#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
CrowdSec

Virtual Private Network | Breaking Cybersecurity News | The Hacker News

Beware: Tainted VPNs Being Used to Spread EyeSpy Surveillanceware

Beware: Tainted VPNs Being Used to Spread EyeSpy Surveillanceware
Jan 13, 2023 VPN / Surveillanceware
Tainted VPN installers are being used to deliver a piece of surveillanceware dubbed  EyeSpy  as part of a malware campaign that started in May 2022. It uses "components of SecondEye – a legitimate monitoring application – to spy on users of 20Speed VPN, an Iranian-based VPN service, via trojanized installers," Bitdefender  said  in an analysis. A majority of the infections are said to originate in Iran, with smaller detections in Germany and the U.S., the Romanian cybersecurity firm added. SecondEye, according to  snapshots  captured via the Internet Archive, claims to be a commercial monitoring software that can work as a "parental control system or as an online watchdog." As of November 2021, it's offered for sale anywhere between $99 to $200. It comes with a wide range of features that allows it to take screenshots, record microphone, log keystrokes, gather files and saved passwords from web browsers, and remotely control the machines to run arbitrary c

Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers

Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers
Jan 04, 2023 VPN / Server Security
Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems. Tracked as  CVE-2022-43931 , the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has been described as an out-of-bounds write bug in the remote desktop functionality in Synology VPN Plus Server. Successful exploitation of the issue "allows remote attackers to execute arbitrary commands via unspecified vectors," the Taiwanese company  said , adding it was internally discovered by its Product Security Incident Response Team (PSIRT). Users of VPN Plus Server for Synology Router Manager (SRM) 1.2 and VPN Plus Server for SRM 1.3 are advised to update to versions 1.4.3-0534 and 1.4.4-0635, respectively. The network-attached storage appliance maker, in a second advisory, also  warned  of several flaws in SRM that could permit remote attackers to execute arbitrary commands, conduct denial-of-service attack

external linkThe Latest SaaS Security Information Resource

SaaS
websiteSaaS Security on TapSaaS Security
Discover SaaS Security on Tap, a video series bringing you all the ins and outs of securing your SaaS stack. Watch now.

Fast and Secure VPN on a Budget? Private Internet Access VPN Has You Covered

Fast and Secure VPN on a Budget? Private Internet Access VPN Has You Covered
Aug 12, 2022
Back when the internet consisted of a handful of computers networked together across a few research institutions, nobody could have imagined that it would one day form the backbone of a new digital way of life. And that probably explains why none of the researchers who thought up its core technologies — things like packet switching and TCP/IP — gave much consideration to the need to secure the data passing through it. But by 1989, hackers like Robert Morris had already spotted the security weaknesses of the fledgling global network and started to exploit them. And that was just the beginning. Today, network administrators and individual internet users spend significant amounts of time and money trying to keep their data safe from prying eyes. The de-facto tool most people use for that purpose is a VPN. It's a software encryption solution that prevents anyone from accessing data traversing the public internet other than its intended recipient. And VPNs make up a data privacy mark

ExpressVPN Removes Servers in India After Refusing to Comply with Government Order

ExpressVPN Removes Servers in India After Refusing to Comply with Government Order
Jun 02, 2022
Virtual Private Network (VPN) provider ExpressVPN on Thursday announced that it's removing Indian-based VPN servers in response to a new cybersecurity directive issued by the Indian Computer Emergency Response Team (CERT-In). "Rest assured, our users will still be able to connect to VPN servers that will give them Indian IP addresses and allow them to access the internet as if they were located in India," the company  said . "These 'virtual' India servers will instead be physically located in Singapore and the U.K." The development comes as the CERT-In has enforced new  controversial   data retention requirements  that are set to come into effect on June 27, 2022, and mandate VPN service providers to store subscribers' real names, contact details, and IP addresses assigned to them for at least five years. The logged user data, CERT-In emphasized, will only be requested for the purposes of "cyber incident response, protective and preventive

ZTNAs Address Requirements VPNs Cannot. Here's Why.

