download all your data with a few simple clicks on the privacy portal.

• Log in to privacy.apple.com on your Mac, PC, or iPad.
• Select the Get started link under the "Obtain a copy of your data" heading in Manage your data.
• You can press 'Select All' to download everything or tick the boxes of the data categories you want to download. iCloud data are provided into a separate list as this data may be large and can take a long time to download.
• Apple splits up the data into chunks, which ranges from 1 GB up to a maximum of 25 GB, letting you select your preferred maximum file size. Select a size and hit 'Continue.'

Your download is now in progress, and Apple will send you an email when the files are available to download, which can take up to a week. Your downloaded data is then automatically deleted after 2 weeks.

Here's the List of Data that You can Download:

• App Store, iTunes Store, iBooks Store and Apple Music activity
• Apple ID account and device information
• Apple Online Store and Retail Store activity
• AppleCare support history, repair requests and more
• Game Center activity
• iCloud Bookmarks and Reading List
• iCloud Calendars and Reminders
• iCloud Contacts
• iCloud Notes
• Maps Report an Issue
• Marketing subscriptions, downloads, and other activity
• Other data
• iCloud Drive files and documents
• iCloud Mail
• iCloud Photos

Besides data download feature, Apple is also providing an option of permanently deleting all of your data, which has been made available globally starting today. Once you initiate the data delete option, the company can take up to 7 days to approve the request.

But keep in mind: Once deleted, there is no way you can retrieve your data.

Shortly after Cisco's released its early report on a large-scale hacking campaign that infected over half a million routers and network storage devices worldwide, the United States government announced the takedown of a key internet domain used for the attack.

Yesterday we reported about a piece of highly sophisticated IoT botnet malware that infected over 500,000 devices in 54 countries and likely been designed by Russia-baked state-sponsored group in a possible effort to cause havoc in Ukraine, according to an early report published by Cisco's Talos cyber intelligence unit on Wednesday.

Dubbed VPNFilter by the Talos researchers, the malware is a multi-stage, modular platform that targets small and home offices (SOHO) routers and storage devices from Linksys, MikroTik, NETGEAR, and TP-Link, as well as network-access storage (NAS) devices.

Meanwhile, the court documents unsealed in Pittsburgh on the same day indicate that the FBI has seized a key web domain communicating with a massive global botnet of hundreds of thousands of infected SOHO routers and other NAS devices.

The court documents said the hacking group behind the massive malware campaign is Fancy Bear, a Russian government-aligned hacking group also known as APT28, Sofacy, X-agent, Sednit, Sandworm, and Pawn Storm.

The hacking group has been in operation since at least 2007 and has been credited with a long list of attacks over the past years, including the 2016 hack of the Democratic National Committee (DNC) and Clinton Campaign to influence the U.S. presidential election.

"This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities," John Demers, the Assistant Attorney General for National Security, said in a statement.

Among other, Talos researchers also found evidence that the VPNFilter source code share code with versions of BlackEnergy—the malware responsible for multiple large-scale attacks targeting devices in Ukraine that the U.S. government has attributed to Russia.

VPNFilter has been designed in a way that it could be used to secretly conduct surveillance on its targets and gather intelligence, interfere with internet communications, monitor industrial control or SCADA systems, such as those used in electric grids, other infrastructure and factories, as well as conduct destructive cyber attack operations.

The seizure of the domain that is part of VPNFilter's command-and-control infrastructure allows the FBI to redirect attempts by stage one of the malware (in an attempt to reinfect the device) to an FBI-controlled server, which will capture the IP address of infected devices and pass on to authorities around the globe who can remove the malware.

Users of SOHO and NAS devices that are infected with VPNFilter are advised to reboot their devices as soon as possible, which eliminates the non-persistent second stage malware, causing the persistent first-stage malware on their infected device to call out for instructions.

"Although devices will remain vulnerable to reinfection with the second stage malware while connected to the Internet, these efforts maximize opportunities to identify and remediate the infection worldwide in the time available before Sofacy actors learn of the vulnerability in their command-and-control infrastructure," the DoJ said.

Since VPNFilter does not exploit any zero-day vulnerability to infect its victims and instead searches for devices still exposed to known vulnerabilities or having default credentials, users are strongly recommended to change default credentials for their devices to prevent against the malware.

Moreover, always put your routers behind a firewall, and turn off remote administration until and unless you really need it.

