ESB-2021.1080 – [RedHat] Quarkus: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1080
        Red Hat build of Quarkus 1.11.6 release and security update
                               30 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Quarkus
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Remote/Unauthenticated
                   Reduced Security                -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-20218 CVE-2020-26238 CVE-2020-25724
                   CVE-2020-25633  

Reference:         ESB-2021.1053
                   ESB-2021.0442

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2021:1004

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat build of Quarkus 1.11.6 release and security update
Advisory ID:       RHSA-2021:1004-01
Product:           Red Hat build of Quarkus
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:1004
Issue date:        2021-03-29
CVE Names:         CVE-2020-25633 CVE-2020-25724 CVE-2020-26238 
                   CVE-2021-20218 
=====================================================================

1. Summary:

An update is now available for Red Hat build of Quarkus.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability. For
more information, see the CVE links in the References section.

2. Description:

This release of Red Hat build of Quarkus 1.11.6 includes security updates,
bug fixes, and enhancements. For more information, see the release notes
page listed in the References section.

Security Fix(es):

* cron-utils: template injection allows attackers to inject arbitrary Java
EL expressions leading to remote code execution (CVE-2020-26238)

* resteasy-client: potential sensitive information leakage in JAX-RS
RESTEasy Client's WebApplicationException handling (CVE-2020-25633)

* fabric8-kubernetes-client: vulnerable to a path traversal leading to
integrity and availability compromise (CVE-2021-20218)

* resteasy: information disclosure via HTTP response reuse (CVE-2020-25724)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgements, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.

The References section of this erratum contains a download link for the
update. You must be logged in to download the update.

4. Bugs fixed (https://bugzilla.redhat.com/):

1879042 - CVE-2020-25633 resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling
1899354 - CVE-2020-25724 resteasy: information disclosure via HTTP response reuse
1901655 - CVE-2020-26238 cron-utils: template injection allows attackers to inject arbitrary Java EL expressions leading to remote code execution
1923405 - CVE-2021-20218 fabric8-kubernetes-client: vulnerable to a path traversal leading to integrity and availability compromise

5. References:

https://access.redhat.com/security/cve/CVE-2020-25633
https://access.redhat.com/security/cve/CVE-2020-25724
https://access.redhat.com/security/cve/CVE-2020-26238
https://access.redhat.com/security/cve/CVE-2021-20218
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=redhat.quarkus&downloadType=distributions&version=1.11.6
https://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/1.11/
https://access.redhat.com/articles/4966181

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYGG2idzjgjWX9erEAQgaew//V6fcra4vFHh4IO7bqOUNj2UGo/1CoYrM
HN7Si/9vGnOx1B/ztvW8yEeiVLJS3ffKdZvYwlZG1rXpC52NF2ZDydh8GBEphi6C
l1UR5pHzA7E6xX8aXl7P7IYcu/9zvESYdhYJvhQmdKhZ8a3TyBEULZdIkj2hkwBr
QL0EjAvr61XgMbmCzRpN4A0tdL9hO+8GDU65wwNoQUoVS08sGpagFOQ57kvqnSlG
Eet7Yw0t3y7ITHHlExi9qvpOa9jASlzo8f7ZQbzFUW8UNK4cp9OI7RpYA6vMGWIh
blJ6ihqVMyLn9ebxVNd2jRG1FZRpMj8nu/q02e7ASQZiPKGZ19xfTLthzzlQGH4Q
QWMyGl+3wJ1KtLKpecmu3oh/kjV9kmDXczbDbhTBotD2VIMfRDVgdIxImaj1eIf8
eqeW6SBHh8iN/qnFMT5g+bYqjLNzJDidpVB88OXQcWNlHfvscjbTLZlbsWx1WCb7
shlV7Pj4FPOoSIx2Pqo9Kc/3jsNVJcgN6knjE60Es9FIN/2vuFq+IkIk0wBX9f1Q
e9qOEtMj2/CI5uaW850n1oo+z/BaHSPgN16F7Ga9chO2JPOFs3HyxjNNUo3+rmSi
Au+iHO+cYuM9b9+ghrENE0ULltILqTvZRteXqhRUOfUk9pVEYt3raCahQ34F5ICx
lU1Ue4+T9QU=
=Z7Rn
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYGJkm+NLKJtyKPYoAQgPIQ//UHVho9TH78hT56570pmNgt7YHZKP3iYb
wzi/By2xLWjVGS8oiYEaPzfoUgJXH2OgcBdV0emmj4WlsC5gA3J0icDOt9efIXP/
6Xy1P0RSbSJPcfYALPsWRVIxMW4TtZ+IAlHfutEpNZdmEdPfnut1RrQ8ly15NmLk
2y4b04v9nJcGMt5zvx7n63T/T1HRqQqfYcIZDJTTpOTmi3dj2Rdjc/NQ2JIiUUIT
TBv7puadIPgikEfPxt90D//APH+Ks7vO8WpFj2H4qVVhq6LfrgpztyUUkyvBFjMZ
ljPPboL8IiApovnm9aD70fwL6zQxfp0Rv9rPmAZ/9MyyodahMq8MSlUw3SoyJu+S
njwYLHhhWriXK1gSg6WTnokaSx/0YtsG2A7WM6wT80JYQeaiwF6YU76kN6Hgoo0Y
Tjz8zdAVSK5Sujc6xTTQzQUmeuRRv2o50ilmf219dmhRgqAVDTd6kfBtPrhMLk9l
goBeUV2mvQhwl1qAJEgqdDmjOglliJ/Wu/p+ejuRZ5oERVOOG1Agmt9FSnBRGp9w
WvgfK44C3RKJ/jYoH9wpkSOAqk2Gu5kDnh4Xkqd+fJPtG/1aHdb+IWpIZ0qeE2be
G5o5De5NiZqY/duTHhiEx84zOYSJ3U9UZx0eYT2E40XY2GZVCtUixeh5D//s7vzH
hue3heqf7uM=
=AqsM
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1080 – [RedHat] Quarkus: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/03/30/esb-2021-1080-redhat-quarkus-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1080-redhat-quarkus-multiple-vulnerabilities

ESB-2021.1078 – [Ubuntu] WebKitGTK: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1078
                   USN-4894-1: WebKitGTK vulnerabilities
                               30 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           WebKitGTK
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
                   Unauthorised Access             -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-1870 CVE-2021-1801 CVE-2021-1799
                   CVE-2021-1789 CVE-2021-1765 CVE-2020-29623
                   CVE-2020-27918  

Reference:         ESB-2021.1071

Original Bulletin: 
   https://ubuntu.com/security/notices/USN-4894-1

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-4894-1: WebKitGTK vulnerabilities
29 March 2021

Several security issues were fixed in WebKitGTK.
Releases

  o Ubuntu 20.10
  o Ubuntu 20.04 LTS
  o Ubuntu 18.04 LTS

Packages

  o webkit2gtk - Web content engine library for GTK+

Details

A large number of security issues were discovered in the WebKitGTK Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 20.10

  o libwebkit2gtk-4.0-37 - 2.30.6-0ubuntu0.20.10.1
  o libjavascriptcoregtk-4.0-18 - 2.30.6-0ubuntu0.20.10.1

Ubuntu 20.04

  o libwebkit2gtk-4.0-37 - 2.30.6-0ubuntu0.20.04.1
  o libjavascriptcoregtk-4.0-18 - 2.30.6-0ubuntu0.20.04.1

Ubuntu 18.04

  o libwebkit2gtk-4.0-37 - 2.30.6-0ubuntu0.18.04.1
  o libjavascriptcoregtk-4.0-18 - 2.30.6-0ubuntu0.18.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.

