The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: VPN

New RIG Exploit Kit Campaign Infecting Victims' PCs with RedLine Stealer

New RIG Exploit Kit Campaign Infecting Victims' PCs with RedLine Stealer
April 28, 2022Ravie Lakshmanan
A new campaign leveraging an exploit kit has been observed abusing an Internet Explorer flaw patched by Microsoft last year to deliver the RedLine Stealer trojan. "When executed, RedLine Stealer performs recon against the target system (including username, hardware, browsers installed, anti-virus software) and then exfiltrates data (including passwords, saved credit cards, crypto wallets, VPN logins) to a remote command and control server," Bitdefender  said  in a new report shared with The Hacker News. Most of the infections are located in Brazil and Germany, followed by the U.S., Egypt, Canada, China, and Poland, among others. Exploit kits or exploit packs are comprehensive tools that contain a collection of exploits designed to take advantage of vulnerabilities in commonly-used software by scanning infected systems for different kinds of flaws and deploying additional malware. The primary infection method used by attackers to distribute exploit kits, in this case the

T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code

T-Mobile Admits Lapsus$ Hackers Gained Access to its Internal Tools and Source Code
April 22, 2022Ravie Lakshmanan
Telecom company T-Mobile on Friday confirmed that it was the victim of a security breach in March after the LAPSUS$ mercenary gang managed to gain access to its networks. The acknowledgment came after investigative journalist Brian Krebs  shared  internal chats belonging to the core members of the group indicating that LAPSUS$ breached the company several times in March  prior to the arrest  of its seven members. T-Mobile, in a statement, said that the incident occurred "several weeks ago, with the "bad actor" using stolen credentials to access internal systems. "The systems accessed contained no customer or government information or other similarly sensitive information, and we have no evidence that the intruder was able to obtain anything of value," it added. The VPN credentials for initial access are said to have been obtained from illicit websites like Russian Market with the goal of gaining control of T-Mobile employee accounts, ultimately allowing

CISA Alerts on Actively Exploited Flaws in Zabbix Network Monitoring Platform

CISA Alerts on Actively Exploited Flaws in Zabbix Network Monitoring Platform
February 24, 2022Ravie Lakshmanan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  warned  of active exploitation of two security flaws impacting Zabbix open-source enterprise monitoring platform, adding them to its  Known Exploited Vulnerabilities Catalog . On top of that, CISA is also recommending that Federal Civilian Executive Branch (FCEB) agencies patch all systems against the vulnerabilities by March 8, 2022 to reduce their exposure to potential cyberattacks. Tracked as  CVE-2022-23131  (CVSS score: 9.8) and  CVE-2022-23134  (CVSS score: 5.3), the shortcomings could lead to the compromise of complete networks, enabling a malicious unauthenticated actor to escalate privileges and gain admin access to the Zabbix Frontend as well as make configuration changes. Thomas Chauchefoin from SonarSource has been credited with discovering and reporting the two flaws, which affect Zabbix Web Frontend versions up to and including 5.4.8, 5.0.18 and 4.0.36. The issues have since been addressed in vers

ZTNAs Address Requirements VPNs Cannot. Here's Why.

ZTNAs Address Requirements VPNs Cannot. Here's Why.
January 24, 2022The Hacker News
I recently hopped on the  Lookout podcast  to talk about virtual private networks (VPNs) and how they've been extended beyond their original use case of connecting remote laptops to your corporate network. Even in this new world where people are using personal devices and cloud apps, VPN continues to be the go-to solution for remote access and cloud access. After my conversation with Hank Schless, I was inspired to put some additional thoughts about VPN on paper. When most organizations were forced to shift to remote work last year, they needed a quick-fix solution that would enable their remote employees to access work resources securely. For many, this solution came in the form of VPNs. However, VPNs were not designed for the bring your own device (BYOD) and cloud app use cases. While VPNs are able to provide remote access, it may come as a surprise that they fall short when it comes to security. This is because VPNs were built for when only a small portion of your workforce w

Cisco Issues Critical Security Patches to Fix Small Business VPN Router Bugs

Cisco Issues Critical Security Patches to Fix Small Business VPN Router Bugs
August 04, 2021Ravie Lakshmanan
Networking equipment major Cisco has rolled out patches to address critical vulnerabilities impacting its Small Business VPN routers that could be abused by a remote attacker to execute arbitrary code and even cause a denial-of-service (DoS) condition. The issues, tracked as CVE-2021-1609 (CVSS score: 9.8) and CVE-2021-1610 (CVSS score: 7.2), reside in the web-based management interface of the Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers running a firmware release prior to version 1.0.03.22. Both the issues stem from a lack of proper validation of HTTP requests, thus permitting a bad actor to send a specially-crafted HTTP request to a vulnerable device. Successful exploitation of CVE-2021-1609 could allow an unauthenticated, remote attacker to execute arbitrary code on the device or cause the device to reload, resulting in a DoS condition. CVE-2021-1610, concerns a command injection vulnerability that, if exploited, could permit an authenticated adve

