By Deeba Ahmed
A variant of the Mirai botnet is targeting Zyxel Firewalls after exploiting a newly patched operating system command injection vulnerability.
This is a post from HackRead.com Read the original post: Mirai Malware Hits Zyxel Devices After Command Injection Bug

Zyxel informed its customers about the security flaw on 25 April 2023 and announced patches for impacted firewalls, which included USG Flex, ATP, ZyWALL/USG, and VPN.

A variant of the Mirai botnet has successfully hacked various Zyxel Firewalls after exploiting a newly patched operating system command injection vulnerability (CVE-2023-28771). The bug has affected many Zyxel network devices, and now that the Mirai botnet is controlling it, the problem can worsen as it can lead to launching DDoS attacks.

According to Palo Alto Networks’ Unit 42 researchers, who analyzed the downloaded samples, the Mirai botnet sample hacking Zyxel firewalls is called IZ1H9, which was discovered in August 2018. Researchers dubbed it the most active of all Mirai variants.

The botnet client first inspects the network portion of the compromised device’s IP address and avoids execution for a specific list of IP blocks. This includes government networks, tech firms, and internet providers.

The malware prints “Darknet” onto the console to make its presence felt. It also can ensure the device runs just one instance of the malware. If a botnet process is found on the device, the Mirai botnet client will terminate its current process and start a new process from its list of processes belonging to other variants of the Mirai botnet and other families.

Any product running vulnerable firmware can be exploited even if the user configures the VPN or is in a default state. Mirai operators now own various Zyxel SMB VPN Boxes.

**How Was the Bug Discovered?**

The vulnerability impacting Zyxel devices was discovered by Trapa Security. It occurred due to inappropriate message handling features in some firewalls that could allow an unauthorized actor to remotely execute OS commands by transmitting specially designed packets to the device. The Internet Key Exchange – IKE is the vulnerable component, explained a report from Rapid7.

Zyxel informed its customers about the security flaw on 25 April 2023 and announced patches for impacted firewalls, which included USG Flex, ATP, ZyWALL/USG, and VPN.

**Users Must Immediately Patch Devices**

CVE-2023-28771 was patched in April 2023. However, many users have yet to apply the fix, leading to this mass exploitation of vulnerable devices. Researcher Kevin Beaumont informed about the mass exploitation of this vulnerability by the Mirai botnet variant on Thursday, impacting several SMB appliances.

Security experts have urged Zyxel network services users to patch the flaw immediately. A few days back, Rapid7 had warned about the possibility of the bug being exploited in the wild. They do not claim that 42,000 instances of internet-exposed web interfaces of Zyxel devices have surfaced. But Rapid7 researchers believe the number of compromised devices may be much higher. The Mirai malware targeting Zyxel firewalls is distributed as a Unix and Linux executable in linkable format (.elf).

Zyxel is a Taiwanese networking device manufacturer. The company recently fixed two more flaws impacting its firewalls- CVE-2023-33009 and CVE-2023-33010. Both buffer overflow flaws can let an adversary launch a DoS attack or execute arbitrary code on the device.

**RELATED ARTICLES**

1.  Mirai botnet exploiting Azure OMIGOD vulnerabilities
2.  Mirai botnet resurfaces with MooBot, hits D-Link devices
3.  Attacker builds malware variant with leaked Mirai source code

Mirai Malware Hits Zyxel Devices After Command Injection Bug

By Waqas
SentinelLabs has uncovered a malware campaign in which Brazilian hackers are targeting Portuguese banks for monetary gains.
This is a post from HackRead.com Read the original post: Operation Magalenha: Brazilian Hackers Hit Portuguese Banks in Malware Attack

The researchers have noticed that Brazilian hackers are deploying PeepingTitle malware in their attacks against at least 30 Portuguese financial institutions.

According to the latest report from SentinelLabs, more than 30 Portuguese banks have become victims of targeted hacking by cybercriminals based in Brazil. These institutions were targeted in what seems to be a financially motivated campaign that was launched in 2021 but became active in early 2023.

Most of the attacks occurred last month, and the main targets are financial institutions in Portugal, wrote SentinelOne researchers Tom Hegel and Aleksandar Milenkoski.

Reportedly, the hackers implant information-stealing malware to hijack credentials and user data, including personal information, and leverage it for malicious activities apart from financial gains.

In a blog post, SentinelOne stated that it started tracking the campaign, dubbed Operation Magalenha, in early 2022. The researchers noted that the intrusions led to deploying two variants of the PeepingTitle backdoor, which greatly enhanced the attack potential.

