VPN HOTSPOT SHIELD, PUREVPN AND ZENMATE ARE REVEALING REAL IP ADDRESSES

According to VPN Mentor, a private firm which reviews virtual private networks (VPN), after research, it has been discovered that three VPN service providers with millions of customers worldwide are leaking sensitive data such as users’ IP addresses. These VPNs include HotSpot Shield, PureVPN, and Zenmate.

The purpose of using a VPN depends on the situation but mostly people opt-in for VPNs to fight online censorship by accessing websites that are blocked by their ISPs while some chose to use VPN for anonymity and better privacy, information security training professionals said.

vpn

But when the VPN you thought was protecting your privacy was actually posing a threat to it. That means that now you can be under government surveillance or malicious organizations, hackers can track your IP address and identify your ISP or on a business level, it can allow attackers to carry distributed denial-of-service (DDoS) attacks.

According to VPN Mentor’s blog post, in order to find vulnerabilities in HotSpot Shield, PureVPN, and Zenmate VPN Mentor hired three ethical hackers who after testing concluded all three VPN have been leaking IP address of the user, even when a VPN is in use posing a massive privacy threat.

It must be noted that the vulnerabilities exist in the Chrome browser plugins for all three VPNs and not in the desktop or smartphone apps.

As per information security training experts report, AnchorFree’s HotSpot Shield was filled with three vulnerabilities. The first vulnerability (CVE-2018-7879) allowed remote attackers to cause a reload of the affected system or to remotely execute code.

The second and third vulnerabilities (CVE-2018-7878 & CVE-2018-7880) leaked IP and DNS addresses which poses a privacy threat to users since hackers can track user location and the ISP.

It must be recognized that HotSpot Shield was quick to respond to VPN Mentor regarding the vulnerabilities and patched all vulnerabilities professionally and timely protecting millions of its users from what could be a serious threat if exploited.

“The fast response of Hotspot Shield is something we think is worth commending. We felt that they worked with our research team in a fast and serious manner and that they care for their users. They took our research as help for improvement rather than criticism,” said the co-founder of VPN Mentor Mr. Ariel Hochstadt.

In PureVPN and Zenmate, information security training researchers also found that loopholes similar to Hotspot Shield may leak user sites and IP addresses. However, because they did not receive a response from both manufacturers, they did not specify the vulnerabilities of both.

Advertisements
Posted in Uncategorized | Leave a comment

ANDROID SETTINGS THAT USERS SHOULD CHANGE RIGHT NOW

Most of us don’t interfere with default Android settings, yet in the event that you are searching for ways to improve your general Android experience; there are a couple of changes that information security experts said that worth attempting. Android have a great deal of features, yet not every one of them are empowered out of the container. With the regularly developing list of capabilities, it’s barely noticeable those profoundly covered Android settings that can upgrade your experience.

Android (1)

Make a couple of improvements in your Android settings can have a major effect to its execution. Here are 5 Android settings that information security training experts said you should change now to get the most out of your smartphone with these basic features.

  1. Do Not Track Browsing History

Numerous sites keep a track on your search and browsing history which consequently will demonstrate you promotions and proposals. You can cripple this element by exchanging ‘Do Not Track’ alternative present in the Chrome.

  • Open Chrome and select Setting from Menu Option.
  • Select on Privacy and Turn ON ‘Do Not Track’ option.

android jpg 1

  1. Chrome Address Bar at bottom

In the event that you have a substantial display smartphone then you should know how extreme it gets the opportunity to utilize an address bar on Chrome when you are utilizing the smartphone with one hand. You would now be able to get the deliver bar to base utilizing the means beneath.

  • Open Chrome and Type “Chrome://flags“
  • Scroll down to “Chrome Home Android” tab and Settings from Default to Enable.
  • Relaunched the Chrome and you will be find the changes.

android jpg 2

  1. Google Play Protect

Google Play Protect is an ongoing malware scanner which checks every last application that is introduced or going to be introduced in your gadget, an information security training specialist explain.

  • Open Settings on your Android Smartphone.
  • Then Select Google and Security.
  • Click Google Play Protect and Improve Harmful App Detection.

android jpg 3

  1. Speed up Animations

Android animations help keep things new and furthermore influence your smartphone to look extravagant. Despite the fact that now and again it appears to back off things a bit. Be that as it may, you can accelerate animation to accelerate your gadget.

