virtual private networks Archives

AppWizard

August 19, 2025

Android VPN apps used by millions are covertly connected AND insecure

Recent research from Arizona State University and Citizen Lab has identified connections among three families of Android VPN applications with over 700 million downloads, raising concerns about user privacy and security. The analysis revealed three groups of VPN providers: 1. Group A: Eight apps from three providers sharing identical Java code and libraries, exhibiting vulnerabilities such as: - Collecting location data against privacy policies. - Using weak encryption methods. - Hard-coded Shadowsocks passwords that could allow traffic decryption. 2. Group B: Eight apps from five providers supporting only the Shadowsocks protocol, sharing libraries and hard-coded passwords, with all servers hosted by GlobalTeleHost Corp. 3. Group C: Two providers with one app each, using a custom tunneling protocol and sharing similar code, vulnerable to connection inference attacks. The research highlighted significant privacy breaches, including undisclosed location data collection and vulnerabilities that could allow eavesdroppers to decrypt communications. Alarmingly, these VPN providers are linked to Qihoo 360, a Chinese company that has concealed this connection, raising concerns about potential data sharing with the government due to China's strict laws. Additionally, the Tech Transparency Project found that many free VPN apps on the Apple App Store are also linked to companies in mainland China or Hong Kong without disclosing these ties.

AppWizard

August 13, 2025

Russia restricts calls via WhatsApp and Telegram, the latest step to control the internet

Russian authorities have announced partial restrictions on calls made through Telegram and WhatsApp, citing concerns about crime and misuse of these platforms. Roskomnadzor claims these messaging services are used for deception, extortion, and terrorist activities. The government has expressed frustration over the lack of cooperation from the platform owners regarding countermeasures. Recent reports indicate users are experiencing difficulties with calls on these applications. WhatsApp had over 96 million monthly users and Telegram had more than 89 million in Russia as of July. In Crimea, cellphone internet shutdowns may last indefinitely, and a new law penalizes users for accessing illicit content. A new national messaging app, MAX, is being developed by VK, a Russian company. Access to calls via WhatsApp and Telegram could be restored if the platforms comply with Russian laws, but current restrictions only apply to audio calls.

Tech Optimizer

June 5, 2025

CISA releases TTPs & IoCs for Play Ransomware That Hacked 900+ Orgs

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the FBI and the Australian Cyber Security Centre, released an advisory on the Play ransomware group, which has targeted around 900 entities since its inception in June 2022. The group employs a double extortion model, exploiting vulnerabilities in public-facing applications and using tools for lateral movement and credential dumping. Their operations involve recompiling ransomware binaries for each attack to evade detection. The advisory highlights mitigation measures such as multifactor authentication and regular software patching. The Play ransomware specifically targets virtual environments and encrypts files using AES-256 encryption. Indicators of Compromise (IoCs) include: - SVCHost.dll (Backdoor) - SHA-256: 47B7B2DD88959CD7224A5542AE8D5BCE928BFC986BF0D0321532A7515C244A1E - Backdoor - SHA-256: 75B525B220169F07AECFB3B1991702FBD9A1E170CAF0040D1FCB07C3E819F54A - PSexesvc.exe (Custom Play “psexesvc”) - SHA-256: 1409E010675BF4A40DB0A845B60DB3AAE5B302834E80ADEEC884AEBC55ECCBF7 - HRsword.exe (Disables endpoint protection) - SHA-256: 0E408AED1ACF902A9F97ABF71CF0DD354024109C5D52A79054C421BE35D93549 - Hi.exe (Associated with ransomware) - SHA-256: 6DE8DD5757F9A3AC5E2AC28E8A77682D7A29BE25C106F785A061DCF582A20DC6

Tech Optimizer

May 21, 2025

Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer

Microsoft has monitored Lumma Stealer, an infostealer malware used by financially motivated threat actors. Lumma Stealer, also known as LummaC2, functions as a malware-as-a-service (MaaS) solution that extracts data from browsers and applications, including cryptocurrency wallets. The entity behind Lumma is identified as Storm-2477, which maintains the malware and its command-and-control (C2) infrastructure. Affiliates can create malware binaries and manage C2 communications through a panel provided by Storm-2477. Ransomware groups have integrated Lumma Stealer into their operations. Lumma Stealer employs various delivery techniques, including phishing emails, malvertising, drive-by downloads, Trojanized applications, and abuse of legitimate services. Specific campaigns have been identified, such as one in April 2025 that used EtherHiding and ClickFix techniques to deliver Lumma Stealer via compromised websites. Another campaign on April 7, 2025, targeted Canadian organizations with emails containing invoice lures that led to malicious downloads. The malware is developed using C++ and ASM, employing advanced obfuscation techniques to evade detection. It can extract a wide range of user data, including browser credentials, cryptocurrency wallet information, and user documents. Lumma Stealer maintains a robust C2 infrastructure with multiple hardcoded and fallback C2 servers, utilizing encryption methods to secure communications. Microsoft's Digital Crimes Unit has disrupted Lumma Stealer's infrastructure by blocking approximately 2,300 malicious domains. Recommendations to mitigate the impact of Lumma Stealer include strengthening Microsoft Defender configurations, implementing multifactor authentication, and utilizing phishing-resistant authentication methods. Microsoft Defender products can detect and block activities associated with Lumma Stealer, providing alerts and insights for incident response.