References

  o CVE-2021-1765
  o CVE-2020-27918
  o CVE-2021-1870
  o CVE-2021-1801
  o CVE-2020-29623
  o CVE-2021-1789
  o CVE-2021-1799

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYGJkB+NLKJtyKPYoAQjHnA/9EAzJ/axr1STwwpNaNuaRdIdtUhZqhUcJ
8XtEEEsK6y5RkBIii+5fJp7YErLUUSJzfrW6FY/zVx77fAnwrc5v2BSxeCokmxZ5
7VZ066nGKZlUMT8Uhxzq9ZD75rzq7lfQq2/M1a2gB2XcEAXIQmWnWDm2oMZqqkOv
PQhXSJJMLsjtCLDm+T5AikrgpumAiihfpLLlpg0kHs8WQ8JKPftk25sVGb2TeoYD
vxze59aGrPgkePAZqiiyAKOuD6/B+/aUVg6p61ffkdQkdXaKT7x/T6jPCzm4Bpzd
7FRP/rFFo/hjJ/H1obLSdpbBwgJZhi6grijdVB0FcnmB+rYEXh8VfOWekrYB4uq3
+RvTB9dzZwd0bOzsqtHsUjfxBS84vJ182IdUA1Yos9ZWBLoAUCVIP1kGYv4PrKXC
HkTr8B0Q21d53KgpaEyYgcqsLpJFZv2JGLcwEnY5dBHDKkGboTG2h43L/1ueeRkj
0ulOpV0we6mTEJO9GoJP7StWrfA7/d0lIWeeMhBH3BF5MFRtD4f1PkJiv+c5xWuf
W5hlQOLbnYHMjTiLpBLlC5aALp5MUjB/sBhFBsx8ZfOlhTCRqIhy8RysFQ4UVlZp
SRyzT+LLZkqkqK6Hp1vhusjVJ5R2cu70P4CKxu0N2Fb+LX9fD6ToQ0EqHPy24ChO
uHOJaREoOsM=
=98as
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1078 – [Ubuntu] WebKitGTK: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/03/30/esb-2021-1078-ubuntu-webkitgtk-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1078-ubuntu-webkitgtk-multiple-vulnerabilities

The one reason your iPhone needs a VPN

For years, Apple has marketed its iPhone as the more secure, more private option when compared to other smart phones, which do not, by default, include an end-to-end encrypted messaging app, warn users repeatedly about app location requests, or provide a privacy-forward Single Sign-On feature.

But, while Apple has taken several, commendable steps into protecting users, the company’s reach only goes so far, which means that it alone cannot stop threat actors from snooping on users’ unencrypted web traffic, poorly configured apps from leaking user data to rogue WiFi networks, or mobile phone carriers from selling user data to make money.

For those problems, iPhone users would greatly benefit from using a Virtual Private Network (VPN). A VPN creates an encrypted “tunnel” between your phone and somebody you trust, such as the company you work for, or your VPN provider. Your phone traffic is routed through the tunnel, where it’s protected from surveillance, before joining the internet.

Using a VPN on an iPhone can bolster the overall privacy and security that users have come to expect from the Cupertino-based phone maker, which has literally gone to court to fight back against efforts to downgrade its mobile operating system’s security.

If there’s one reason users need to use a VPN with their iPhones, it’s this: A VPN can protect where Apple cannot. Below are a list of reasons why you need a VPN on your Apple iPhone:

VPNs encrypt your iPhone’s web activity

The Internet is a complex place, with countless servers hosting trillions of web pages, visited by billions of machines every day. When you use the Internet, there are some safeguards in place for protecting your online activity, but those safeguards are incomplete and they aren’t the work of Apple. Expecting Apple to protect all of your Internet traffic is like expecting Ford to make safer highways.

Because of this, when you use an iPhone to browse online, you could still be vulnerable to threat actors snooping on your Internet traffic when you use a public WiFi network, like when working at a cafe, staying at a hotel, or waiting for a flight at the airport.

Using a VPN on your phone can protect you against those attacks, in exactly the same way it would if you were browsing the web on your laptop or desktop machine. You get the same security and the same privacy boosts, no matter the device. This is crucial because, as users begin to spend more time navigating the Internet on their phones, they are spending more time connecting to it from untrusted environments, over somebody else’s WiFi.

The good news for Internet users is that there is a long-standing effort to encrypt the entirety of the web. But although great strides have been made in the last decade, it’s important to remember that the Internet today is not yet reliably private or secure. Whilst lots of web pages are served over HTTPS (the secure form of HTTP) many are not, and most DNS lookups–which reveal the names of the websites you’re visiting–are vulnerable to snooping.

The better news is that, until the entirety of the web is encrypted, a VPN will fill in the gaps and provide much of the security online that Apple can’t control. Remember, the iPhone’s security can only go so far.

VPNs encrypt your iPhone’s app traffic

Encrypting your iPhone’s web activity while browsing online is good, but realistically, many of your iPhone apps are connecting to the Internet on a near round-the-clock basis, crunching data in the Cloud, and refreshing in the background to check for notifications and updates. Just because these connections aren’t happening through a browser doesn’t mean that threat actors are any less interested in it.

In fact, the vulnerabilities of many poorly configured apps are likely too many to count. Time after time, studies of different types of apps have shown too many are either missing the encryption necessary to protect you, or that it exists in a weak, flawed or broken state. And, most alarmingly, there is no way for users to tell the good apps from the bad ones without specialist knowledge and equipment.

Just like the web, there is only so much that Apple can do to protect you from apps that communicate insecurely. But, again, a VPN can help plug the gaps in your apps’ encryption by wrapping it all in a protective tunnel.

VPNs stop your carrier from monetizing your data

Protecting your Internet activity from eavesdropping doesn’t just defang threat actors, it also prevents your mobile service carrier from making an extra buck at your expense of your privacy. At least in the United States, mobile service carriers like Verizon, AT&T, and T-Mobile can look at your Internet activity–including what you look at, what apps you’ve downloaded, and how you interact with certain services– and then bundle that activity into profiles that it can then sell for advertising purposes.

If this sounds wrong to you, you’re not alone. And if you think that mobile carriers wouldn’t abuse your data, think again. Last year, the US Federal Communications Commission announced a collective $200 million in fines against Verizon, AT&T, Sprint, and T-Mobile for those companies’ sale of user location data without users’ consent.

A VPN on iPhone will hide a great deal of your Internet activity from your mobile carrier, in the exact same way that it hides your online activity from your Internet Service Provider. Your carrier is on the outside of the VPN’s tunnel and can’t look inside it. Take a stand for your privacy and reclaim your Internet activity for yourself.

By now, it should be clear that using a VPN with an iPhone isn’t futile, or redundant, or useless. In fact, it’s a great way to bolster your security and your privacy.

The post The one reason your iPhone needs a VPN appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/the-one-reason-your-iphone-needs-a-vpn-9/?utm_source=rss&utm_medium=rss&utm_campaign=the-one-reason-your-iphone-needs-a-vpn-9

5 Teen Internet Safety Tips

How could our teens live without their smartphones, laptops, and other devices that allow them to go online, communicate and have fun with their friends in a safe manner?  We have provided five (5) tips they should remember.

The post 5 Teen Internet Safety Tips appeared first on Security Boulevard.

Read More

The post 5 Teen Internet Safety Tips appeared first on Malware Devil.

https://malwaredevil.com/2021/03/30/5-teen-internet-safety-tips/?utm_source=rss&utm_medium=rss&utm_campaign=5-teen-internet-safety-tips

The one reason your iPhone needs a VPN

For years, Apple has marketed its iPhone as the more secure, more private option when compared to other smart phones, which do not, by default, include an end-to-end encrypted messaging app, warn users repeatedly about app location requests, or provide a privacy-forward Single Sign-On feature.