The attack starts with phishing emails and websites hosting bogus installers of popular software. Once downloaded on a device, it launches a Visual Basic Script, which executes the malware loader. This loader then downloads/executes the PeepingTitle backdoors. The backdoor starts monitoring users’ web browsing activities.

The backdoor quickly captures screenshots when a user accesses a financial institution’s website or logs into their account. It connects with the attacker’s remote server to launch new malware executables.

“With the first PeepingTitle variant capturing the entire screen, and the second capturing each window a user interacts with, this malware duo provides the threat actor with a detailed insight into user activity,” researchers noted.

PeepingTitle window title monitoring (Credit: Sentinelone.com)

This campaign initially exploited cloud service providers such as Dropbox and DigitalOcean. But the hackers had to change course as these platforms tightened their security practices. Now, hackers are relying on Russian web hosting services provider, TimeWeb.

Both backdoors are simultaneously deployed, giving the hackers exceptional control over the compromised devices. Through PeepingTitle, attackers can track window interactions, terminate system processes, capture screenshots, and deploy data exfiltration tools and other malware.

Operation Magalenha indicates Brazilian hackers’ persistent nature and the evolving feature of their campaigns. Researchers wrote that Brazilian groups consistently update their malware tools and tactics, which is why their campaigns are so effective.

Moreover, researchers believe that the attackers have shown considerable understanding of local financial institutions and are ready to invest resources and time to develop targeted campaigns.

Regarding how researchers determined it was the work of Brazilian hackers, Hegel and Milenkoski wrote that the attackers used the Brazilian-Portuguese language in the artefacts they detected.

Moreover, the malware source code shares similarities with the Maxtrilha banking trojan, first discovered in 2021. It is written in Delphi programming language and grant hacker complete control over the infected hosts, capture screenshots, and drop new payloads.

**RELATED ARTICLES**

1.  Ransomware Gang Leaks Medibank Data on Dark Web
2.  NATO data stolen in cyberattack on Portugal armed forces
3.  DDoS Attacks Hit Denmark Central Bank and 7 Private Banks
4.  Hacker leaks 73M records from Indian HDFC bank subsidiary
5.  IT Army of Ukraine hit Russian banking giant with DDoS attack

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Operation Magalenha: Brazilian Hackers Hit Portuguese Banks in Malware Attack

By Habiba Rashid
Netflix is sending emails addressing password sharing between households, and users are not happy about it as #CancelNetflix trends on social media.
This is a post from HackRead.com Read the original post: Netflix’s Password Sharing Crackdown Goes Global: 103 Countries Affected

The company emphasized that a Netflix account is intended for the account holder and individuals residing in the same dwelling. Consequently, unauthorized users attempting to access an account from a different location will be denied access.

Netflix, the popular streaming giant, has recently taken a firm stance against password sharing by implementing new rules that prohibit subscribers from sharing their login credentials with individuals outside of their households.

While the company aims to safeguard its profits and encourage individual subscriptions, the decision has sparked outrage among users. In this article, we delve deeper into the details of Netflix’s password-sharing crackdown and the subsequent user reactions (Check #CancelNetflix).

The company emphasized the principle that a Netflix account is intended for the account holder and individuals residing in the same dwelling. Consequently, unauthorized users attempting to access an account from a different location will be denied access.

Netflix defines a household as a collection of devices connected to the internet at the primary location where Netflix is watched, typically one’s home. As long as all members accessing the account reside under the same roof, they are allowed to share a single Netflix account. However, individuals who do not meet this criterion will be unable to utilize shared login details.

Under the new policy, Netflix provides an alternative option for those accessing a Netflix account from outside the primary household called “extra members.” Account holders can add individuals who do not reside in their household to their account by paying an additional fee of $7.99 per month. These extra members gain their own Netflix profile, account, and password, enabling them to access Netflix from their own homes. 

According to Netflix’s support document, it will be using methods such as IP address analysis, account activity monitoring, and device ID assessment to determine which devices belong to users inside the same household. While users can manually set their household, Netflix has mechanisms in place to detect discrepancies, such as IP addresses and the wireless networks associated with connected devices.

Email sent by Netflix regarding password sharing (Email screenshot: Waqas/Hackread.com)

Netflix cites the negative impact of password sharing on its profits as the primary reason for the crackdown. With over 100 million households estimated to have accessed Netflix through password sharing, the company has suffered significant revenue losses.

The announcement of the password-sharing ban has triggered a wave of discontent among Netflix users. Some individuals perceive the decision as a form of undue restriction, with Netflix being likened to treating its customers as children. On social media platforms, users have expressed their frustration, and the hashtag “Cancel Netflix” has gained traction, signifying a growing number of dissatisfied subscribers.

