Search This Blog

Showing posts with label VPN. Show all posts

Microsoft Suffered A Rare Cyber-Security Lapse When One of Bing's Backend Servers Were Exposed Online

 

Microsoft endured a rather rare cyber-security lapse just this month when the company's IT staff incidentally left one of Bing's backend servers exposed on the web. 

Discovered by Ata Hakcil, a security researcher at WizCase, only imparted his discoveries to ZDNet the previous week. As per Hakcil's investigation, the server is said to have exposed more than 6.5 TB of log documents containing 13 billion records coming from the Bing search engine.

Hakcil said the server was exposed from September 10 to September 16, when he initially had informed the Microsoft Security Response Center (MSRC), and the server was made secure one more time with a password. 

The Wizcase researcher had the option to check and re-check his discoveries by finding search queries he performed in the Bing Android app in the server's logs.

 
Microsoft admitted to committing this mistake and commented last week, 

"We've fixed a misconfiguration that caused a small amount of search query data to be exposed," a Microsoft spokesperson told ZDNet in an email last week. After analysis, we've determined that the exposed data was limited and de-identified." ZDNet, which was provided access to the server while it was exposed without a password, can affirm that no personal user info was made public. 

Rather, the server exposed specialized details, like search inquiries, details regarding the client's system (device, OS, browser, etc.), geo-location details (wherever accessible), and various tokens, hashes, and coupon codes.
The leaky server was distinguished as an Elasticsearch system. Elasticsearch servers are high-grade systems where organizations collect huge amounts of information to handily search and channel through billions of records easily. 

Throughout the previous four years, Elasticsearch servers have frequently been the source of numerous coincidental information leaks. 

The reasons are known to fluctuate and can go from administrators neglecting to set a password; firewalls or VPN frameworks unexpectedly going down and uncovering an organization's normally-internal servers; or organizations duplicating production data to test systems that aren't always secured as rigorously as their essential infrastructure.

VPN Services Reportedly Leaked Around 1.2TB User Data Containing Sensitive Information


A recent discovery by a tech service company has taken the world by storm. The VPN services may not be as protected and secure as they guarantee to be, the company reveals that around 894GB of client information and data from UFO VPN has been exposed on the web.

This was proved true for eight quite well-known VPN services that have purportedly released a mammoth 1.2TB of client information. These VPN applications are as yet accessible on the Google Play Store with just one removed until now.

The leaked info contains subtleties like accounts passwords, VPN session secrets/tokens, IP addresses of both client devices and servers, and even the operating system of the devices.

As per by Comparitech, the tech service company responsible for the discovery,  more than 20 million client entries are included in the logs every day.

The VPN specialist co-op was likewise informed regarding the information spill yet denied any such claims. UFO VPN said that the client logs are saved for traffic monitoring and that every last bit of it is 'anonymized'.

It was later found that there are seven more Hong Kong-based VPN administrations that have around 1.2TB of client information out in the open online.

The list incorporates FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, Rabbit VPN, and UFO VPN as well. Found by VPNmentor, it was discovered that all these VPN services share a typical Elasticsearch server and also the same recipient for payments, Dreamfii HK Limited.

The information uncovered from these VPN administrations contain sensitive data like home addresses, Bitcoin and PayPal payment details, email addresses and passwords, user names, and more. Dreamfii HK is expected to be the parent company for all these VPN services.

As of now, these VPN applications are as yet accessible on the Play Store, and only Rabbit VPN has been removed.

Indians to use VPN as a way to evade ban on Chinese Apps


It seems like people have found a way to circumvent government's ban on 59 Chinese Apps including favorites like TikTok, Share it, Shien, Clash of Kings, and many more and have moved on to use VPN (Virtual Private Network) to access these apps.


Right after the ban announcement by government companies like SatoshiVPNS put an advert on their social media stating, Ann investment in a VPN is an investment that always pays for itself — many times over.” There have been articles on blabberpost and others recommending how and which VPN to use to access the banned applications.