But, while Apple has taken several, commendable steps into protecting users, the company’s reach only goes so far, which means that it alone cannot stop threat actors from snooping on users’ unencrypted web traffic, poorly configured apps from leaking user data to rogue WiFi networks, or mobile phone carriers from selling user data to make money.

For those problems, iPhone users would greatly benefit from using a Virtual Private Network (VPN). A VPN creates an encrypted “tunnel” between your phone and somebody you trust, such as the company you work for, or your VPN provider. Your phone traffic is routed through the tunnel, where it’s protected from surveillance, before joining the internet.

Using a VPN on an iPhone can bolster the overall privacy and security that users have come to expect from the Cupertino-based phone maker, which has literally gone to court to fight back against efforts to downgrade its mobile operating system’s security.

If there’s one reason users need to use a VPN with their iPhones, it’s this: A VPN can protect where Apple cannot. Below are a list of reasons why you need a VPN on your Apple iPhone:

VPNs encrypt your iPhone’s web activity

The Internet is a complex place, with countless servers hosting trillions of web pages, visited by billions of machines every day. When you use the Internet, there are some safeguards in place for protecting your online activity, but those safeguards are incomplete and they aren’t the work of Apple. Expecting Apple to protect all of your Internet traffic is like expecting Ford to make safer highways.

Because of this, when you use an iPhone to browse online, you could still be vulnerable to threat actors snooping on your Internet traffic when you use a public WiFi network, like when working at a cafe, staying at a hotel, or waiting for a flight at the airport.

Using a VPN on your phone can protect you against those attacks, in exactly the same way it would if you were browsing the web on your laptop or desktop machine. You get the same security and the same privacy boosts, no matter the device. This is crucial because, as users begin to spend more time navigating the Internet on their phones, they are spending more time connecting to it from untrusted environments, over somebody else’s WiFi.

The good news for Internet users is that there is a long-standing effort to encrypt the entirety of the web. But although great strides have been made in the last decade, it’s important to remember that the Internet today is not yet reliably private or secure. Whilst lots of web pages are served over HTTPS (the secure form of HTTP) many are not, and most DNS lookups–which reveal the names of the websites you’re visiting–are vulnerable to snooping.

The better news is that, until the entirety of the web is encrypted, a VPN will fill in the gaps and provide much of the security online that Apple can’t control. Remember, the iPhone’s security can only go so far.

VPNs encrypt your iPhone’s app traffic

Encrypting your iPhone’s web activity while browsing online is good, but realistically, many of your iPhone apps are connecting to the Internet on a near round-the-clock basis, crunching data in the Cloud, and refreshing in the background to check for notifications and updates. Just because these connections aren’t happening through a browser doesn’t mean that threat actors are any less interested in it.

In fact, the vulnerabilities of many poorly configured apps are likely too many to count. Time after time, studies of different types of apps have shown too many are either missing the encryption necessary to protect you, or that it exists in a weak, flawed or broken state. And, most alarmingly, there is no way for users to tell the good apps from the bad ones without specialist knowledge and equipment.

Just like the web, there is only so much that Apple can do to protect you from apps that communicate insecurely. But, again, a VPN can help plug the gaps in your apps’ encryption by wrapping it all in a protective tunnel.

VPNs stop your carrier from monetizing your data

Protecting your Internet activity from eavesdropping doesn’t just defang threat actors, it also prevents your mobile service carrier from making an extra buck at your expense of your privacy. At least in the United States, mobile service carriers like Verizon, AT&T, and T-Mobile can look at your Internet activity–including what you look at, what apps you’ve downloaded, and how you interact with certain services– and then bundle that activity into profiles that it can then sell for advertising purposes.

If this sounds wrong to you, you’re not alone. And if you think that mobile carriers wouldn’t abuse your data, think again. Last year, the US Federal Communications Commission announced a collective $200 million in fines against Verizon, AT&T, Sprint, and T-Mobile for those companies’ sale of user location data without users’ consent.

A VPN on iPhone will hide a great deal of your Internet activity from your mobile carrier, in the exact same way that it hides your online activity from your Internet Service Provider. Your carrier is on the outside of the VPN’s tunnel and can’t look inside it. Take a stand for your privacy and reclaim your Internet activity for yourself.

By now, it should be clear that using a VPN with an iPhone isn’t futile, or redundant, or useless. In fact, it’s a great way to bolster your security and your privacy.

The post The one reason your iPhone needs a VPN appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/the-one-reason-your-iphone-needs-a-vpn-8/?utm_source=rss&utm_medium=rss&utm_campaign=the-one-reason-your-iphone-needs-a-vpn-8

The one reason your iPhone needs a VPN

For years, Apple has marketed its iPhone as the more secure, more private option when compared to other smart phones, which do not, by default, include an end-to-end encrypted messaging app, warn users repeatedly about app location requests, or provide a privacy-forward Single Sign-On feature.

But, while Apple has taken several, commendable steps into protecting users, the company’s reach only goes so far, which means that it alone cannot stop threat actors from snooping on users’ unencrypted web traffic, poorly configured apps from leaking user data to rogue WiFi networks, or mobile phone carriers from selling user data to make money.

For those problems, iPhone users would greatly benefit from using a Virtual Private Network (VPN). A VPN creates an encrypted “tunnel” between your phone and somebody you trust, such as the company you work for, or your VPN provider. Your phone traffic is routed through the tunnel, where it’s protected from surveillance, before joining the internet.

Using a VPN on an iPhone can bolster the overall privacy and security that users have come to expect from the Cupertino-based phone maker, which has literally gone to court to fight back against efforts to downgrade its mobile operating system’s security.

If there’s one reason users need to use a VPN with their iPhones, it’s this: A VPN can protect where Apple cannot. Below are a list of reasons why you need a VPN on your Apple iPhone:

VPNs encrypt your iPhone’s web activity

The Internet is a complex place, with countless servers hosting trillions of web pages, visited by billions of machines every day. When you use the Internet, there are some safeguards in place for protecting your online activity, but those safeguards are incomplete and they aren’t the work of Apple. Expecting Apple to protect all of your Internet traffic is like expecting Ford to make safer highways.

Because of this, when you use an iPhone to browse online, you could still be vulnerable to threat actors snooping on your Internet traffic when you use a public WiFi network, like when working at a cafe, staying at a hotel, or waiting for a flight at the airport.

Using a VPN on your phone can protect you against those attacks, in exactly the same way it would if you were browsing the web on your laptop or desktop machine. You get the same security and the same privacy boosts, no matter the device. This is crucial because, as users begin to spend more time navigating the Internet on their phones, they are spending more time connecting to it from untrusted environments, over somebody else’s WiFi.

The good news for Internet users is that there is a long-standing effort to encrypt the entirety of the web. But although great strides have been made in the last decade, it’s important to remember that the Internet today is not yet reliably private or secure. Whilst lots of web pages are served over HTTPS (the secure form of HTTP) many are not, and most DNS lookups–which reveal the names of the websites you’re visiting–are vulnerable to snooping.

The better news is that, until the entirety of the web is encrypted, a VPN will fill in the gaps and provide much of the security online that Apple can’t control. Remember, the iPhone’s security can only go so far.

VPNs encrypt your iPhone’s app traffic

Encrypting your iPhone’s web activity while browsing online is good, but realistically, many of your iPhone apps are connecting to the Internet on a near round-the-clock basis, crunching data in the Cloud, and refreshing in the background to check for notifications and updates. Just because these connections aren’t happening through a browser doesn’t mean that threat actors are any less interested in it.