The password-sharing ban has been rolled out to 103 countries this week including the US, the UK, France, Germany, Australia, Singapore, Mexico and Brazil. Last year, this update was rolled out in Peru, Chile and Costa Rica and although the initial enforcement of the password-sharing crackdown may lead to a temporary decline in viewership, historical data from previous crackdowns suggests that many people eventually transitioned to subscribing to their own accounts or being added as extra members to existing accounts. 

**RELATED ARTICLES**

1.  Netflix errors – How to fix them
2.  Is It Illegal To Watch Netflix Using a VPN?
3.  Best legal & free online streaming websites
4.  Top Tips to Upscale Your Netflix Security Instantly
5.  10 Netflix Hacks Enhance Your Watching Experience
6.  Facebook gave NETFLIX access to private user data

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Netflix’s Password Sharing Crackdown Goes Global: 103 Countries Affected

By Owais Sultan
In light of a recent report exposing the active automation of scams with Telegram by phishers, it raises the question: Why not safeguard your business by automating fraud detection? 
This is a post from HackRead.com Read the original post: The Imperative of Automating Fraud Detection in Financial Institutions

In the financial services landscape, the threat of fraudulent activities is a persistent concern. Financial institutions, in their quest to mitigate the risk of dubious transactions, are increasingly turning to sophisticated artificial intelligence (AI) tools to automate their fraud detection systems.

In light of a recent report exposing the active automation of scams with Telegram by phishers, it raises the question: Why not safeguard your business by automating fraud detection? This article delves into the reasons why financial institutions are automating their fraud detection processes and the benefits they stand to gain.

**Harnessing AI for Fraud Detection**

AI-powered tools are revolutionizing the way financial and banking institutions manage risk and safeguard themselves and their customers from payment fraud, and consequently, financial loss. Fraud detection algorithms, transaction monitoring, and machine learning are employed to preempt identity theft or any form of digital banking fraud by scrutinizing suspicious activity in real time.

**The Rationale for Automating Fraud Detection**

*   **Productivity**: By automating the process, financial institutions can detect fraudulent activities as they happen. This reduces the need for time-consuming manual checks, thereby streamlining the process. Consequently, institutions can act more promptly when potential fraud is detected, reducing potential losses.
*   **Precision**: Systems for automated fraud detection use cutting-edge algorithms and machine learning methods to identify irregularities and patterns in transaction data. This greatly enhances the precision of fraud detection, providing a significant advantage over manual checks.
*   **Adaptability**: As financial institutions grow, the volume of transactions can overwhelm manual fraud detection processes. However, automated fraud detection systems can adapt to handle large transaction volumes without increasing the burden on human fraud analysts.
*   **Cost-efficiency**: Automating the fraud detection process can decrease the expenses associated with fraud prevention for financial institutions. It lessens the need for extra personnel to examine transactions, and the use of sophisticated analytics and machine learning can detect potential fraud more cost-effectively than traditional manual checks.
*   **Regulatory** **adherence**: Automated fraud detection systems can assist financial institutions in meeting regulatory standards by providing a uniform and auditable process for detecting fraud.

**Enhancing Customer Trust and Satisfaction**

One of the less discussed, yet significant, benefits of automating fraud detection is the positive impact it has on customer trust and satisfaction. In an era where digital transactions are the norm, customers expect their financial institutions to provide **secure and reliable services**. By implementing automated fraud detection systems, financial institutions can significantly reduce the occurrence of fraudulent transactions, thereby enhancing customer confidence in their services.

Moreover, these systems can also improve the customer experience by reducing the instances of false positives – legitimate transactions that are incorrectly flagged as fraudulent. This not only saves customers from the inconvenience of having their transactions declined but also fosters a sense of **trust** and **satisfaction** with the financial institution.

In essence, by adopting automated fraud detection, financial institutions are not only safeguarding their operations but also strengthening their relationship with their customers, which is crucial for their long-term success and growth.

**The Role of Human Oversight in Automated Fraud Detection**

While the automation of fraud detection processes brings numerous benefits, it’s crucial to remember the importance of human oversight in this system. Despite the sophistication of AI and machine learning algorithms, they are not infallible and can sometimes miss subtle signs of fraud that a trained human eye might catch. Conversely, these systems might also flag legitimate transactions as fraudulent, leading to unnecessary inconvenience for customers.

Human analysts play a vital role in reviewing the alerts generated by the automated system, verifying their accuracy, and making informed decisions based on their expertise and judgment. They are also responsible for continually updating and refining the fraud detection algorithms based on the latest fraud trends and patterns.