And it's not the first time Indians have turned to VPN to dodge regulations, in fact, we are quite notorious when it comes to VPN. After Reliance Jio, Bharti Airtel and Vodafone Idea - the largest telecom providers in the country- took down porn websites from their network, India fell only three steps from 12 to 15 in terms of visitors to Pornhub. A 2019 report from Pornhub revealed that 91% of Indian users access the site via mobile phone.

 Since February, India has seen a growth of 15% in VPN usage, according to a report by ExpressVPN; the global average stands at 21%. 

By the books, using VPN is not illegal in India for as much as it's not used for any illegal activity. The most common use of a VPN in the country is either to watch pornography or to access torrents and both of these do not summon legal actions.

Since the suspension of Internet service from August 2019 till March 2020 in the Kashmir Valley and the aftermath of weak 2g and 3g networks, many citizens turned to VPN in order to reach blocked content Facebook, Twitter, and other social media sites. The government even arrested some for using VPN to promote unlawful activities.
after the ban, Google and Apple App Store removed TikTok and Helo for Indian users but other banned apps like Browsers, Club Factory, Shein, ShareIT, and Clash of Kings are still listed on both the stores.

Firefox Web Browser Launching Its Own Paid VPN Service



The Firefox Private Network service launched in beta just the previous year as a browser extension for desktop versions of the Firefox web browser is all set to be renamed as Mozilla VPN.

According to a blog post, Mozilla VPN will move out of the beta and be available as a standalone service later this year with select regions, which will include the United States.

The VPN will be accessible for $4.99 every month and the user will have the option to utilize around five devices with a similar account. Mozilla specifies this pricing is just temporary yet has not clarified whether the price will be increased or new plans introduced for fewer devices.

Mozilla VPN will be launched as a standalone and system-wide VPN service for Android, iOS, Windows, ChromeOS, macOS, and Linux platforms throughout the next few weeks.

While the Android, iOS, Windows, and Chromebook clients will be available at first, Mozilla is likewise chipping away at Mac and Linux clients which have additionally been requested by the beta testers.

Mozilla, as opposed to other web browser makers like Opera, isn't offering the service for nothing. They claim that a paid service will permit the organization to continue offering the service without benefiting from users’ data.

The service, in its current form as Firefox Private Network, is fuelled by Mullvad VPN and has servers in excess of 30 nations. It runs on the WireGuard standard that offers more privacy and better execution when contrasted with customary standards like OpenVPN being another protocol; it may not be as steady as the 'legacy' ones.

In the event that the user wishes to be a part of the beta testing or express interest for the service to be accessible in their region, they can join the waitlist by signing up the official website of the Firefox Private Network VPN and they will be notified whenever Firefox Private Network is accessible for their device and region.

The link of which is provided below: https://fpn.firefox.com/vpn/invite 

100 Million Android Users Warned Against Using this "Very Dangerous" VPN App


Millions of Android users are being cautioned against using a popular Android VPN that was removed by Google from its Play store. The action was taken by Google after Researchers found vulnerabilities in 'SuperVPN' that could leave devices open to malware attacks and allow attackers to redirect victims onto malicious servers.

As of now, the app has around 100 million downloads, however, in the year 2016 when the risks associated with the app surfaced for the first time ever in related research, it only had a total of 10,000 downloads.

While testing, security researchers identified three main issues with the app:

1. Unencrypted HTTP traffic: The communications can be intercepted by the attackers, it has been said that transferring highly sensitive information over HTTP is not secure at all.

2. Hardcoded encryption keys: The app has inbuilt decryption keys that can easily decrypt the information in an encrypted format.

3. Payload including EAP credentials: EAP credentials are being used by the VPNs therefore users outside the app can not connect to the same server. Hence, EAP credentials sent in the unencrypted payload in a way defeats the purpose.