In fact, the vulnerabilities of many poorly configured apps are likely too many to count. Time after time, studies of different types of apps have shown too many are either missing the encryption necessary to protect you, or that it exists in a weak, flawed or broken state. And, most alarmingly, there is no way for users to tell the good apps from the bad ones without specialist knowledge and equipment.

Just like the web, there is only so much that Apple can do to protect you from apps that communicate insecurely. But, again, a VPN can help plug the gaps in your apps’ encryption by wrapping it all in a protective tunnel.

VPNs stop your carrier from monetizing your data

Protecting your Internet activity from eavesdropping doesn’t just defang threat actors, it also prevents your mobile service carrier from making an extra buck at your expense of your privacy. At least in the United States, mobile service carriers like Verizon, AT&T, and T-Mobile can look at your Internet activity–including what you look at, what apps you’ve downloaded, and how you interact with certain services– and then bundle that activity into profiles that it can then sell for advertising purposes.

If this sounds wrong to you, you’re not alone. And if you think that mobile carriers wouldn’t abuse your data, think again. Last year, the US Federal Communications Commission announced a collective $200 million in fines against Verizon, AT&T, Sprint, and T-Mobile for those companies’ sale of user location data without users’ consent.

A VPN on iPhone will hide a great deal of your Internet activity from your mobile carrier, in the exact same way that it hides your online activity from your Internet Service Provider. Your carrier is on the outside of the VPN’s tunnel and can’t look inside it. Take a stand for your privacy and reclaim your Internet activity for yourself.

By now, it should be clear that using a VPN with an iPhone isn’t futile, or redundant, or useless. In fact, it’s a great way to bolster your security and your privacy.

The post The one reason your iPhone needs a VPN appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/the-one-reason-your-iphone-needs-a-vpn-7/?utm_source=rss&utm_medium=rss&utm_campaign=the-one-reason-your-iphone-needs-a-vpn-7

Fortalezca su perímetro de seguridad con el análisis de inventario

Durante el 2020 vimos como las organizaciones de todo el mundo mudaron sus operaciones hacia el trabajo remoto duplicando los riesgos de posibles ataques hacia todo tipo de endpoints.

Teniendo en cuenta este panorama, se volvió indispensable que las organizaciones …

The post Fortalezca su perímetro de seguridad con el análisis de inventario appeared first on ManageEngine Blog.

The post Fortalezca su perímetro de seguridad con el análisis de inventario appeared first on Security Boulevard.

Read More

The post Fortalezca su perímetro de seguridad con el análisis de inventario appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/fortalezca-su-perimetro-de-seguridad-con-el-analisis-de-inventario/?utm_source=rss&utm_medium=rss&utm_campaign=fortalezca-su-perimetro-de-seguridad-con-el-analisis-de-inventario

The one reason your iPhone needs a VPN

For years, Apple has marketed its iPhone as the more secure, more private option when compared to other smart phones, which do not, by default, include an end-to-end encrypted messaging app, warn users repeatedly about app location requests, or provide a privacy-forward Single Sign-On feature.

But, while Apple has taken several, commendable steps into protecting users, the company’s reach only goes so far, which means that it alone cannot stop threat actors from snooping on users’ unencrypted web traffic, poorly configured apps from leaking user data to rogue WiFi networks, or mobile phone carriers from selling user data to make money.

For those problems, iPhone users would greatly benefit from using a Virtual Private Network (VPN). A VPN creates an encrypted “tunnel” between your phone and somebody you trust, such as the company you work for, or your VPN provider. Your phone traffic is routed through the tunnel, where it’s protected from surveillance, before joining the internet.

Using a VPN on an iPhone can bolster the overall privacy and security that users have come to expect from the Cupertino-based phone maker, which has literally gone to court to fight back against efforts to downgrade its mobile operating system’s security.

If there’s one reason users need to use a VPN with their iPhones, it’s this: A VPN can protect where Apple cannot. Below are a list of reasons why you need a VPN on your Apple iPhone:

VPNs encrypt your iPhone’s web activity

The Internet is a complex place, with countless servers hosting trillions of web pages, visited by billions of machines every day. When you use the Internet, there are some safeguards in place for protecting your online activity, but those safeguards are incomplete and they aren’t the work of Apple. Expecting Apple to protect all of your Internet traffic is like expecting Ford to make safer highways.

Because of this, when you use an iPhone to browse online, you could still be vulnerable to threat actors snooping on your Internet traffic when you use a public WiFi network, like when working at a cafe, staying at a hotel, or waiting for a flight at the airport.

Using a VPN on your phone can protect you against those attacks, in exactly the same way it would if you were browsing the web on your laptop or desktop machine. You get the same security and the same privacy boosts, no matter the device. This is crucial because, as users begin to spend more time navigating the Internet on their phones, they are spending more time connecting to it from untrusted environments, over somebody else’s WiFi.

The good news for Internet users is that there is a long-standing effort to encrypt the entirety of the web. But although great strides have been made in the last decade, it’s important to remember that the Internet today is not yet reliably private or secure. Whilst lots of web pages are served over HTTPS (the secure form of HTTP) many are not, and most DNS lookups–which reveal the names of the websites you’re visiting–are vulnerable to snooping.

The better news is that, until the entirety of the web is encrypted, a VPN will fill in the gaps and provide much of the security online that Apple can’t control. Remember, the iPhone’s security can only go so far.

VPNs encrypt your iPhone’s app traffic

Encrypting your iPhone’s web activity while browsing online is good, but realistically, many of your iPhone apps are connecting to the Internet on a near round-the-clock basis, crunching data in the Cloud, and refreshing in the background to check for notifications and updates. Just because these connections aren’t happening through a browser doesn’t mean that threat actors are any less interested in it.

In fact, the vulnerabilities of many poorly configured apps are likely too many to count. Time after time, studies of different types of apps have shown too many are either missing the encryption necessary to protect you, or that it exists in a weak, flawed or broken state. And, most alarmingly, there is no way for users to tell the good apps from the bad ones without specialist knowledge and equipment.

Just like the web, there is only so much that Apple can do to protect you from apps that communicate insecurely. But, again, a VPN can help plug the gaps in your apps’ encryption by wrapping it all in a protective tunnel.

VPNs stop your carrier from monetizing your data

Protecting your Internet activity from eavesdropping doesn’t just defang threat actors, it also prevents your mobile service carrier from making an extra buck at your expense of your privacy. At least in the United States, mobile service carriers like Verizon, AT&T, and T-Mobile can look at your Internet activity–including what you look at, what apps you’ve downloaded, and how you interact with certain services– and then bundle that activity into profiles that it can then sell for advertising purposes.

If this sounds wrong to you, you’re not alone. And if you think that mobile carriers wouldn’t abuse your data, think again. Last year, the US Federal Communications Commission announced a collective $200 million in fines against Verizon, AT&T, Sprint, and T-Mobile for those companies’ sale of user location data without users’ consent.

A VPN on iPhone will hide a great deal of your Internet activity from your mobile carrier, in the exact same way that it hides your online activity from your Internet Service Provider. Your carrier is on the outside of the VPN’s tunnel and can’t look inside it. Take a stand for your privacy and reclaim your Internet activity for yourself.

By now, it should be clear that using a VPN with an iPhone isn’t futile, or redundant, or useless. In fact, it’s a great way to bolster your security and your privacy.

The post The one reason your iPhone needs a VPN appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/the-one-reason-your-iphone-needs-a-vpn-6/?utm_source=rss&utm_medium=rss&utm_campaign=the-one-reason-your-iphone-needs-a-vpn-6

Pair of Apex Legends Players Banned for DDoS Server Attacks

Predator-ranked players on Xbox console game version rigged matches with DDoS attacks.
Read More

The post Pair of Apex Legends Players Banned for DDoS Server Attacks appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/pair-of-apex-legends-players-banned-for-ddos-server-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=pair-of-apex-legends-players-banned-for-ddos-server-attacks

The one reason your iPhone needs a VPN

For years, Apple has marketed its iPhone as the more secure, more private option when compared to other smart phones, which do not, by default, include an end-to-end encrypted messaging app, warn users repeatedly about app location requests, or provide a privacy-forward Single Sign-On feature.