  • Open Settings on your Android Smartphone.
  • Then Select Developer Options and Animation Scale.
  • Make changes in Windows Animation Scale, Transition Animation Scale and Animator Duration Scale.

android jpg 4

  1. Opt Out Of Ads

You are more likely than not seen the ads while perusing on your smartphone. Information security training experts recommend the improvement of this setting to avoid possible malwares in the ads

  • Open Settings on your Android Smartphone.
  • Then select Google and Ads.
  • Enable “Opt Out Of Ads Personalization“

android jpg 5

Posted in Uncategorized | Leave a comment

APAC INFORMATION SECURITY CHIEFS EXPECT CRITICAL ATTACK

Nearly 70% of information security leaders in the APAC region believe a major attack affecting critical infrastructure across multiple countries will happen in the next two years, a survey reveals

Most information security training leaders in the Asia-Pacific (APAC) region believe that a major, successful cyber attack on critical infrastructure in their country, or multiple countries, is imminent.

APACC

According to the survey conducted ahead of information security trainingresearchers of Black Hat Asia in Singapore, 52% of nearly 100 respondents either “strongly agree” that such an attack would happen in their own country in the next two years.

An even greater proportion (67%) believed that an attack affecting critical infrastructure across multiple Asian countries will happen in the same period.

As in Black Hat surveys conducted in the US and Europe, information security training professionals in the study were concerned that recent incidents in their region might indicate that a major breach of critical infrastructure is forthcoming.

Past attacks in the Middle East and Asia had spanned damage to industrial control systems, data theft for surveillance purposes, and hacking of computers used to support critical infrastructure in Asian countries.

APT37, the North Korean cyber espionage group, for example, had already expanded its operations beyond the Korean peninsula to include Japan, Vietnam and the Middle East.

Another campaign, reported by information security researchers at Nyotron, was focused on stealing data from industrial control systems in the Middle East for the purpose of conducting surveillance.

The gloomy threat landscape had led 23% of respondents to believe that cyber espionage by large nation states poses the greatest threat to APAC’s critical infrastructure, followed by potential attacks by organized crime groups (21%).

Information security training managers in APAC were also more concerned about sophisticated attacks aimed at their organizations than any other threat, followed by social engineering exploits and polymorphic malware that evades signature-based defenses.

The Black Hat Asia survey also threw up some surprises. For example, only 19% identified ransomware and other forms of online extortion as a top current concern in two years despite heightened publicity around the topic, but the 38% of respondents pointed to the rapid increase in the use of ransomware as the top threat in the past year.

Like their counterparts in the US and Europe, APAC cyber security leaders were not confident of their ability to deal with looming threats. More than half of them said they were either a little under budget or severely ham­pered in their ability to fight threats because of a lack of funds.

The shortage of information security training staff had also made it harder to fend off current threats as reported by 58% of respondents. Out of those, 17% admitted they were completely underwater; 3% said they had no staff; and 38% said they could use a little additional help.

The skills shortage was the most worrying finding for the information security training professionals. According to the survey, over half of cyber security professionals in the region said they were either actively looking for a new job or open to it.

Across the region, nearly 40% said users who violated security policies or fell prey to phishing and social engineering scams had kept them up at night. Compliance with privacy rules such as the Asia Pacific Economic Cooperation (APEC) Privacy Framework was also one of the top items in their security budgets and daily activity lists.

Posted in Uncategorized | Leave a comment

DARK WEB, WHERE YOUR ENTIRE IDENTITY IS FOR SALE

Having multiple accounts online is a common practice as we use all sorts of services from carrying out transactions on PayPal to social networking through Facebook and buying groceries from Walmart. Hackers have now come up with another way of exploiting unsuspecting users’ identity, said the information security training  professionals.

darkweb jpg 1

But, if all of your accounts could be hacked and sold to fraudsters, your entire identity on the web will be hijacked.

According to the findings of a team of information security experts from the UK-based Virtual Private Network comparison service Top10VPN, fraudsters on Dark Web are now after all your accounts on the web. Reportedly, malicious hackers operating on the Dark Web can buy someone’s entire identity-which cybercriminals refer to as Fullz-for as low as £820. The startling revelations were made in the first ever Dark Web Market Price Index by Top10VPN.