Notably, SuperVPN was also listed as one of the top 5 VPN in Google Play Store's search results before it was taken down by the authorities. As per the findings by researchers, it contained vulnerabilities that allowed attackers to carry out man-in-the-middle attacks, also known as MITM attacks. It could expose communication that took place between the user and provider letting hackers have access to everything the user is doing online, be it browsing tabs in Chrome, making video calls or loading up apps – all of that sensitive data including passwords, private texts, and voice messages is being made available to the attackers.

Other occasions where SuperVPN drew negative remarks include the app being ranked third by the Australian researchers in an examination of the most malware-rigged VPN apps. The researchers pointed out that the app had been posing risks since it appeared on the Play Store.

While explaining more about the issues, Jan Youngren, Security Researcher at VPNPro told, "SuperVPN used a wide range of shady techniques to help it rank highly in Google, as well as to hide who actually owns the app, where it’s located, and the other apps from the same developer that may have similar issues."

"But lastly, and most importantly, it seems that the entire time the app was on the Play store, it had critical vulnerabilities in one way or another, either by being a vehicle for malware in 2016 or allowing for MITM attacks just before being removed."

"The only thing unclear now is whether these vulnerabilities are due to mistake, or intention. Nonetheless, there are millions of users right now with a dangerous app on their phone. If you’re one of those users, we implore you to delete SuperVPN immediately." He further added.

Microsoft Issues Its First Ever ‘Targeted’ Warning ; Saving VPN Servers of Hospitals


Following a recent disclosure about Iranian hackers targeting on vulnerabilities in VPN servers like the Pulse Secure, Palo Alto Systems, Fortinet, and Citrix, Microsoft gave its first-ever 'targeted' warning to a few dozen hospitals, informing them of the vulnerabilities in their own virtual private network (VPN) appliances.

With the organizations depending all the more heavily on the VPN servers as the lockdowns are in full swing of the unfortunate outbreak of the Corona Virus. They had no other option except to fall back to this means to help telecommuters but that in the end has made that specific part of the system a weakness i.e a soft spot for ransomware attackers to target – specifically at hospitals with already stressed assets.

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (DHS CISA) a month ago cautioned all organizations to fix VPN services, however, Microsoft is especially worried about hospitals' vulnerability to human-operated ransomware due to unpatched VPN servers.

One group the Microsoft team has been following is the REvil, otherwise known as Sodinokibi, ransomware gang, which is known for setting monstrous ransom demands for businesses and government agencies.

While the ransomware gang hasn't yet developed new attack techniques but instead has repurposed strategies from state-sponsored attacks for new campaigns that exploit the heightened requirement for information in the current coronavirus crisis.

The Microsoft Threat Protection Intelligence Team uncovered in a new post, "Through Microsoft's vast network of threat intelligence sources, and we identified several dozens of hospitals with vulnerable gateway and VPN appliances in their infrastructure."

"To help these hospitals, many already inundated with patients, we sent out a first-of-its-kind targeted notification with important information about the vulnerabilities," it added later.

When mentioning these new ransomware gangs the Microsoft team noted, “We haven't seen technical innovations in these new attacks, only social engineering tactics tailored to prey on people's fears and the urgent need for information."

And so the Multinational Technology's recommendation to hospitals and various other organizations is to follow three key steps to shield their VPN services from attacks:

  • Apply all available security updates for VPN and firewall configurations. 
  • Monitor and pay special attention to your remote access infrastructure. 
  •  Turn on attack surface reduction rules, including rules that block credential theft and ransomware activity. 

Apart from these, there are a few more published by Microsoft to further help mitigate these attacks.