If your router is by default vulnerable and can't be updated, it is time you buy a new one. You need to be more vigilant about the security of your smart IoT devices.

More than half a million routers and storage devices in dozens of countries have been infected with a piece of highly sophisticated IoT botnet malware, likely designed by Russia-baked state-sponsored group.

Cisco's Talos cyber intelligence unit have discovered an advanced piece of IoT botnet malware, dubbed VPNFilter, that has been designed with versatile capabilities to gather intelligence, interfere with internet communications, as well as conduct destructive cyber attack operations.

The malware has already infected over 500,000 devices in at least 54 countries, most of which are small and home offices routers and internet-connected storage devices from Linksys, MikroTik, NETGEAR, and TP-Link. Some network-attached storage (NAS) devices known to have been targeted as well.

VPNFilter is a multi-stage, modular malware that can steal website credentials and monitor industrial controls or SCADA systems, such as those used in electric grids, other infrastructure and factories.

The malware communicates over Tor anonymizing network and even contains a killswitch for routers, where the malware deliberately kills itself.

Unlike most other malware that targets internet-of-things (IoT) devices, the first stage of VPNFilter persists through a reboot, gaining a persistent foothold on the infected device and enabling the deployment of the second stage malware.

VPNFilter is named after a directory (/var/run/vpnfilterw) the malware creates to hide its files on an infected device.

Since the research is still ongoing, Talos researchers "do not have definitive proof on how the threat actor is exploiting the affected devices," but they strongly believe that VPNFilter does not exploit any zero-day vulnerability to infect its victims.

Instead, the malware targets devices still exposed to well-known, public vulnerabilities or have default credentials, making compromise relatively straightforward.

Talos researchers have high confidence that the Russian government is behind VPNFilter because the malware code overlaps with versions of BlackEnergy—the malware responsible for multiple large-scale attacks targeting devices in Ukraine that the U.S. government has attributed to Russia.

Although devices infected with VPNFilter have been found across 54 countries, researchers believe the hackers are targeting specifically Ukraine, following a surge in the malware infections in the country on May 8.

"The malware has a destructive capability that can render an infected device unusable, which can be triggered on individual victim machines or en masse, and has the potential of cutting off internet access for hundreds of thousands of victims worldwide," Talos researcher William Largent said in a blog post.

The researchers said they released their findings prior to the completion of their research, due to concern over a potential upcoming attack against Ukraine, which has repeatedly been the victim of Russian cyber attacks, including large-scale power outage and NotPetya.

If you are already infected with the malware, reset your router to factory default to remove the potentially destructive malware and update the firmware of your device as soon as possible.

You need to be more vigilant about the security of your smart IoT devices. To prevent yourself against such malware attacks, you are recommended to change default credentials for your device.

If your router is by default vulnerable and cannot be updated, throw it away and buy a new one, it's that simple. Your security and privacy is more than worth a router's price.

Moreover, always put your routers behind a firewall, and turn off remote administration until and unless you really need it.

Due to the growing number of threats in the computer world, ethical hackers have become the most important player for not only governments but also private companies and IT firms in order to safeguard their systems and networks from hackers trying to infiltrate them.

By 2020, employment in all information technology occupations is expected to increase by 22 percent, where demand for ethical hackers and IT security engineers will be the strongest. So, it's high time that you should start preparing yourself in the field of ethical hacking.

Although there are many popular and best online courses available in the market, you can't learn everything from a single book or a course.

Good news, we bring an amazing deal of this month for our readers, known as The Ultimate White Hat Hacker 2018 Bundle online hacking bundle, where you can get hacking courses for as little as you want to pay and if you beat the average price you will receive the fully upgraded hacking bundle!

You will get at least 4 hacking courses for less than the average price you pay (as little as $1), and all 8 online courses for the average price (which is $12.11 at the time of writing).

Here's the brief of all 8 courses which is included in this Pay What You Want deal and requires a minimum of the average price:

1. Learn Hacking Windows 10 Using Metasploit From Scratch
Hack Windows Like a Pro, Secure It Like an Expert, and Detect the Hacker

This online course helps you learn how black hat hackers hack Windows using advanced techniques while improving your knowledge on how to analyze and secure Windows and combat hackers.

2. Hack People, Systems, and Mobile Devices
Learn Advanced Social Engineering Techniques to Crack Mobile Devices

This course helps you learn ethical hacking techniques and methodology used in penetration systems to better protect yourself and those around you.