But, while Apple has taken several, commendable steps into protecting users, the company’s reach only goes so far, which means that it alone cannot stop threat actors from snooping on users’ unencrypted web traffic, poorly configured apps from leaking user data to rogue WiFi networks, or mobile phone carriers from selling user data to make money.

For those problems, iPhone users would greatly benefit from using a Virtual Private Network (VPN). A VPN creates an encrypted “tunnel” between your phone and somebody you trust, such as the company you work for, or your VPN provider. Your phone traffic is routed through the tunnel, where it’s protected from surveillance, before joining the internet.

Using a VPN on an iPhone can bolster the overall privacy and security that users have come to expect from the Cupertino-based phone maker, which has literally gone to court to fight back against efforts to downgrade its mobile operating system’s security.

If there’s one reason users need to use a VPN with their iPhones, it’s this: A VPN can protect where Apple cannot. Below are a list of reasons why you need a VPN on your Apple iPhone:

VPNs encrypt your iPhone’s web activity

The Internet is a complex place, with countless servers hosting trillions of web pages, visited by billions of machines every day. When you use the Internet, there are some safeguards in place for protecting your online activity, but those safeguards are incomplete and they aren’t the work of Apple. Expecting Apple to protect all of your Internet traffic is like expecting Ford to make safer highways.

Because of this, when you use an iPhone to browse online, you could still be vulnerable to threat actors snooping on your Internet traffic when you use a public WiFi network, like when working at a cafe, staying at a hotel, or waiting for a flight at the airport.

Using a VPN on your phone can protect you against those attacks, in exactly the same way it would if you were browsing the web on your laptop or desktop machine. You get the same security and the same privacy boosts, no matter the device. This is crucial because, as users begin to spend more time navigating the Internet on their phones, they are spending more time connecting to it from untrusted environments, over somebody else’s WiFi.

The good news for Internet users is that there is a long-standing effort to encrypt the entirety of the web. But although great strides have been made in the last decade, it’s important to remember that the Internet today is not yet reliably private or secure. Whilst lots of web pages are served over HTTPS (the secure form of HTTP) many are not, and most DNS lookups–which reveal the names of the websites you’re visiting–are vulnerable to snooping.

The better news is that, until the entirety of the web is encrypted, a VPN will fill in the gaps and provide much of the security online that Apple can’t control. Remember, the iPhone’s security can only go so far.

VPNs encrypt your iPhone’s app traffic

Encrypting your iPhone’s web activity while browsing online is good, but realistically, many of your iPhone apps are connecting to the Internet on a near round-the-clock basis, crunching data in the Cloud, and refreshing in the background to check for notifications and updates. Just because these connections aren’t happening through a browser doesn’t mean that threat actors are any less interested in it.

In fact, the vulnerabilities of many poorly configured apps are likely too many to count. Time after time, studies of different types of apps have shown too many are either missing the encryption necessary to protect you, or that it exists in a weak, flawed or broken state. And, most alarmingly, there is no way for users to tell the good apps from the bad ones without specialist knowledge and equipment.

Just like the web, there is only so much that Apple can do to protect you from apps that communicate insecurely. But, again, a VPN can help plug the gaps in your apps’ encryption by wrapping it all in a protective tunnel.

VPNs stop your carrier from monetizing your data

Protecting your Internet activity from eavesdropping doesn’t just defang threat actors, it also prevents your mobile service carrier from making an extra buck at your expense of your privacy. At least in the United States, mobile service carriers like Verizon, AT&T, and T-Mobile can look at your Internet activity–including what you look at, what apps you’ve downloaded, and how you interact with certain services– and then bundle that activity into profiles that it can then sell for advertising purposes.

If this sounds wrong to you, you’re not alone. And if you think that mobile carriers wouldn’t abuse your data, think again. Last year, the US Federal Communications Commission announced a collective $200 million in fines against Verizon, AT&T, Sprint, and T-Mobile for those companies’ sale of user location data without users’ consent.

A VPN on iPhone will hide a great deal of your Internet activity from your mobile carrier, in the exact same way that it hides your online activity from your Internet Service Provider. Your carrier is on the outside of the VPN’s tunnel and can’t look inside it. Take a stand for your privacy and reclaim your Internet activity for yourself.

By now, it should be clear that using a VPN with an iPhone isn’t futile, or redundant, or useless. In fact, it’s a great way to bolster your security and your privacy.

The post The one reason your iPhone needs a VPN appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/the-one-reason-your-iphone-needs-a-vpn-5/?utm_source=rss&utm_medium=rss&utm_campaign=the-one-reason-your-iphone-needs-a-vpn-5

How NDR Technology Helps Manage Cybersecurity Challenges – Nemi George – BSW #211

NDR technologies such as ExtraHop are the latest tools in the CISO toolbox for combating cybersecurity threats. It enables previously unattainable speed and efficacy in detecting, identifying and responding to anomalies and malicious traffic and network events.

This segment is sponsored by ExtraHop Networks.

Visit https://securityweekly.com/extrahop to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw211

The post How NDR Technology Helps Manage Cybersecurity Challenges – Nemi George – BSW #211 appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/how-ndr-technology-helps-manage-cybersecurity-challenges-nemi-george-bsw-211/?utm_source=rss&utm_medium=rss&utm_campaign=how-ndr-technology-helps-manage-cybersecurity-challenges-nemi-george-bsw-211

American Distrust in Press: Deadly 1830s Cancel Culture

As I read current news from the press about America losing trust in news, I am reminded of the long history of this issue. One of the more tragic stories is this one from 1837: Elijah Lovejoy was a reverend and printer in Alton, Illinois, in the 1830s. He was the editor for the Alton … Continue reading American Distrust in Press: Deadly 1830s Cancel Culture →

The post American Distrust in Press: Deadly 1830s Cancel Culture appeared first on Security Boulevard.

Read More

The post American Distrust in Press: Deadly 1830s Cancel Culture appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/american-distrust-in-press-deadly-1830s-cancel-culture/?utm_source=rss&utm_medium=rss&utm_campaign=american-distrust-in-press-deadly-1830s-cancel-culture

Anton’s Security Blog Quarterly Q1 2021

Sometimes great old blog posts are hard to find (especially on Medium…), so I decided to do a periodic list blog with my favorite posts of the past quarter or so.

Here is my second. The posts below are ranked by lifetime views and topic. It covers both Anton on Security and my posts from Google Cloud blog [and now our Cloud Security Podcast too!]

Top 3 most popular posts of all times (same posts as last time, all happen to be on security operations):

• “Security Correlation Then and Now: A Sad Truth About SIEM”
• “Beware: Clown-grade SOCs Still Abound”
• “Can We Have “Detection as Code”?”

Security operations / detection & response:

• “Security Correlation Then and Now: A Sad Truth About SIEM”
• “Beware: Clown-grade SOCs Still Abound”
• “Can We Have “Detection as Code”?”
• “New Paper: “Future of the SOC: SOC People — Skills, Not Tiers””
• “Why is Threat Detection Hard?”
• “Revisiting the Visibility Triad for 2020”
• “New Paper: “Future of the SOC: Forces shaping modern security operations””
• “Top 10 SIEM Log Sources in Real Life?”