Hackers Exploit Vulnerabilities in Pulse VPN and Android Devices to Launch Heavy Cyberattack


The vulnerability named CVE-2019-1150 has affected Pulse VPN's network and is regarded as highly 'severe.' Whereas vulnerability named CVE-2019-2215 targets unpatched android smartphones. As we all know, in the world of cybersecurity, it becomes highly unsafe when the hackers target unpatched devices and systems as they can have terrible consequences. Recently, it has become a trend among hackers to target unpatched Android smartphones. Attackers were also found exploiting the flaws in Pulse Secure VPN in an attempt to compromise the cybersecurity of various organizations and individuals.


The flaw in Pulse Secure VPN

According to Kevin Beaumont, who is a Uk based cybersecurity expert, the assertion that 'Revil' is big-time ransomware and at least 2 companies are affected after the hackers exploited the vulnerability in Pulse Secure's VPN flaw. Many hackers are now exploiting this flaw to launch ransomware attacks. As per the latest information, the organization that is said to be affected by this cyber attack is a currency exchange and travel insurance company 'Travelex.' According to cybersecurity experts, the attack was launched using the Revil ransomware. The consequences of this cyberattack compelled Travelex to shut down all of its online mode of operations.
As a result, the company shut down its system offline and had to manually operate its nationwide branches.

The vulnerability known as CVE-2019-1150 is regarded as highly 'hazardous' by the cybersecurity experts. CVE-2019-1150, an uncertain read data vulnerability attacks different versions of Pulse Secure VPN named Pulse Connect Secure and Pulse Policy Secure. The vulnerability allows hackers access to Https and connects the hackers to the company's network without the hackers having to enter login credentials such as id and password. By exploiting this vulnerability, hackers can view confidential files, download files, and launch various malicious codes to disrupt the company's entire network. Pulse Secure VPN had released a security patch last year in April, and the users are requested to update to the latest security patch.

The flaw in Android Devices

Hacking group 'SideWinder APT' exploited vulnerabilities via 3 apps in the Google play store named as Camera, FileCrypt, and CallCam. “These apps may be attributed to SideWinder as the C&C servers it uses are suspected to be part of SideWinder’s infrastructure. Also, a URL linking to one of the apps’ Google Play pages is found on one of the C&C servers,” says Trend Micro cybersecurity experts.

NordVPN agrees to 'private' server infringement


NordVPN, a VPN provider has affirmed an intrusion on one of its servers in Finland, although the damage done was nothing serious. There were no dubious records on the server. “We don't trace, retrieve or distribute users' data. It is almost impossible for the attacker to obtain usernames and identifications and also, the hacker couldn't decipher the VPN traffic to different servers,” says the company.



"The only probable way to exploit website traffic was by doing an individual and complex MiTM breach to prevent a private connection that attempted to locate nordvpn.com," commented the company on its website. The attack happened in March 2018, when an unapproved user located the NordVPN server in Finland. They used an "unsafe remote administration system" that the data hub provider had forgotten.  The company didn't know of any such system. The server misused was attached to NordVPN's server record on January 31.

The service provider caught the violation and dismissed the account on 20th March without notifying the network provider NordVPN. The company discovered the attack several months back and immediately discontinued its engagement with the data center provider and cleansed all the details on the borrowed servers. It didn't reveal the infringement instantly because the company had to investigate the rest of its system to prevent the same incident from happening again. It also stimulated the decryption of our systems.

"This took a while because of the complex infrastructure and more than 3000 servers that our firm handles," says NordVPN. The problem didn't stir any of NordVPN's other servers. The company says that it would need engaged providers to reach more formidable safety measures. "We are also moving all of our data centers to RAM and this process would take another one year to complete," says NordVPN. While the break won't have any meaningful result on user secrecy, it will create a negative image of the company in the internet society. “NordVPN is multiplying measures on user privacy. We have supported an administration safety inspection and we are striving on a secondary no-records examination for the moment and are planning a fault munificence project." NordVPN will start autonomous surface scrutiny of its data systems to ensure it doesn't miss any loopholes.

