The State of VPN Security Today

Today’s post is authored by Christopher Nichols from SurfShark.com, who gives a quick insight of some of the main threats of surfing without protection in today’s Internet, and gives some valuable information on the advantages of, probably, the main countermeasure: Virtual Private Networks. Please enjoy.

No one should log onto the internet without the added protection of a virtual private network (VPN). Personal and financial information transmitted over the web needs protection against snoopers, hackers, and spies. Those snoopers also include the user’s own government as well as the internet services provider, who collects service fees as well as free information from their users. [Read more…]

EternalSilence: Why your router may be at risk from this NSA tool

Today’s article is courtesy of John Mason, co-founder of  TheBestVPN.com and writer at TripwireStaySafeOnline, DigitalGuardian y Educause. You can find him on twitter as @JohnCyberMason.

Do you trust your router to keep you safe from hackers and spies? You may want to take another look just to make sure.

Akamai recently discovered a malware campaign that has already compromised over 45,113 home and office routers. This was done using a tool based on the United States of America’s NSA hacking tools which were leaked online in 2017. To explain how hackers use this tool to turn your router into a proxy server, we first have to understand how UPnP works.

UPnP is a protocol that eases device and service discovery as well as the configuration of consumer devices and networks. Its primary purpose was to allow devices on a LAN to automatically expose services and functionality other devices on the local network.

[Read more…]

Registration for the RHME2 embedded CTF is open

The RHME2 is an embedded CTF running on the Arduino Nano board. The participants have to prove their skills both on software and hardware exploitation. Buffer overflows, ROP, C++ exploitation, cryptoanalysis, side channel analysis, fault injection… and all these in an AVR architecture!

The pre-registration for the 2nd edition of the RHME challenge is open now. Pre-register now and get your Arduino Nano with the challenges. The boards will be sent for free at the end of October and the CTF will officially start on November 1st. There is a limit of 500 boards and the first to come, the first to ship!
More information at http://rhme.riscure.com... Leer Más

Buster Sandbox Analyzer

(Today we have an interesting collaboration of Pedro Lopez, who describes Buster Sandbox Analyzer tool for those who do not already know it and invites anyone interested to collaborate with its development)

Buster Sandbox Analyzer is a tool designed to analyze the suspicious behavior of applications, ie those actions carried out typically by malware. Some examples of typical actions performed by malware are making a copy of itself elsewhere on the hard drive, modifying registry keys or adding files in the Windows installation directory among others.

However, when identifying an action as “dangerous”, the question is that some of the actions considered as suspicious are also usually performed by legitimate applications. It is thus very important to consider the overall context of the analyzed application: is it reasonable that the application we tested perform these actions?

[Read more…]