Information security training experts analyzed tens of thousands of ID lists uploaded in 2018 on three mainstream markets on the Dark Web namely Wall Street Market, Dream, and Point. As per their findings, a person’s bank details can be acquired for around £168 while PayPal logins can fetch nearly £280. Passport details can be obtained for just £40 and details of online shopping accounts on platforms like Amazon, Walmart and Tesco are available for £5.

darkweb jpg 2

All kinds of login credentials are in demand from Match.com login IDs to Airbnb profiles, social media accounts like on Facebook or Twitter, Netflix accounts and even eBay and Deliveroo credentials. Almost every type of account can be hacked and sold on the Dark Web.

The reason why these hacked IDs are so in demand is that hackers are able to carry out identity theft by using these credentials as a backdoor for just some bucks.

According to the information security training researcher, Simon Migliano: “Our research is a stark reminder of just how easy it is to get hold of personal info on the dark web and the sheer variety of routes that fraudsters can take to get hold of your money. This really underlines the importance of two-factor authentication and more generally the secure use of websites and apps.”

It was not clarified by the researchers whether personal identity information prices are going up or down on the Dark Web but information security experts are observing a plunging trend. McAfee’s chief scientist Raj Samani states:

“It seems like the prices are a little lower than 2015. However, there are certainly more services on offer than before. Validity rates are not included so like-for-like comparisons are challenging.”

Information security training specialists are concerned about the low rates of this sort of vital information as such valuable personal data is so easily and readily available in such low rates that anyone can buy them and carry out a variety of malicious attacks.

Posted in Uncategorized | Leave a comment

VULNERABILITY REPORTING DELAYS BY CHINA

According to an information security firm, China is attempting to cover up inexplicable delays in public reporting of high-risk software security holes by changing the dates of vulnerability publication to its national vulnerability database so they match those in the U.S. database.

A previous investigation, in November, discovered that China is finding and disclosing information on software security holes faster than the United States, except when those vulnerabilities are high risk and might be used in targeted attacks.

china ciudadf.jpg

Now the information security firm Recorded Future has discovered that China National Vulnerability Database (CNNVD) altered the original publication dates for at least 267 vulnerabilities in its research published in November 2017. The information security training expert said it expects the changes were made to conceal evidence it revealed in its previous report.

CNNVD is managed by China’s Ministry of State Security (MSS). “CNNVD takes longer to publish high threat vulnerabilities than low threat vulnerabilities,” Priscilla Moriuchi, information security training researcher.

China’s National Vulnerability Database has a website but appears to be separate from the China’s Ministry of State Security MSS, the firm said in previous research. MSS is akin to the US Central Intelligence Agency. Unlike the CIA, however, MSS is not just a foreign intelligence service, but it also has a large, and arguably more important domestic intelligence mandate.

Recognizing the importance of the domestic mission is key to understanding why the MSS would manipulate data that is primarily consumed by Chinese or regional users. In other words, China is in no hurry to publish information about serious vulnerabilities because it wants to give MSS time to evaluate how the government might use them in offensive cyber operations. “CNNVD’s outright manipulation of these dates implicitly confirmed this assessment,” the firm said.

Now it seems China also is trying to cover its tracks and hide its intent. The dates changed in the CNNVD were for vulnerabilities that the U.S. NVD had reported in six days and the CNNVD took more than twice as long as its average of 13 days to report. Information security training analysts first noticed the discrepancies between publication dates in two Microsoft Office security holes identified as outliers in its November report.

“The initial CNNVD publication dates for the two vulnerabilities had been backdated to match NVD and erase the publication lag,” the information security firm said in its report. Screenshots of the vulnerabilities records from November and February, respectively, are provided in the report, highlighting the date alteration.

The information security firm found that 267 of the 268 CNNVD original publication dates had been altered since November 17. Moreover, each date was changed post-publication to approximate or beat publication date in the U.S. vulnerability database.

“What we found was that CNNVD had changed the publication date to hide the publication lag,” information security training professional Moriuchi said.”This would hide the evidence of (Ministry of State Security) influence and any other processes that would create the publication lag in the first place and it would limit the methods we were using and any other organizations would use to anticipate Chinese APT behavior.”

The firm identified 74 new outlier vulnerabilities, published between September 13 and November 16, 71 of which “were backdated and the publication lags erased,” researchers said.