Data security:

• “New whitepaper: Designing and deploying a data security strategy with Google Cloud” [GCP Blog]
• “The cloud trust paradox: To trust cloud computing more, you need the ability to trust it less” [GCP Blog]
• “The cloud trust paradox: 3 scenarios where keeping encryption keys off the cloud may be necessary” [GCP Blog]
• “Data Security and Threat Models”
• “Lost in translation: encryption, key management, and real security” [GCP Blog]
• “Musings on Modern Data Security”
• “Improving security, compliance, and governance with cloud-based DLP data discovery” [GCP Blog]
• “Transform data to secure it: Use Cloud DLP” [GCP Blog]
• “Not just compliance: reimagining DLP for today’s cloud-centric world” [GCP Blog]

Cloud security:

• “Move to Cloud: A Chance to Finally Transform Security?”
• “Cloud Migration Security Woes”
• “Is Your Fate In the Cloud?”

FREE BONUS  Top Cloud Security Podcast episodes:

• Episode 4 “Gathering Data for Zero Trust”
• Episode 1“Confidentially Speaking”
• Episode 5 “Preparing for Cloud Migrations from a CISO Perspective, Part 1”

Enjoy!

Previous posts in this series:

• Anton’s Security Blog Quarterly Q3.5 2020

---

Anton’s Security Blog Quarterly Q1 2021 was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post Anton’s Security Blog Quarterly Q1 2021 appeared first on Security Boulevard.

Read More

The post Anton’s Security Blog Quarterly Q1 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/antons-security-blog-quarterly-q1-2021/?utm_source=rss&utm_medium=rss&utm_campaign=antons-security-blog-quarterly-q1-2021

The one reason your iPhone needs a VPN

For years, Apple has marketed its iPhone as the more secure, more private option when compared to other smart phones, which do not, by default, include an end-to-end encrypted messaging app, warn users repeatedly about app location requests, or provide a privacy-forward Single Sign-On feature.

But, while Apple has taken several, commendable steps into protecting users, the company’s reach only goes so far, which means that it alone cannot stop threat actors from snooping on users’ unencrypted web traffic, poorly configured apps from leaking user data to rogue WiFi networks, or mobile phone carriers from selling user data to make money.

For those problems, iPhone users would greatly benefit from using a Virtual Private Network (VPN). A VPN creates an encrypted “tunnel” between your phone and somebody you trust, such as the company you work for, or your VPN provider. Your phone traffic is routed through the tunnel, where it’s protected from surveillance, before joining the internet.

Using a VPN on an iPhone can bolster the overall privacy and security that users have come to expect from the Cupertino-based phone maker, which has literally gone to court to fight back against efforts to downgrade its mobile operating system’s security.

If there’s one reason users need to use a VPN with their iPhones, it’s this: A VPN can protect where Apple cannot. Below are a list of reasons why you need a VPN on your Apple iPhone:

VPNs encrypt your iPhone’s web activity

The Internet is a complex place, with countless servers hosting trillions of web pages, visited by billions of machines every day. When you use the Internet, there are some safeguards in place for protecting your online activity, but those safeguards are incomplete and they aren’t the work of Apple. Expecting Apple to protect all of your Internet traffic is like expecting Ford to make safer highways.

Because of this, when you use an iPhone to browse online, you could still be vulnerable to threat actors snooping on your Internet traffic when you use a public WiFi network, like when working at a cafe, staying at a hotel, or waiting for a flight at the airport.

Using a VPN on your phone can protect you against those attacks, in exactly the same way it would if you were browsing the web on your laptop or desktop machine. You get the same security and the same privacy boosts, no matter the device. This is crucial because, as users begin to spend more time navigating the Internet on their phones, they are spending more time connecting to it from untrusted environments, over somebody else’s WiFi.

The good news for Internet users is that there is a long-standing effort to encrypt the entirety of the web. But although great strides have been made in the last decade, it’s important to remember that the Internet today is not yet reliably private or secure. Whilst lots of web pages are served over HTTPS (the secure form of HTTP) many are not, and most DNS lookups–which reveal the names of the websites you’re visiting–are vulnerable to snooping.

The better news is that, until the entirety of the web is encrypted, a VPN will fill in the gaps and provide much of the security online that Apple can’t control. Remember, the iPhone’s security can only go so far.

VPNs encrypt your iPhone’s app traffic

Encrypting your iPhone’s web activity while browsing online is good, but realistically, many of your iPhone apps are connecting to the Internet on a near round-the-clock basis, crunching data in the Cloud, and refreshing in the background to check for notifications and updates. Just because these connections aren’t happening through a browser doesn’t mean that threat actors are any less interested in it.

In fact, the vulnerabilities of many poorly configured apps are likely too many to count. Time after time, studies of different types of apps have shown too many are either missing the encryption necessary to protect you, or that it exists in a weak, flawed or broken state. And, most alarmingly, there is no way for users to tell the good apps from the bad ones without specialist knowledge and equipment.

Just like the web, there is only so much that Apple can do to protect you from apps that communicate insecurely. But, again, a VPN can help plug the gaps in your apps’ encryption by wrapping it all in a protective tunnel.

VPNs stop your carrier from monetizing your data

Protecting your Internet activity from eavesdropping doesn’t just defang threat actors, it also prevents your mobile service carrier from making an extra buck at your expense of your privacy. At least in the United States, mobile service carriers like Verizon, AT&T, and T-Mobile can look at your Internet activity–including what you look at, what apps you’ve downloaded, and how you interact with certain services– and then bundle that activity into profiles that it can then sell for advertising purposes.

If this sounds wrong to you, you’re not alone. And if you think that mobile carriers wouldn’t abuse your data, think again. Last year, the US Federal Communications Commission announced a collective $200 million in fines against Verizon, AT&T, Sprint, and T-Mobile for those companies’ sale of user location data without users’ consent.

A VPN on iPhone will hide a great deal of your Internet activity from your mobile carrier, in the exact same way that it hides your online activity from your Internet Service Provider. Your carrier is on the outside of the VPN’s tunnel and can’t look inside it. Take a stand for your privacy and reclaim your Internet activity for yourself.

By now, it should be clear that using a VPN with an iPhone isn’t futile, or redundant, or useless. In fact, it’s a great way to bolster your security and your privacy.

The post The one reason your iPhone needs a VPN appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/the-one-reason-your-iphone-needs-a-vpn-4/?utm_source=rss&utm_medium=rss&utm_campaign=the-one-reason-your-iphone-needs-a-vpn-4

The one reason your iPhone needs a VPN

For years, Apple has marketed its iPhone as the more secure, more private option when compared to other smart phones, which do not, by default, include an end-to-end encrypted messaging app, warn users repeatedly about app location requests, or provide a privacy-forward Single Sign-On feature.

But, while Apple has taken several, commendable steps into protecting users, the company’s reach only goes so far, which means that it alone cannot stop threat actors from snooping on users’ unencrypted web traffic, poorly configured apps from leaking user data to rogue WiFi networks, or mobile phone carriers from selling user data to make money.

For those problems, iPhone users would greatly benefit from using a Virtual Private Network (VPN). A VPN creates an encrypted “tunnel” between your phone and somebody you trust, such as the company you work for, or your VPN provider. Your phone traffic is routed through the tunnel, where it’s protected from surveillance, before joining the internet.

Using a VPN on an iPhone can bolster the overall privacy and security that users have come to expect from the Cupertino-based phone maker, which has literally gone to court to fight back against efforts to downgrade its mobile operating system’s security.

If there’s one reason users need to use a VPN with their iPhones, it’s this: A VPN can protect where Apple cannot. Below are a list of reasons why you need a VPN on your Apple iPhone:

VPNs encrypt your iPhone’s web activity

The Internet is a complex place, with countless servers hosting trillions of web pages, visited by billions of machines every day. When you use the Internet, there are some safeguards in place for protecting your online activity, but those safeguards are incomplete and they aren’t the work of Apple. Expecting Apple to protect all of your Internet traffic is like expecting Ford to make safer highways.