Watch Out! Zyxel Firewalls and VPNs Under Active Cyberattack

Watch Out! Zyxel Firewalls and VPNs Under Active Cyberattack
June 25, 2021Ravie Lakshmanan
Taiwanese networking equipment company Zyxel is warning customers of an ongoing attack targeting a "small subset" of its security products such as firewall and VPN servers. Attributing the attacks to a "sophisticated threat actor," the firm noted that the attacks single out appliances that have remote management or SSL VPN enabled, namely in the USG/ZyWALL, USG FLEX, ATP, and VPN series running on-premise ZLD firmware, implying that the targeted devices are publicly accessible over the internet. "The threat actor attempts to access a device through WAN; if successful, they then bypass authentication and establish SSL VPN tunnels with unknown user accounts, such as 'zyxel_slIvpn', 'zyxel_ts', or 'zyxel_vpn_test', to manipulate the device's configuration," Zyxel said in an  email message , which was shared on Twitter. As of writing, it's not immediately known if the attacks are exploiting previously known vulnerabilities

In the Wake of the SolarWinds Hack, Here's How Businesses Should Respond

In the Wake of the SolarWinds Hack, Here's How Businesses Should Respond
January 26, 2021The Hacker News
Throughout 2020, businesses, in general, have had their hands full with IT challenges. They had to rush to accommodate a sudden shift to remote work. Then they had to navigate a rapid adoption of automation technologies. And as the year came to a close, more businesses began trying to assemble the safety infrastructure required to return to some semblance of normal in 2021. But at the end of the year,  news of a massive breach  of IT monitoring software vendor SolarWinds introduced a new complication – the possibility of a wave of secondary data breaches and cyber-attacks. And because SolarWinds' products have a presence in so many business networks, the size of the threat is massive. So far, though, most of the attention is getting paid to large enterprises like Microsoft and Cisco (and the US Government), who were the primary target of the SolarWinds breach. What nobody's talking about is the rest of the 18,000 or so SolarWinds clients who may have been affected. For them

Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Security

Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Security
January 17, 2021Ravie Lakshmanan
Apple has removed a controversial feature from its macOS operating system that allowed the company's own first-party apps to bypass content filters, VPNs, and third-party firewalls. Called " ContentFilterExclusionList ," it included a list of as many as 50 Apple apps like iCloud, Maps, Music, FaceTime, HomeKit, the App Store, and its software update service that were routed through Network Extension Framework, effectively circumventing firewall protections. This exclusion list has been scrubbed now from macOS 11.2 beta 2. The issue first came to light last October following the release of macOS Big Sur, prompting concerns from security researchers who said the feature was ripe for abuse, adding it could be leveraged by an attacker to exfiltrate sensitive data by piggybacking it on to legitimate Apple apps included on the list and then bypass firewalls and security software. "After lots of bad press and lots of feedback/bug reports to Apple from developers such

Fortinet VPN with Default Settings Leave 200,000 Businesses Open to Hackers

Fortinet VPN with Default Settings Leave 200,000 Businesses Open to Hackers
September 25, 2020Ravie Lakshmanan
As the pandemic continues to accelerate the shift towards working from home, a  slew of digital threats  have capitalized on the health concern to exploit weaknesses in the remote work infrastructure and carry out malicious attacks. Now according to network security platform provider SAM Seamless Network , over 200,000 businesses that have deployed the Fortigate VPN solution—with default configuration—to enable employees to connect remotely are vulnerable to man-in-the-middle (MitM) attacks, allowing attackers to present a valid SSL certificate and fraudulently take over a connection. "We quickly found that under default configuration the SSL VPN is not as protected as it should be, and is vulnerable to MITM attacks quite easily," SAM IoT Security Lab's Niv Hertz and Lior Tashimov said. "The Fortigate SSL-VPN client only verifies that the CA was issued by Fortigate (or another trusted CA), therefore an attacker can easily present a certificate issued to a differen