From a public service and transparency perspective, there could be larger liability issues for companies and institutions that rely solely on CNNVD data, researchers said. “If a company is victimized by an exploit for a vulnerability during the altered period of time, unless they kept a historical record of all CNNVD initial report dates, they could face questions about why they did not remediate a vulnerability for which they did not know about,” according to the firm report.

Additionally, China recently instituted a Cybersecurity Law (CSL) mandating that companies operating in China adopt a “tiered system of network security protections,” information security training researchers said. The law allows the state to hold companies both legally and financially responsible for what officials deem a “network security incident.”

In light of the activity uncovered by Recorded Future, for a  foreign multinational company to comply with all the provisions of the CSL could mean that it may at the same time violate Western laws or regulations against cooperating with Chinese security and intelligence services.

Moriuchi said that the more worrying issue is China’s willingness to cloud or distort information to serve its ends. After all, vulnerabilities published on the US NVD or China’s CNNVD have already been publicly disclosed. That means they are unlike so-called vulnerability “equities”:  undisclosed software vulnerabilities that state intelligence agencies discover (or purchase) and may keep secret for use in offensive cyber operations.

Posted in Uncategorized | Leave a comment

APPLEBEE’S RESTAURANTS SUFFERED PAYMENT CARD BREACH

RMH Franchise Holdings revealed on Friday afternoon that PoS (point of sale) systems at the Applebee’s restaurants were infected with a PoS malware.

According to information security training specialists, the PoS malware was used to collect names, payment card numbers, expiration dates, and card verification codes. On Friday afternoon, RMH Franchise Holdings published a link to the data breach notice on its website.

applebeessss

“RMH Franchise Holdings recently learned about a data incident affecting certain payment cards used at RMH-owned Applebee’s restaurants that we operate as a franchisee.” states the notice of the data breach.

“We are providing this notice to our guests as a precaution to inform them of the incident and to call their attention to some steps they can take to help protect themselves. RMH operates its point-of-sale systems isolated from the broader Applebee’s network, and this notice applies only to RMH-owned Applebee’s restaurants.”

The security breach was discovered on February 13, the RMH promptly started an investigation with the help of and law enforcement. The infection lasted between December 6, 2017, and January 2, 2018, as per investigation of information security training experts.

Almost any restaurant operated by RMH was impacted, the incident affects more than 160 restaurants in Alabama, Arizona, Florida, Illinois, Indiana, Kansas, Kentucky, Missouri, Mississippi, Nebraska, Ohio, Pennsylvania, Texas, and Wyoming.

The security breach does not affect online payments systems, clients using self-pay tabletop devices were not affected too. RMH clarified that its payment systems are not affected by the incident because they are isolated from the payment network used Applebee’s.

“After discovering the incident on February 13, 2018, RMH promptly took steps to ensure that it had been contained. In addition to engaging third-party information security training professionals to assist with our investigation, RMH also notified law enforcement about the incident and will continue to cooperate in their investigation.”RMH added.

“Now, RMH is continuing to closely monitor its systems and review its security measures to help prevent something like this from happening again.”

Posted in Uncategorized | Leave a comment

BIGGEST DDOS ATTACK EVER HITS GITHUB WEBSITE

This week, GitHub’s code hosting website hit with the largest-ever distributed denial of service (DDoS) attack that peaked at record 1.35 Tbps. According to data security researchers, attackers did not use any botnet network, instead weaponized misconfigured Memcached servers to amplify the DDoS attack.

The attackers abuse of Memcached, popular open-source and easily deployable distributed caching system, to launch over 51,000 times powerful DDoS attack than its original strength. Cyber security experts explain that the amplification DDoS attack works by sending a forged request to the targeted Memcrashed server on port 11211 using a spoofed IP address that matches the victim’s IP.

github attack

A few bytes of the request sent to the vulnerable server trigger tens of thousands of times bigger response against the targeted IP address.

“This attack was the largest attack seen to date, more than twice the size of the September 2016 attacks that announced the Mirai botnet and possibly the largest DDoS attack publicly disclosed,” said a data security company that helped Github to survive the attack.

In a post, Github said, “The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints. It was an amplification attack using the Memcached-based that peaked at 1.35Tbps via 126.9 million packets per second.”

cyber security professional said, “though amplification attacks are not new, this attack vector evolves thousands of misconfigured Memcached servers, many of which are still exposed on the Internet and could be exploited to launch massive attacks soon against other targets”.

Posted in Uncategorized | Leave a comment