Because of this, when you use an iPhone to browse online, you could still be vulnerable to threat actors snooping on your Internet traffic when you use a public WiFi network, like when working at a cafe, staying at a hotel, or waiting for a flight at the airport.

Using a VPN on your phone can protect you against those attacks, in exactly the same way it would if you were browsing the web on your laptop or desktop machine. You get the same security and the same privacy boosts, no matter the device. This is crucial because, as users begin to spend more time navigating the Internet on their phones, they are spending more time connecting to it from untrusted environments, over somebody else’s WiFi.

The good news for Internet users is that there is a long-standing effort to encrypt the entirety of the web. But although great strides have been made in the last decade, it’s important to remember that the Internet today is not yet reliably private or secure. Whilst lots of web pages are served over HTTPS (the secure form of HTTP) many are not, and most DNS lookups–which reveal the names of the websites you’re visiting–are vulnerable to snooping.

The better news is that, until the entirety of the web is encrypted, a VPN will fill in the gaps and provide much of the security online that Apple can’t control. Remember, the iPhone’s security can only go so far.

VPNs encrypt your iPhone’s app traffic

Encrypting your iPhone’s web activity while browsing online is good, but realistically, many of your iPhone apps are connecting to the Internet on a near round-the-clock basis, crunching data in the Cloud, and refreshing in the background to check for notifications and updates. Just because these connections aren’t happening through a browser doesn’t mean that threat actors are any less interested in it.

In fact, the vulnerabilities of many poorly configured apps are likely too many to count. Time after time, studies of different types of apps have shown too many are either missing the encryption necessary to protect you, or that it exists in a weak, flawed or broken state. And, most alarmingly, there is no way for users to tell the good apps from the bad ones without specialist knowledge and equipment.

Just like the web, there is only so much that Apple can do to protect you from apps that communicate insecurely. But, again, a VPN can help plug the gaps in your apps’ encryption by wrapping it all in a protective tunnel.

VPNs stop your carrier from monetizing your data

Protecting your Internet activity from eavesdropping doesn’t just defang threat actors, it also prevents your mobile service carrier from making an extra buck at your expense of your privacy. At least in the United States, mobile service carriers like Verizon, AT&T, and T-Mobile can look at your Internet activity–including what you look at, what apps you’ve downloaded, and how you interact with certain services– and then bundle that activity into profiles that it can then sell for advertising purposes.

If this sounds wrong to you, you’re not alone. And if you think that mobile carriers wouldn’t abuse your data, think again. Last year, the US Federal Communications Commission announced a collective $200 million in fines against Verizon, AT&T, Sprint, and T-Mobile for those companies’ sale of user location data without users’ consent.

A VPN on iPhone will hide a great deal of your Internet activity from your mobile carrier, in the exact same way that it hides your online activity from your Internet Service Provider. Your carrier is on the outside of the VPN’s tunnel and can’t look inside it. Take a stand for your privacy and reclaim your Internet activity for yourself.

By now, it should be clear that using a VPN with an iPhone isn’t futile, or redundant, or useless. In fact, it’s a great way to bolster your security and your privacy.

The post The one reason your iPhone needs a VPN appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/the-one-reason-your-iphone-needs-a-vpn-3/?utm_source=rss&utm_medium=rss&utm_campaign=the-one-reason-your-iphone-needs-a-vpn-3

The one reason your iPhone needs a VPN

For years, Apple has marketed its iPhone as the more secure, more private option when compared to other smart phones, which do not, by default, include an end-to-end encrypted messaging app, warn users repeatedly about app location requests, or provide a privacy-forward Single Sign-On feature.

But, while Apple has taken several, commendable steps into protecting users, the company’s reach only goes so far, which means that it alone cannot stop threat actors from snooping on users’ unencrypted web traffic, poorly configured apps from leaking user data to rogue WiFi networks, or mobile phone carriers from selling user data to make money.

For those problems, iPhone users would greatly benefit from using a Virtual Private Network (VPN). A VPN creates an encrypted “tunnel” between your phone and somebody you trust, such as the company you work for, or your VPN provider. Your phone traffic is routed through the tunnel, where it’s protected from surveillance, before joining the internet.

Using a VPN on an iPhone can bolster the overall privacy and security that users have come to expect from the Cupertino-based phone maker, which has literally gone to court to fight back against efforts to downgrade its mobile operating system’s security.

If there’s one reason users need to use a VPN with their iPhones, it’s this: A VPN can protect where Apple cannot. Below are a list of reasons why you need a VPN on your Apple iPhone:

VPNs encrypt your iPhone’s web activity

The Internet is a complex place, with countless servers hosting trillions of web pages, visited by billions of machines every day. When you use the Internet, there are some safeguards in place for protecting your online activity, but those safeguards are incomplete and they aren’t the work of Apple. Expecting Apple to protect all of your Internet traffic is like expecting Ford to make safer highways.

Because of this, when you use an iPhone to browse online, you could still be vulnerable to threat actors snooping on your Internet traffic when you use a public WiFi network, like when working at a café, staying at a hotel, or waiting for a flight at the airport.

Using a VPN on your phone can protect you against those attacks, in exactly the same way it would if you were browsing the web on your laptop or desktop machine. You get the same security and the same privacy boosts, no matter the device. This is crucial because, as users begin to spend more time navigating the Internet on their phones, they are spending more time connecting to it from untrusted environments, over somebody else’s WiFi.

The good news for Internet users is that there is a long-standing effort to encrypt the entirety of the web. But although great strides have been made in the last decade, it’s important to remember that the Internet today is not yet reliably private or secure. Whilst lots of web pages are served over HTTPS (the secure form of HTTP) many are not, and most DNS lookups—which reveal the names of the websites you’re visiting—are vulnerable to snooping.

The better news is that, until the entirety of the web is encrypted, a VPN will fill in the gaps and provide much of the security online that Apple can’t control. Remember, the iPhone’s security can only go so far.

VPNs encrypt your iPhone’s app traffic  

Encrypting your iPhone’s web activity while browsing online is good, but realistically, many of your iPhone apps are connecting to the Internet on a near round-the-clock basis, crunching data in the Cloud, and refreshing in the background to check for notifications and updates. Just because these connections aren’t happening through a browser doesn’t mean that threat actors are any less interested in it.

In fact, the vulnerabilities of many poorly configured apps are likely too many to count. Time after time, studies of different types of apps have shown too many are either missing the encryption necessary to protect you, or that it exists in a weak, flawed or broken state. And, most alarmingly, there is no way for users to tell the good apps from the bad ones without specialist knowledge and equipment.

Just like the web, there is only so much that Apple can do to protect you from apps that communicate insecurely. But, again, a VPN can help plug the gaps in your apps’ encryption by wrapping it all in a protective tunnel.

VPNs stop your carrier from monetizing your data

Protecting your Internet activity from eavesdropping doesn’t just defang threat actors, it also prevents your mobile service carrier from making an extra buck at your expense of your privacy. At least in the United States, mobile service carriers like Verizon, AT&T, and T-Mobile can look at your Internet activity—including what you look at, what apps you’ve downloaded, and how you interact with certain services— and then bundle that activity into profiles that it can then sell for advertising purposes.

If this sounds wrong to you, you’re not alone. And if you think that mobile carriers wouldn’t abuse your data, think again. Last year, the US Federal Communications Commission announced a collective $200 million in fines against Verizon, AT&T, Sprint, and T-Mobile for those companies’ sale of user location data without users’ consent.