3. Web Application Penetration Testing Professional: WAPTP v3.1
Attack Web Apps with the Latest Professional Tools & Tricks

This online course helps you build towards mapping an application for insecurities, and understanding how to identify and mitigate threats, with WAPTP v3.1 which is a highly practical and hands-on training for web application penetration testing.

4. From Zero to Hero in Web, Network, and WiFi Hacking
Learn Basic to Advanced Web, Network, and WiFi Hacking

This online course helps you learn the essential elements of WiFi hacking so you can start applying them to a career in ethical hacking.

5. Ethical Hacking Using Kali Linux From A to Z
Discover the Power of Kali Linux, One of the Most Popular Ethical Hacking Tools

This course introduces you to the latest ethical hacking tools and techniques with the popular Kali Linux, using a testing lab for practicing different types of attacks.

6. Learn Website Hacking and Penetration Testing From Scratch
Learn How to Hack Sites Like A Black Hat Hacker and How to Protect Them Like A White Hat Hacker

This course helps you gain a complex understanding of websites, and then learn how to exploit them to carry out a number of powerful cyber attacks and test the security of websites and apps, and fix vulnerabilities.

7. Cyber Security Volume II: Network Security
Discuss Network Security, Firewalls, and Learn the Best Password Managers On the Market

This course helps you learn network hacking techniques and vulnerability scanning to discover security issues and risks across an entire network, learning skills for which big companies are willing to pay top dollar.

8. Ethical Hacking for Beginners
Hack Your Way to a Secure and Threat-Free Environment Using Best-in-Class Tools and Technique.

This course helps you learn ethical hacking and identify threats and vulnerabilities to secure your IT environment.

So, what you are waiting for? Sign up to Grab this amazing deal Now!

Even after being aware of various active cyber attacks against the GPON Wi-Fi routers, if you haven't yet taken them off the Internet, then be careful—because a new botnet has joined the GPON party, which is exploiting an undisclosed zero-day vulnerability in the wild.

Security researchers from Qihoo 360 Netlab have warned of at least one botnet operator exploiting a new zero-day vulnerability in the Gigabit-capable Passive Optical Network (GPON) routers, manufactured by South Korea-based DASAN Zhone Solutions.

The botnet, dubbed TheMoon, which was first seen in 2014 and has added at least 6 IoT device exploits to its successor versions since 2017, now exploits a newly undisclosed zero-day flaw for Dasan GPON routers.

Netlab researchers successfully tested the new attack payload on two different versions of GPON home router, though they didn't disclose details of the payload or release any further details of the new zero-day vulnerability to prevent more attacks.

TheMoon botnet gained headlines in the year 2015-16 after it was found spreading malware to a large number of ASUS and Linksys router models using remote code execution (RCE) vulnerabilities.

Other Botnets Targeting GPON Routers

Earlier this month, at least five different botnets were found exploiting two critical vulnerabilities in GPON home routers disclosed last month that eventually allow remote attackers to take full control of the device.

As detailed in our previous post, the 5 botnet families, including Mettle, Muhstik, Mirai, Hajime, and Satori, have been found exploiting an authentication bypass (CVE-2018-10561) and a root-RCE (CVE-2018-10562) flaws in GPON routers.

Shortly after the details of the vulnerabilities went public, a working proof-of-concept (PoC) exploit for GPON router vulnerabilities made available to the public, making its exploitation easier for even unskilled hackers.

In separate research, Trend Micro researchers spotted Mirai-like scanning activity in Mexico, targeting GPON routers that use default usernames and passwords.

"Unlike the previous activity, the targets for this new scanning procedure are distributed," Trend Micro researchers said. "However, based on the username and password combinations we found in our data, we concluded that the target devices still consist of home routers or IP cameras that use default passwords."

How to Protect Your Wi-Fi Router From Hacking

The previously disclosed two GPON vulnerabilities had already been reported to DASAN, but the company hasn't yet released any fix, leaving millions of their customers open to these botnet operators.

So, until the router manufacturer releases an official patch, users can protect their devices by disabling remote administration rights and using a firewall to prevent outside access from the public Internet.

Making these changes to your vulnerable routers would restrict access to the local network only, within the range of your Wi-Fi network, thus effectively reducing the attack surface by eliminating remote attackers.

We will update this article with new details, as soon as they are available. Stay Tuned!