ZTNAs Address Requirements VPNs Cannot. Here's Why.
Jan 24, 2022
I recently hopped on the  Lookout podcast  to talk about virtual private networks (VPNs) and how they've been extended beyond their original use case of connecting remote laptops to your corporate network. Even in this new world where people are using personal devices and cloud apps, VPN continues to be the go-to solution for remote access and cloud access. After my conversation with Hank Schless, I was inspired to put some additional thoughts about VPN on paper. When most organizations were forced to shift to remote work last year, they needed a quick-fix solution that would enable their remote employees to access work resources securely. For many, this solution came in the form of VPNs. However, VPNs were not designed for the bring your own device (BYOD) and cloud app use cases. While VPNs are able to provide remote access, it may come as a surprise that they fall short when it comes to security. This is because VPNs were built for when only a small portion of your workforce w

Europol Shuts Down VPNLab, Cybercriminals' Favourite VPN Service

Europol Shuts Down VPNLab, Cybercriminals' Favourite VPN Service
Jan 18, 2022
VPNLab.net, a  VPN provider  that was used by malicious actors to deploy ransomware and facilitate other cybercrimes, was taken offline following a coordinated law enforcement operation. Europol said it took action against the misuse of the VPN service by grounding 15 of its servers on January 17 and rendering it inoperable as part of a disruptive action that took place across Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the U.S., and the U.K. A second outcome of the seizure is that at least 100 businesses that have been identified as at risk of impending cyber attacks are being notified. Europol didn't disclose the names of the companies. Established in 2008, the tool provided an advanced level of anonymity by offering double VPN connections to its clients — wherein the internet traffic is routed through two VPN servers located in different countries instead of one — for as cheap as $60 a year. "This made VPNLab.net a popular

Industrial VPN Flaws Could Let Attackers Target Critical Infrastructures

Industrial VPN Flaws Could Let Attackers Target Critical Infrastructures
Jul 29, 2020
Cybersecurity researchers have discovered critical vulnerabilities in industrial VPN implementations primarily used to provide remote access to operational technology (OT) networks that could allow hackers to overwrite data, execute malicious code, and compromise industrial control systems (ICS). A new report published by industrial cybersecurity company Claroty demonstrates multiple severe vulnerabilities in enterprise-grade VPN installations, including Secomea GateManager M2M Server, Moxa EDR-G902, and EDR-G903, and HMS Networks eWon's eCatcher VPN client. These vulnerable products are widely used in field-based industries such as oil and gas, water utilities, and electric utilities to remotely access, maintain and monitor ICS and field devices, including programmable logic controllers (PLCs) and input/output devices. According to Claroty researchers, successful exploitation of these vulnerabilities can give an unauthenticated attacker direct access to the ICS devices an

Effective Business Continuity Plans Require CISOs to Rethink WAN Connectivity

Effective Business Continuity Plans Require CISOs to Rethink WAN Connectivity
May 14, 2020
As more businesses leverage remote, mobile, and temporary workforces, the elements of business continuity planning are evolving and requiring that IT professionals look deep into the nuts and bolts of connectivity. CISOs and their team members are facing new challenges each and every day, many of which have been driven by digital transformation, as well as the adoption of other productivity-enhancing technologies. A case in point is the rapidly evolving need to support remote and mobile users as businesses change how they interact with staffers. For example, the recent COVID-19 crisis has forced the majority of businesses worldwide to support employees that work from home or other remote locations. Many businesses are encountering numerous problems with connection reliability, as well as the challenges presented by rapidly scaling connectivity to meet a growing number of remote workers. Add to that security and privacy issues, and it becomes evident that CISOs may very wel