A VPN on iPhone will hide a great deal of your Internet activity from your mobile carrier, in the exact same way that it hides your online activity from your Internet Service Provider. Your carrier is on the outside of the VPN’s tunnel and can’t look inside it. Take a stand for your privacy and reclaim your Internet activity for yourself.

By now, it should be clear that using a VPN with an iPhone isn’t futile, or redundant, or useless. In fact, it’s a great way to bolster your security and your privacy.

The post The one reason your iPhone needs a VPN appeared first on Malwarebytes Labs.

The post The one reason your iPhone needs a VPN appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/the-one-reason-your-iphone-needs-a-vpn-2/?utm_source=rss&utm_medium=rss&utm_campaign=the-one-reason-your-iphone-needs-a-vpn-2

The one reason your iPhone needs a VPN

For years, Apple has marketed its iPhone as the more secure, more private option when compared to other smart phones, which do not, by default, include an end-to-end encrypted messaging app, warn users repeatedly about app location requests, or provide a privacy-forward Single Sign-On feature.

But, while Apple has taken several, commendable steps into protecting users, the company’s reach only goes so far, which means that it alone cannot stop threat actors from snooping on users’ unencrypted web traffic, poorly configured apps from leaking user data to rogue WiFi networks, or mobile phone carriers from selling user data to make money.

For those problems, iPhone users would greatly benefit from using a Virtual Private Network (VPN). A VPN creates an encrypted “tunnel” between your phone and somebody you trust, such as the company you work for, or your VPN provider. Your phone traffic is routed through the tunnel, where it’s protected from surveillance, before joining the internet.

Using a VPN on an iPhone can bolster the overall privacy and security that users have come to expect from the Cupertino-based phone maker, which has literally gone to court to fight back against efforts to downgrade its mobile operating system’s security.

If there’s one reason users need to use a VPN with their iPhones, it’s this: A VPN can protect where Apple cannot. Below are a list of reasons why you need a VPN on your Apple iPhone:

VPNs encrypt your iPhone’s web activity

The Internet is a complex place, with countless servers hosting trillions of web pages, visited by billions of machines every day. When you use the Internet, there are some safeguards in place for protecting your online activity, but those safeguards are incomplete and they aren’t the work of Apple. Expecting Apple to protect all of your Internet traffic is like expecting Ford to make safer highways.

Because of this, when you use an iPhone to browse online, you could still be vulnerable to threat actors snooping on your Internet traffic when you use a public WiFi network, like when working at a cafe, staying at a hotel, or waiting for a flight at the airport.

Using a VPN on your phone can protect you against those attacks, in exactly the same way it would if you were browsing the web on your laptop or desktop machine. You get the same security and the same privacy boosts, no matter the device. This is crucial because, as users begin to spend more time navigating the Internet on their phones, they are spending more time connecting to it from untrusted environments, over somebody else’s WiFi.

The good news for Internet users is that there is a long-standing effort to encrypt the entirety of the web. But although great strides have been made in the last decade, it’s important to remember that the Internet today is not yet reliably private or secure. Whilst lots of web pages are served over HTTPS (the secure form of HTTP) many are not, and most DNS lookups–which reveal the names of the websites you’re visiting–are vulnerable to snooping.

The better news is that, until the entirety of the web is encrypted, a VPN will fill in the gaps and provide much of the security online that Apple can’t control. Remember, the iPhone’s security can only go so far.

VPNs encrypt your iPhone’s app traffic

Encrypting your iPhone’s web activity while browsing online is good, but realistically, many of your iPhone apps are connecting to the Internet on a near round-the-clock basis, crunching data in the Cloud, and refreshing in the background to check for notifications and updates. Just because these connections aren’t happening through a browser doesn’t mean that threat actors are any less interested in it.

In fact, the vulnerabilities of many poorly configured apps are likely too many to count. Time after time, studies of different types of apps have shown too many are either missing the encryption necessary to protect you, or that it exists in a weak, flawed or broken state. And, most alarmingly, there is no way for users to tell the good apps from the bad ones without specialist knowledge and equipment.

Just like the web, there is only so much that Apple can do to protect you from apps that communicate insecurely. But, again, a VPN can help plug the gaps in your apps’ encryption by wrapping it all in a protective tunnel.

VPNs stop your carrier from monetizing your data

Protecting your Internet activity from eavesdropping doesn’t just defang threat actors, it also prevents your mobile service carrier from making an extra buck at your expense of your privacy. At least in the United States, mobile service carriers like Verizon, AT&T, and T-Mobile can look at your Internet activity–including what you look at, what apps you’ve downloaded, and how you interact with certain services– and then bundle that activity into profiles that it can then sell for advertising purposes.

If this sounds wrong to you, you’re not alone. And if you think that mobile carriers wouldn’t abuse your data, think again. Last year, the US Federal Communications Commission announced a collective $200 million in fines against Verizon, AT&T, Sprint, and T-Mobile for those companies’ sale of user location data without users’ consent.

A VPN on iPhone will hide a great deal of your Internet activity from your mobile carrier, in the exact same way that it hides your online activity from your Internet Service Provider. Your carrier is on the outside of the VPN’s tunnel and can’t look inside it. Take a stand for your privacy and reclaim your Internet activity for yourself.

By now, it should be clear that using a VPN with an iPhone isn’t futile, or redundant, or useless. In fact, it’s a great way to bolster your security and your privacy.

The post The one reason your iPhone needs a VPN appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/the-one-reason-your-iphone-needs-a-vpn/?utm_source=rss&utm_medium=rss&utm_campaign=the-one-reason-your-iphone-needs-a-vpn

TikTok Analysis, Patching Patches, CI/CD Integrity, Faster Fuzzing, & Slack Safety – ASW #145

Security and privacy technical analysis of TikTok, subtle parsing problems, chain of trust through a CI/CD pipeline, faster fuzzing even without source code, interplay of application security and application safety!

2:25 – SolarWinds Experimenting With New Software Build System in Wake of Breach
7:47 – TikTok vs Douyin — A Security and Privacy Analysis
13:07 – Analyzing attacks taking advantage of the Exchange Server vulnerabilities
17:07 – Secure containerized environments with updated threat matrix for Kubernetes
19:05 – SaltStack: further injection vulnerabilities
22:13 – Finding undocumented x86 instructions on modern processors
25:35 – Un-bee-lievable Performance: Fast Coverage-guided Fuzzing with Honeybee and Intel Processor Trace

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw145

The post TikTok Analysis, Patching Patches, CI/CD Integrity, Faster Fuzzing, & Slack Safety – ASW #145 appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/tiktok-analysis-patching-patches-ci-cd-integrity-faster-fuzzing-slack-safety-asw-145/?utm_source=rss&utm_medium=rss&utm_campaign=tiktok-analysis-patching-patches-ci-cd-integrity-faster-fuzzing-slack-safety-asw-145

Hades Ransomware Gang Exhibits Connections to Hafnium

There could be more than immediately meets the eye with this targeted attack group.
Read More

The post Hades Ransomware Gang Exhibits Connections to Hafnium appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/hades-ransomware-gang-exhibits-connections-to-hafnium/?utm_source=rss&utm_medium=rss&utm_campaign=hades-ransomware-gang-exhibits-connections-to-hafnium

Network Security News Summary for Tuesday March 30th, 2021

RTF Shellcode; PHP Git Repo Compromise; npm “netmask” package vuln

Jumping Into Shellcode
https://isc.sans.edu/forums/diary/Jumping+into+Shellcode/27256/

PHP git repo compromised
https://news-web.php.net/php.internals/113838

npm “netmask” package vulnerability
https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/

keywords: npm; php; git; github; shellcode; rtf

The post Network Security News Summary for Tuesday March 30th, 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/03/29/network-security-news-summary-for-tuesday-march-30th-2021/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-tuesday-march-30th-2021