**The Future of Fraud Detection in Financial Institutions**

Looking ahead, the future of fraud detection in financial institutions is likely to be increasingly dominated by AI and machine learning technologies. These technologies are continually evolving, becoming more sophisticated and effective in **identifying and preventing fraudulent activities**.

As financial fraud becomes more complex and sophisticated, so too must the tools used to combat it. The integration of AI and machine learning into fraud detection systems will continue to be a critical component in the fight against financial fraud. This will not only ensure the **security of financial transactions** but also contribute to the overall trust and reliability of financial institutions in the eyes of their customers.

_Worry about cyberattacks and scams against your business? Check Nethone’s AI-powered fraud detection software for more information._

**Conclusion**

In conclusion, the automation of fraud detection processes is not just a trend but a necessity for financial institutions. The benefits of efficiency, accuracy, scalability, cost-effectiveness, and regulatory compliance make a compelling case for the adoption of automated systems.

By embracing AI-powered tools, financial institutions are better equipped to protect themselves and their customers from the ever-present threat of fraud, ensuring their financial stability and reputation remain intact.

**RELATED ARTICLES**

1.  Cloud Hacking – Why API Remains the Biggest Threat?
2.  Why do Businesses Need to Focus More on Cybersecurity
3.  Bot Attacks – Why is Your Firm Struggling to Deal with Them?
4.  How threat exposure management optimizes security posture?
5.  Cybersecurity Automation: How Can Businesses Benefit From It

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

The Imperative of Automating Fraud Detection in Financial Institutions

By Owais Sultan
In this article, we will explore how cross-chain DEXes are revolutionizing the crypto market and levelling the playing field for traders of all backgrounds.
This is a post from HackRead.com Read the original post: How Cross-Chain DEXes are Democratizing the Crypto Market?

Cross-chain DEXes are reshaping the crypto market by enabling seamless trading across multiple blockchain networks, fostering greater liquidity and accessibility. This technological advancement empowers traders from diverse backgrounds, ensuring equal opportunities and reducing barriers to entry.

The advent of cross-chain decentralized exchanges (DEXes) has ushered in a new era of democratization in the cryptocurrency market. These innovative platforms empower individuals by giving them unprecedented access to a wide range of assets and markets, eliminating traditional barriers and intermediaries.

In this article, we will explore how cross-chain DEXes are revolutionizing the crypto market and levelling the playing field for traders of all backgrounds.

**Breaking Down Barriers**

Cross-chain DEXes are tearing down barriers that have long hindered the participation of individuals in the crypto market. Traditional financial systems often impose high entry barriers, including geographical restrictions, cumbersome KYC procedures, and minimum investment requirements. 

However, cross-chain DEXes operate on decentralized networks, enabling anyone with an internet connection to participate in trading activities. By eliminating the need for intermediaries, platforms like mangata.finance allow crypto trading without gas and provide equal opportunities for traders globally, regardless of their location or financial status.

**Access to a Diverse Range of Assets**

One of the key advantages of cross-chain DEXes is the access they provide to a diverse range of assets. In traditional financial markets, individuals are often limited to trading a handful of popular cryptocurrencies or tokens. 

However, multichain exchanges leverage interoperability between blockchain networks, allowing users to trade assets from various blockchains seamlessly. This opens up a world of possibilities, enabling individuals to explore and invest in a wide range of tokens, including up-and-coming projects and niche markets.

**Greater Market Liquidity**

Liquidity is a vital aspect of any trading ecosystem, and cross-chain DEXes play a crucial role in enhancing market liquidity. By operating across multiple blockchain networks, these platforms consolidate liquidity from different sources, creating more extensive and more dynamic trading pools. 

This increased liquidity translates into tighter spreads, improved market depth, and reduced price slippage, benefiting traders by providing better execution prices and minimizing trading costs. The enhanced liquidity on multichain platforms enables traders to enter and exit positions more efficiently, regardless of the asset or market they are trading.

**Reduced Dependence on Centralized Exchanges**

Cross-chain DEXes offer a decentralized alternative to traditional centralized exchanges, reducing the reliance on centralized platforms for trading activities. Centralized exchanges often require users to deposit and entrust their assets to a third party, exposing them to the risk of hacks, security breaches, or mismanagement. 

In contrast, cross-chain DEXes facilitate peer-to-peer transactions through smart contracts, ensuring that users retain control and custody over their funds at all times. This shift towards decentralized trading promotes self-sovereignty and reduces counterparty risks, fostering a more secure and resilient trading environment.