New Linux Bug Lets Attackers Hijack Encrypted VPN Connections

New Linux Bug Lets Attackers Hijack Encrypted VPN Connections
Dec 06, 2019
A team of cybersecurity researchers has disclosed a new severe vulnerability affecting most Linux and Unix-like operating systems, including FreeBSD, OpenBSD, macOS, iOS, and Android, that could allow remote 'network adjacent attackers' to spy on and tamper with encrypted VPN connections. The vulnerability, tracked as CVE-2019-14899, resides in the networking stack of various operating systems and can be exploited against both IPv4 and IPv6 TCP streams. Since the vulnerability does not rely on the VPN technology used, the attack works against widely implemented virtual private network protocols like OpenVPN, WireGuard, IKEv2/IPSec, and more, the researchers confirmed. This vulnerability can be exploited by a network attacker — controlling an access point or connected to the victim's network — just by sending unsolicited network packets to a targeted device and observing replies, even if they are encrypted. As explained by the researchers, though there are variati

Looking For Secure VPN Services? Get a Lifetime Subscription

Looking For Secure VPN Services? Get a Lifetime Subscription
Jul 06, 2018
PRIVACY – a bit of an Internet buzzword nowadays, because the business model of the Internet has now shifted towards data collection. Today, most users surf the web unaware of the fact that websites and online services collect their personal information, including search histories, location, and buying habits and make millions by sharing your data with advertisers and marketers. If this is not enough, then there are governments across the world conducting mass surveillance, and hackers and cyber criminals who can easily steal sensitive data from the ill-equipped networks, websites, and PCs. So, what's the solution and how can you protect your privacy, defend against government surveillance and prevent malware attacks? No matter which Internet connection you are using to go online, one of the most efficient solutions to maximize your privacy is to use a secure VPN service. In this article, we have introduced two popular VPN services, TigerVPN and VPNSecure , which help

China Shuts Down Popular VPN Services to Make Great Firewall Stronger

China Shuts Down Popular VPN Services to Make Great Firewall Stronger
Jul 04, 2017
Online Privacy has been one of the biggest challenges in today's interconnected world, as the governments across the world have been found censoring the Internet, stealing information and conducting mass surveillance on innocent people. China is one such nation which always wanted to have a tight hold on its citizen and has long been known for its strict Internet censorship laws through the Great Firewall of China. The Great Firewall of China is the nation's Golden Shield project that employs a variety of tricks to censor Internet and block access to various foreign news and social media sites, including Google, Facebook, Twitter, Tumblr, Dropbox, and The Pirate Bay. So, in order to thwart these restrictions and access blocked websites, hundreds of millions of Chinese citizens rely on virtual private networks (VPNs) which route their traffic to servers overseas free of the Great Firewall filters, but this may not be an option soon. For those unfamiliar, Virtual P

Use Secure VPNs (Lifetime Subscription) to Prevent ISPs From Spying On You

Use Secure VPNs (Lifetime Subscription) to Prevent ISPs From Spying On You
Mar 27, 2017
Data Privacy is a serious concern today with the vast availability of personal data over the Internet – a digital universe where websites collect your personal information and sell them to advertisers for dollars, and where hackers can easily steal your data from the ill-equipped. If this wasn't enough, US Senate voted last week to eliminate privacy rules that would have forced ISPs to get your permission before selling your Web browsing history and app usage history to advertisers. If passed, ISPs like Verizon, Comcast, and AT&T, can collect and sell data on what you buy, where you browse, and what you search, to advertisers all without taking your consent in order to earn more bucks. How to Prevent ISPs And Hackers From Spying On You So, how do you keep your data away from advertisers as well as hackers? Private Browsing! If you're worried about identity thieves or ISPs spying on or throttling your traffic, the most efficient way to secure your privacy on the

China makes VPNs illegal to tighten its Great Firewall

China makes VPNs illegal to tighten its Great Firewall
Jan 24, 2017
China is long known for its strict Internet censorship laws through the Great Firewall of China – China's Golden Shield project that employs a variety of tricks to censor Internet and block access to various foreign websites in the country by its government. The Great Firewall has blocked some 171 out of the world's 1,000 top websites, including Google, Facebook, Twitter, Tumblr, Dropbox, and The Pirate Bay. Therefore, to thwart these restrictions and access these sites, hundreds of millions of Chinese citizens use virtual private networks (VPNs). But now, the Chinese government has announced the mass shutdown of VPNs in the country, making it harder for internet users to bypass its Great Firewall, according to a report published by the South China Morning Post. 'Clean-Up' of China's Internet Connections Calling it a "clean-up" of China's Internet connections, the Ministry of Industry and Information Technology said on Sunday that it had