Chinese Man Gets 5-Year Prison for Running 'Unauthorized' VPN Service

Chinese Man Gets 5-Year Prison for Running 'Unauthorized' VPN Service
December 22, 2017Wang Wei
While continuing its crackdown on services that help Chinese citizens to bypass Great Firewall, Chinese authorities have sentenced a man to five-and-a-half years in prison for selling a VPN service without obtaining a proper license from the government. Earlier this year, the Chinese government announced a ban on "unauthorized" VPN services , making it mandatory for companies to obtain an appropriate license from the government in order to operate in the country. Citizens in China usually make use of VPN and Proxy services to bypass the country's Great Firewall, also known as the Golden Shield project, which employs a variety of tricks to censor the Internet in the country. The Great Firewall project already blocked access to more than 150 out of the world's 1,000 top websites, which includes Google, Facebook, Twitter, Dropbox, Tumblr, and The Pirate Bay in the country. VPN helps Chinese citizens encrypt their Internet traffic and route it through a distant c

Chinese Man Jailed For Selling VPNs that Bypass Great Firewall

Chinese Man Jailed For Selling VPNs that Bypass Great Firewall
September 05, 2017Wang Wei
Image source: goldenfrog In an effort to continue its crackdown on VPNs, Chinese authorities have arrested a 26-year-old man for selling VPN software on the Internet. China's Supreme Court has sentenced Deng Jiewei from Dongguan in Guangdong province, close to Hong Kong, to nine months in prison for selling virtual private network (VPN) software through his own small independent website. VPN encrypts users' Internet traffic and routes it through a distant connection so that web surfers can hide their identities and location data while accessing websites that are usually restricted or censored by any country. Chinese citizens usually make use of VPNs to bypass the Great Firewall of China , also known as the Golden Shield project, which employs a variety of tricks to censor the Internet in the country. The project already blocked access to some 171 out of the world's 1,000 top websites, including Google, Facebook, Twitter, Tumblr, Dropbox, and The Pirate Bay in

STOP Rule 41 — FBI should not get Legal Power to Hack Computers Worldwide

STOP Rule 41 — FBI should not get Legal Power to Hack Computers Worldwide
June 23, 2016Mohit Kumar
We have been hearing a lot about Rule 41 after the US Department of Justice has pushed an update to the rule. The change to the Rule 41 of the Federal Rules of Criminal Procedure grants the FBI much greater powers to hack legally into any computer across the country, and perhaps anywhere in the world, with just a single search warrant authorized by any US judge. However, both civil liberties groups and tech companies have blasted the proposed change, saying it is an affront to the Fourth Amendment and would allow the cops and Feds in America to hack remotely into people's computers and phones around the world. Google, Electronic Frontier Foundation (EFF), Demand Progress, FightForTheFuture, TOR (The Onion Router), Private Internet Access and other VPN providers have joined their hands to block changes to Rule 41. " The U.S. government wants to use an obscure procedure—amending a federal rule known as Rule 41— to radically expand their authority to hack," the

Hacker exploits Heartbleed bug to Hijack VPN Sessions

Hacker exploits Heartbleed bug to Hijack VPN Sessions
April 19, 2014Mohit Kumar
Cyber criminals have explored one more way to exploit Heartbleed OpenSSL bug against organisations to hijack multiple active web sessions conducted over a virtual private network connection. The consulting and incident response Mandiant investigated targeted attack against an unnamed organization and said the hackers have exploited the " Heartbleed " security vulnerability in OpenSSL running in the client's SSL VPN concentrator to remotely access active sessions of an organization's internal network. The incident is the result of attacks leveraging the OpenSSL Heartbleed vulnerabilities, which resides in the OpenSSL's heartbeat functionality, if enabled would return 64KB of random memory in plaintext to any client or server requesting for a connection. The vulnerability infected almost two-third of internet web servers, including the popular websites. Recently, there has been an arrest of a Canadian teen of stealing usernames, credentials, session IDs and other da

How to access Twitter in Turkey - #TwitterisBlockedinTurkey

How to access Twitter in Turkey - #TwitterisBlockedinTurkey
March 23, 2014Mohit Kumar
Twitter , the biggest Social Media platform used for vital communication is now banned in Turkey from the last few days, after Prime Minister Recep Tayyip Erdoğan promised to root out the social media service during an election rally this week with the help of a court order. " Twitter and so on, we will root them out. The international community can say this or that – I don't care. They will see the power of the Turkish Republic ." After the ban imposed on Twitter late on Thursday, millions of Turkey users began using Google's DNS service to bypassing censorship, that briefly helped Turks stay connected to Twitter. Turkey Government is trying to close all the possible loopholes that had allowed users to circumvent the ban and finally today the authorities have also blocked the Google DNS service (8.8.8.8 and 8.8.4.4), However the number of tweets jumped 138% in the last 24 Hours and almost 2.5 million tweets have been posted from the country after the ban imposed. Why