Tech Optimizer

May 19, 2025

This new Defendnot trojan can get Windows to disable its own antivirus software

A researcher using the pseudonym es3n1n has created a tool called Defendnot that manipulates Windows operating systems to disable Microsoft Defender, making devices vulnerable to malware. Defendnot simulates the presence of a legitimate antivirus by using an undocumented API in the Windows Security Center, convincing Windows that a valid antivirus is installed. This development raises concerns about cybersecurity, as it undermines the effectiveness of built-in antivirus protections like Windows Defender.

Tech Optimizer

February 28, 2025

TopTen Best Software Launches “The Ultimate Antivirus Buyer’s Guide” to Empower Consumers with Informed Security Choices

California-based TopTen Best Software has released "The Ultimate Antivirus Buyer's Guide: Tips for Choosing the Right Protection" to help users make informed decisions about antivirus software. The guide emphasizes understanding individual needs, recommending basic antivirus for casual users, multi-device coverage for small businesses, lightweight options for gamers, and software with parental controls for families. Key features to consider include real-time scanning, firewall protection, anti-phishing tools, VPN services, and password managers. Compatibility with operating systems and user experience are important factors, along with reliable customer support and independent lab test results. The guide advises comparing pricing and exploring free trials, highlighting that paid versions often offer better protection. Regular software updates are essential for optimal security, and TopTen Best Software provides side-by-side comparisons of antivirus products.

Tech Optimizer

December 11, 2024

Top 5 Reasons Cybersecurity Is a Huge Problem in Minnesota

Minnesota ranks 39th in the number of cybercrime victims per 100,000 residents and 8th in average loss per victim, indicating significant financial damage from cyber incidents. Many residents lack sufficient insurance for cyber-related losses, leaving them to bear recovery costs. Small businesses are particularly vulnerable to phishing and ransomware attacks, often unprepared for recovery. There is a lack of diversity in cybersecurity tools, with many relying solely on antivirus software and free solutions that offer inadequate protection. Awareness of essential tools like VPNs and anti-ransomware software is low. Limited public education on online safety leaves individuals and employees of small businesses susceptible to scams. The healthcare sector is frequently targeted by ransomware attacks, and local industries face unique cyber challenges due to outdated systems. Reliance on outdated technology increases vulnerabilities, as these systems often lack necessary security features and are incompatible with modern cybersecurity tools.

Tech Optimizer

November 27, 2024

Do Macs Need Antivirus Protection?

Mac computers by Apple are known for their design, performance, and security features, but they are not immune to viruses and malware. macOS includes built-in security measures like Gatekeeper, XProtect, and Sandboxing, which help protect against cyber threats, but these features are not foolproof. High-profile malware campaigns, such as Silver Sparrow and Shlayer, have targeted macOS, highlighting the need for user vigilance. Antivirus software can provide additional security by offering real-time monitoring, continuous scanning, and privacy tools. Users who engage only with trusted sites and download apps from the Mac App Store may find built-in protections sufficient, but risks remain, including zero-day vulnerabilities and phishing attempts. Enhancing security can involve enabling the firewall, keeping macOS updated, using strong passwords, and activating FileVault for data encryption. While antivirus may not be essential for all Mac users, it can offer peace of mind, depending on individual online habits and data sensitivity.

Tech Optimizer

November 26, 2024

Readers’ Choice 2024: The PC Security and Online Privacy Brands You Trust Most

PCMag has reviewed antivirus software since 1988 and evaluated over 150 security applications last year. A recent survey revealed consumer preferences for antivirus software and VPNs. For 2024, Proton emerged as the top VPN brand with a score of 9.0 out of 10, while Bitdefender was rated the most trusted antivirus brand, receiving a perfect five-star rating. Trend Micro won the Reader's Choice Award for security suites, surpassing Bitdefender. In mobile antivirus, Bitdefender was the preferred choice, excelling in most categories. The survey for Antivirus and Security Suites was conducted from September 10 to November 4, 2024.

Tech Optimizer

September 20, 2024

macOS Sequoia change breaks networking for VPN, antivirus software

Users of macOS 15, also known as 'Sequoia,' are experiencing network connection issues with certain endpoint detection and response (EDR) solutions, VPNs, and web browsers, particularly with CrowdStrike Falcon and ESET Endpoint Security. These problems seem to resolve when the tools are deactivated, indicating a compatibility issue with the operating system's network stack. Firewall configurations are causing packet corruption and SSL failures, affecting command-line tools like 'wget' and 'curl.' CrowdStrike has advised customers against upgrading to macOS 15 due to significant changes in networking structures, and similar warnings have been issued by SentinelOne Support. Users have reported connectivity issues with Mullvad VPN and corporate VPNs, while ProtonVPN appears to function without problems. ESET recommends removing ESET Network from the filters in System Settings to restore network functionality for certain versions of their software. Security researcher Wacław Jacek has suggested a temporary fix for firewall issues, and Mullvad VPN is aware of the problems and is working on a resolution. Users relying on EDR products, VPNs, or strict firewall configurations may want to delay upgrading to macOS 15 until these issues are resolved.