Improve Your Online Privacy And Security Using NordVPN

Improve Your Online Privacy And Security Using NordVPN
Sep 29, 2016
Today, most users surf the web unaware of the fact that websites collect their data and track their locations – and if this is not enough, then there are hackers and cyber criminals who can easily steal sensitive data from the ill-equipped. In short, the simple truth is that you have no or very little privacy when you're online. So, if you're worried about identity thieves, or ISPs spying on or throttling your traffic, the most efficient way to secure your privacy on the Internet is to avoid using public networks; use a Virtual Private Network (VPN) instead. When it comes to digital security, the first thing most users probably think of is a good Antivirus for protecting their sensitive data on their systems. But, what they forget is that the data they send over the Internet needs protection, too. That's where Virtual Private Network (VPN) services come in. VPN allows you to access a private network securely and to share data remotely through public networks,

Dutch Police Seize Two VPN Servers, But Without Explaining... Why?

Dutch Police Seize Two VPN Servers, But Without Explaining... Why?
Sep 03, 2016
Recently, two European countries, France and Germany, have declared war against encryption with an objective to force major technology companies to built encryption backdoors in their secure messaging services. However, another neighborhood country, Netherlands, is proactively taking down cyber criminals, but do you know how? Dutch Police has seized two servers belonging to Virtual Private Network (VPN) provider Perfect Privacy , as part of an investigation, without even providing any reason for seizures. Switzerland-based VPN provider said they came to know about the servers seizure from I3D, the company that provides server hosting across Rotterdam. For those unfamiliar, Virtual Private Networks or VPNs are easy security and privacy tools that route your Internet traffic through a distant connection, protecting your browsing, hiding your location data and accessing restricted resources. VPNs have now become a great tool not just for large companies, but also for individual

Using VPN in the UAE? You'll Be Fined Up To $545,000 If Get Caught!

Using VPN in the UAE? You'll Be Fined Up To $545,000 If Get Caught!
Jul 28, 2016
If you get caught using a VPN (Virtual Private Network) in Abu Dhabi, Dubai and the broader of United Arab Emirates (UAE), you could face temporary imprisonment and fines of up to $545,000 (~Dhs2 Million). Yes, you heard that right. Online Privacy is one of the biggest challenges in today's interconnected world. The governments across the world have been found to be using the Internet to track people's information and conduct mass surveillance. Here VPNs and proxy servers come into Play. VPNs and proxy servers are being used by many digital activists and protesters, who are living under the most oppressive regimes, to protect their online activity from prying eyes. However, using VPN or proxy in the UAE could land you into great difficulty. The UAE President Sheikh Khalifa bin Zayed Al Nahyan has issued new sovereign laws for combating cyber crimes, which includes a regulation that prohibits anyone, even travelers, in the UAE from using VPNs to secure their web traff

Opera Browser Now Offers Free and Unlimited Built-in VPN Service

Opera Browser Now Offers Free and Unlimited Built-in VPN Service
Apr 21, 2016
In Brief Opera becomes the first web browser to offer a built-in Free, unlimited and 256-bit encrypted VPN service for everyone. Opera's Free VPN protects unencrypted browser session from leaking on public WiFi networks and will also let unblock firewalls to improve privacy and security. Virtual Private Networks (VPNs) have become an important tool not just for large companies, but also for individuals to improve web privacy, dodge content restrictions and counter growing threat of cyber attacks. Opera has released an updated desktop version of its web browser with a Free built-in VPN service to keep you safe on the Internet with just a click. That's a great deal! For those unfamiliar, VPNs are easy security and privacy tools that route your Internet traffic through a distant connection, protecting your browsing, hiding your location data and accessing restricted resources. Free VPN Service with Unlimited Data Usage Unlike several other free VPN services,
Cybersecurity Resources