Looking For a Free VPN Service That’s Not Too Messy? Here’s All You Need To Know About TunSafe VPN Service

Not sure how to browse the internet safely away from the claws of hackers and cyber-cons? Not sure how to maintain cyber privacy?

TunSafe VPN is a solution to many such problems. It’s a free VPN service which aids people to connect with websites and social networks without revealing the channel.

It has been essentially developed and includes fresh features and better provisions.

The very high performing VPN follows the WireGuard protocol which enables it to help setup the secure VPN channels swiftly betwixt different platforms.

By way of the latest and most fresh cryptography-Curve25519, ChaCha20, Poly1305, BLAKE2 and HKDF, TunSafe ensures that no third-party hinder the user’s privacy.

All you need is simple configuration files which is specifically provided by the VPN provider..

For Downloading:


1. Go to https://tunsafe.com/
2. Click download.
3. Select the “Download TunSafe 1.4 installer”

For Installation:


1. Open the downloaded file
2. Complete the installation by pressing OK all the way.
3. Finally close it.
4. This is what will appear after that.

5. Click on connect.

6. The above is what will appear after that. This is the main window of TunSafe.

7. Drag the configuration file from the VPN provider onto Tunsafe’s window.

8. Confirm when the dialogue box pops up.


9. If everything works out well, a message will show that the VPN has been connected and the connection, established.

Various Platforms TunSafe Is Available For:
Desktop: Windows, Linux, OSX, Free BSD
Mobile: Android and iOS

Unlike most of the VPN services, TunSafe is free if cost and that’s what makes it better, more efficient and different from all the others.

For more details check www.tunsafe.com

Multiple VPN Applications Allow Attackers to Sidestep Authentication; Assists in Taking Control of Affected Systems




Enterprise VPN applications created by Palo Alto Systems, Pulse Secure, Cisco, and F5 Networks are reportedly known to have been 'storing' authentication and session cookies that too insecurely, as indicated by a DHS/CISA alert with a vulnerability note issued by CERT/CC, conceivably enabling attackers to sidestep authentication.

The caution issued on the 14th of April by the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) additionally expresses that a potential "attacker could exploit this vulnerability to take control of an affected system."

As detailed in the Common Weakness Enumeration database in CWE-311, the way that an application neglects to "encrypt sensitive or critical information before storage or transmission" could permit would-be attacker to intercept traffic information, read it and infuse malignant code/information to play out a Man-in-the-Middle (MitM) attack.

CERT/CC says:
The following products and versions store the cookie insecurely in log files:
- Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0 (CVE-2019-1573)
- Pulse Secure Connect Secure prior to 8.1R14, 8.2, 8.3R6, and 9.0R2
The following products and versions store the cookie insecurely in memory:
- Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0 (CVE-2019-1573)
- Pulse Secure Connect Secure prior to 8.1R14, 8.2, 8.3R6, and 9.0R2
-Cisco AnyConnect 4.7.x and prior

As indicated by this note "It is likely that this configuration is generic to additional VPN applications," which suggests that many VPN applications from an aggregate of 237 vendors can conceivably be affected by this data divulgence vulnerability.

Additionally, the vulnerability note composed by Carnegie Mellon University's Madison Oliver says that - "If an attacker has persistent access to a VPN user's endpoint or exfiltrates the cookie using other methods, they can replay the session and bypass other authentication methods. An attacker would then have access to the same applications that the user does through their VPN session."

While VPN applications from Check Point Software Technologies and pfSense were found to not be 'vulnerable', Cisco and Pulse Secure haven't yet issued any data with respect to this vulnerability. Palo Alto Networks have thusly published a security advisory with additional information on this data revelation vulnerability tracked as CVE-2019-1573.

F5 Networks then again, while being "aware of the insecure memory storage since 2013" chosen not to fix it and gives the following solution as a relief measure: "To mitigate this vulnerability, you can use a one-time password or two-factor authentication instead of password-based authentication."