Cryptoseal VPN Service shuts down over legal concerns after Lavabit case

Cryptoseal VPN Service shuts down over legal concerns after Lavabit case
October 23, 2013Mohit Kumar
Yet another American Internet privacy service has bitten the dust, prompted by fears about broad government surveillance demands. CryptoSeal, a Virtual private network (VPN) based in California has decided to shutter its privacy-conscious service rather than hand over its encryption keys to the U.S. Government. VPNs are secure tunnels to the Internet that allow users to mask their location, defeat regional restrictions, stay safe over public Wi-Fi connections, and maintain at least a modicum of privacy online. CryptoSeal is the latest company to voluntarily shut down its service after the U.S. Government's legal action against Lavabit, an email service used by former NSA contractor Edward Snowden. " With immediate effect as of this notice, CryptoSeal Privacy, our consumer VPN service, is terminated, " a notice reads on the company's website. " All cryptographic keys used in the operation of the service have been zerofilled...all records created incidental

VPN provider 'Proxy.sh' sniffed the traffic of US based server to Catch Hackers

VPN provider 'Proxy.sh' sniffed the traffic of US based server to Catch Hackers
September 30, 2013Mohit Kumar
The very first question we always try to figure before choosing a trusted VPN service - Can't a VPN provider just look at my traffic all they want and see what I'm doing? Well, a reputated  VPN provider today answers the Question and admitted that they sniffed the traffic on one of its United States-based servers in order to catch an alleged hacker. Proxy.sh , a quality VPN service with no-logging policy, made a surprise announcement : " We are unfortunate to announce that there have been abuses complaints about hacking activities on our U.S. Illinois 1 node. We have been saddened to learn that these actions were harmful to individuals (human beings). As a result, we will open this node again and monitor it with Wireshark for a period of 7 days. Torrentfreak  noticed that there was no mention of any legal process, court order, police action or other similar outside influence compelling Proxy. sh to do so. The monitoring was triggered after Proxy.s

Anonymity Tool Tor gains more than 1.2 Million new users since NSA PRISM scandal

Anonymity Tool Tor gains more than 1.2 Million new users since NSA PRISM scandal
August 31, 2013Mohit Kumar
Since Snowden came forward with details about the NSA's PRISM program in June, web users concerned about online privacy are increasingly turning toward privacy tools to protect their online data. U.S. Government project PRISM allows the government to tap phone calls, email, and web browsing of any citizen without a warrant. New metrics from The Tor Project show that, the usage of Tor Browser is increasing day by day due to the fact that internet users are getting more and more inclined in keeping their online activity isolated from internet surveillance programs like US Prism. Tor was launched in 2004 and developed by the U.S. Navy, is used by governments, activists, journalists and dissidents to conceal their online activities from prying eyes. The TOR online anonymity service has exploded since early June, up more than 100 percent, from just over 500,000 global users to more than 1.2 million. Of those 600,000 new users, roughly ten percent are from the

Digital privacy, Internet Surveillance and The PRISM - Enemies of the Internet

Digital privacy, Internet Surveillance and The PRISM - Enemies of the Internet
June 17, 2013Mohit Kumar
If you have followed the startling revelations about the scope of the US government's surveillance efforts, you may have thought you were reading about the end of privacy, and about the Enemies of the Internet. " My computer was arrested before I was ." a perceptive comment by an internet activist who had been arrested by means of online surveillance.  Online surveillance is a growing danger for journalists, bloggers, citizen-journalists and human rights defenders. Over the last few years, law enforcement agencies have been pushing for unprecedented powers of surveillance and access to your private online communications. This week the PRISM surveillance scandal has consumed the Internet as the implications of massive scale U.S. Government spying begin to sink in. The US National Security Organization (NSA) is almost certainly one of (if not the) most technologically sophisticated, well-funded and secretive organizations in the world. The Prism initiative was launched by Na

Iran blocks most virtual private network (VPN) services

Iran blocks most virtual private network (VPN) services
March 11, 2013Mohit Kumar
IRAN has spent years fending off cyber attacks, blocking access and isolated their own intranet off from the outside world. Many Iranians was using of virtual private network (VPNs), which provides encrypted links directly to private networks based abroad, to access Sites like YouTube and Facebook after bypassing the country's internet filter. But recently, Iranian authorities have blocked the use of most virtual private network to stop people in the country from circumventing the government's internet filter. A widespread government internet filter prevents Iranians from accessing many sites on the official grounds they are offensive or criminal. Ramezanali Sobhani-Fard, the head of parliament's information and communications technology committee said, " Within the last few days illegal VPN ports in the country have been blocked. Only legal and registered VPNs can from now on be used. " Registered and legal VPN access can still be purchased, but the typical fi
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.