Tag Archive for: issue

‘TunnelCrack’ Vulnerabilities Identified; Updating VPN Should Address Security Issue – Forbes Advisor

/in


Editorial Note: We earn a commission from partner links on Forbes Advisor. Commissions do not affect our editors’ opinions or evaluations.

A virtual private network can provide peace of mind by encrypting your activity on the internet and hiding your identity while you browse, which allows you to visit foreign websites and provides a more secure way to transmit private information.

But a new study has uncovered weaknesses that could allow your phone or computer to be tricked into leaking your online data input, known as “traffic,” before the traffic reaches the protected VPN tunnel.

In a paper presented at the USENIX Security Symposium on August 11, researchers from New York University, KU Leuven University in Belgium and NYU Abu Dhabi dubbed the VPN problem “TunnelCrack.”

And no matter what type of device you use, or what your VPN is, you could be at risk.

What Were the Findings?

“Our tests indicate that every VPN product is vulnerable on at least one device,” the researchers wrote. “We found that VPNs for iPhones, iPads, MacBooks, and macOS are extremely likely to be vulnerable, that a majority of VPNs on Windows and Linux are vulnerable, and that Android is the most secure with roughly one-quarter of VPN apps being vulnerable.”

The differences appear to have to do with the way the various operating systems are designed.

The testers confirmed their findings by running 248 experiments involving 67 VPN providers on Windows, macOS, iOS, Linux and Android.

Study co-author Mathy Vanhoef, a professor at KU Leuven, says researchers were able to run their tests without putting the public at risk. “We…used our own phones and own laptops, installed a lot of VPN apps you can find and then tested it,” he says, “and could basically attack ourselves in a lot of cases.”

Choose the VPN Plan that Works for You

Protect your Windows, Mac, iOS, Android, Linux devices, as well as gaming consoles, smart TVs, and routers with CyberGhost VPN.


Explore More

How Does TunnelCrack Work?

Two types of vulnerabilities were discovered: LocalNet attacks and ServerIP attacks.

LocalNet attacks involve traffic sent to and from…

Source…

YouTube influencers selling VPNs may be a security issue

/in


Pro gamer recording a live stream while playing computer games

Pro gamer recording a live stream while playing computer games

Whether you’re a keen YouTube streamer or you hop on the platform from time to time, it’s very likely you have come across several hosts advertising the best VPN service of the moment for top privacy and geo-blocking online.

From a niche tool targeting businesses and cybersecurity nerds, virtual private networks (VPNs) have seen a boom in usage among everyday users in the latest years. VPN popularity is indeed tangled up with the fact that today’s digital life—for better or worse—is getting more complex and central in our lives. Even so, influencers trying to convince their subscribers to make the purchase have inevitably been a big push for this growth—while getting their cut.

Nothing out of the ordinary that other companies don’t do, you might think. Yet, helping people to protect their most sensitive data involves way more responsibilities than recommending a new pair of shoes or a smartphone.

Recent research investigating influencer VPN ads might be more harmful than good after all, by “negatively influencing viewers’ mental models of internet safety.” We asked the main providers out there what they are doing—if anything—to prevent this from happening.

The risks of influencer VPN ads on YouTube

“Our analysis suggests that VPN ads make many claims that have the potential to influence viewers’ mental models not just of VPNs, but of computer security and privacy in general,” concluded the research paper after reviewing 243 YouTube videos containing these ads.

For instance, researchers found many influencers using absolute terms, false technical claims, and misleading visuals to oversell the security and privacy guarantees of the products.

Among all the providers analyzed, VirtualShield was the one with the highest ratio of videos contaminated with overpromises and exaggerations. These ads less frequently mentioned encryption and IP address routing, too, the two very features at the core of the product itself.

Bar chart describing VPN ads in YouTube video content

Bar chart describing VPN ads in YouTube video content

Bar chart describing VPN ads in YouTube video content (Image credit: Omer Akgul, Richard Roberts, Moses Namara, Dave Levin, Michelle L….

Source…

Alex Murdaugh trial suspended as courthouse evacuated due to security issue

/in


The South Carolina courthouse where former attorney Alex Murdaugh’s murder trial is taking place was evacuated Wednesday due to a security issue, officials said. 

“A bomb threat was received by Colleton County courthouse personnel,” a spokesperson for the South Carolina Law Enforcement Division said in a statement.

“The building has been evacuated and SLED along with the Colleton County Sheriff’s Office are investigating the threat,” the statement continued. “No additional information is available from SLED at this time.”

Circuit Court Judge Clifton Newman is presiding over the case as Murdaugh’s trial — for an alleged double-homicide that has been widely publicized for years — enters its third week. In a live stream of Wednesday’s proceeding, Newman can be heard calling a sudden recess around 12:30 p.m.

“Ladies and gentleman, we have to evacuate the building at this time,” the judge said. “So, we’ll be in recess until we discover what’s going on.”

Murdaugh, 54, is a disbarred lawyer previously known for his family’s status as prominent legal figures in South Carolina, their home state. He has been accused of shooting and killing his late wife, Margaret, 52, and their son, Paul, 22, in June 2021.

The case has led to a slew of allegations and 100 criminal charges for various alleged financial and legal offenses, including computer crimes, money laundering, forgery and breach of trust with fraudulent intent. Various indictments from prosecutors and a state grand jury allege Murdaugh stole settlement money, as well other funds, from his former clients, supposedly amounting to about $6.2 million. 

In an indictment filed six months after Margaret Murdaugh and Paul Murdaugh’s killings, prosecutors also accused Murdaugh of crimes including operating a drug trafficking ring and allegedly attempting to fake his own death in an effort to secure a $10 million life insurance payout for his surviving son, Buster.

Murdaugh has insisted throughout the criminal investigation into his wife and youngest son’s deaths that he did not kill them. The disgraced attorney has said that when he found them shot to death at the family’s hunting estate in Colleton County on the evening of June…

Source…

The 2022 US Midterm Elections’ Top Security Issue: Death Threats

/in


In the lead-up to the 2018 midterm elections in the United States, law enforcement, intelligence, and election officials were on high alert for digital attacks and influence operations after Russia demonstrated the reality of these threats by targeting the presidential elections in 2016. Six years later, the threat of hacking and malign foreign influence remain, but 2022 is a different time and a new top-line risk has emerged: physical safety threats to election officials, their families, and their workplaces.

In July 2021 the Department of Justice launched a task force to counter threats against election workers, and the US Election Assistance Commission released security guidance for election professionals. But in public comments this week, lawmakers, top national security officials, and election administrators themselves all expressed concern that misinformation about the security and validity of US voting continues to shape a new threat landscape going into the midterms.

“In New Mexico, the conspiracies about our voting and election systems have gripped a certain portion of the electorate and have caused people to act,” New Mexico’s Secretary of State and top election official Maggie Toulouse Oliver testified before the House of Representatives Homeland Security Committee yesterday. “During the 2020 election cycle, I was doxxed and had to leave my home for weeks under state police protection. Since 2020, my office has certainly seen an uptick in social media trolling, aggrieved emails, and calls into our office, and other communications that parrot the misinformation circulating widely in the national discourse. But more recently, especially since our June 2022 primary election, my office has experienced pointed threats serious enough to be referred to law enforcement.”

In a discussion on Tuesday about midterm election security at the Fordham International Conference on Cyber Security in New York City, FBI director Christopher Wray and NSA director Paul Nakasone emphasized that federal intelligence and law enforcement view foreign adversaries that have been active during past US elections—including Russia, China, and Iran—as potential threats heading into the 2022…

Source…