**Privacy and Anonymity**

Preserving privacy and anonymity is a fundamental principle of the cryptocurrency community, and cross-chain DEXes uphold these values. Traditional centralized exchanges often require users to disclose personal information and undergo KYC procedures, compromising their privacy. 

However, multichain exchanges enable users to trade without revealing their identities or personal details, promoting privacy. By preserving privacy, these platforms empower individuals to freely engage in trading activities without concerns about surveillance or data breaches.

**Empowering DeFi Innovation**

Decentralized Finance (DeFi) has emerged as a driving force in the blockchain industry, revolutionizing traditional financial systems. Cross-chain DEXes play a pivotal role in empowering DeFi innovation by providing interoperability and liquidity across different blockchain networks. 

This facilitates the seamless integration of various DeFi protocols, such as lending, borrowing, yield farming, and decentralized derivatives, fostering the growth of a vibrant and interconnected DeFi ecosystem. By democratizing access to DeFi applications, multichain platforms enable individuals to leverage the benefits of decentralized finance and participate in the future of finance.

**Empowering Small-Scale Traders and Investors**

In traditional financial systems, institutional investors and high-net-worth individuals often have a significant advantage due to their access to exclusive investment opportunities, preferential treatment, and better market information. However, cross-chain DEXes level the playing field by enabling individuals with limited capital to invest in a wide range of assets and access decentralized financial services.

**Bottom Line**

Cross-chain DEXes are democratizing the crypto market by breaking down barriers, providing access to a diverse range of assets, enhancing market liquidity, reducing dependence on centralized exchanges, preserving privacy, and empowering DeFi innovation. These platforms are revolutionizing the way individuals engage with cryptocurrencies, opening up opportunities for traders of all backgrounds. 

As cross-chain DEXes evolve and overcome challenges, they will play a pivotal role in shaping a more inclusive, accessible, and decentralized financial ecosystem. The democratization of the crypto market through multichain exchanges is a significant step towards creating a fair and transparent financial system for everyone.

**RELATED ARTICLES**

1.  Could Bitcoin Be The Future Of DeFi?
2.  What is tokenization process, why it is so important?
3.  What is Blockchain Gaming and its Play-to-Earn Model?
4.  If Bitcoiners Want Bitcoin To Make It Big, They Need DeFi
5.  We Need Smarter Smart Contracts To Prevent DeFi Hacks

How Cross-Chain DEXes are Democratizing the Crypto Market?

By Habiba Rashid
The breach spanned two periods: from 5th April to 7th May 2019, and from 27th August to 10th October 2021.
This is a post from HackRead.com Read the original post: Apria Healthcare Discloses Major Data Breach Impacting 1.8M Users

Apria Healthcare LLC, the victim of the data breach, serves more than 2 million patients annually, offering a wide range of medical equipment for conditions such as COPD, sleep apnea, and diabetes.

On 1st September 2021, Apria Healthcare, a leading provider of home healthcare equipment, was notified (PDF) that unauthorized access had been detected in its computer network, compromising the personal and confidential information of up to 1.8 million individuals. 

On May 22, 2023, Apria Healthcare filed a notice with the Maine Attorney General regarding a data breach that occurred on its systems. An unauthorized party successfully accessed files containing confidential patient information, including names, Social Security numbers, personal details, medical records, health insurance information, and financial data.

The financial data accessed includes account numbers, credit/debit card numbers, account security codes, access codes, passwords, and PINs. The breach spanned two periods: from 5th April to 7th May 2019, and from 27th August to 10th October 2021.

Apria Healthcare promptly initiated an investigation upon discovering the breach, engaging a cybersecurity firm to assess the extent of the unauthorized access. As part of their response, the company reviewed the compromised files to determine the specific information exposed and identify the affected individuals.

On May 22, 2023, Apria sent out data breach notification letters to all individuals whose data was potentially compromised during the incident. 

The timeline of the incident raises the question: why did it take Apria 20 months from the discovery of the data breach to issue breach notification letters and file a notice with the Maine Attorney General?

Apria Healthcare LLC, headquartered in Indianapolis, Indiana, is a prominent provider of home healthcare equipment. With over 200 locations across the United States, the company serves more than 2 million patients annually, offering a wide range of medical equipment for conditions such as COPD, sleep apnea, and diabetes. 

Apria Healthcare asserts that the attackers’ primary objective was to “fraudulently obtain funds from Apria and not to access personal information of its patients or employees.”

In recent years, healthcare providers have become attractive targets for cybercriminals due to the vast amount of sensitive information they possess. Individuals who have received data breach notification letters from Apria Healthcare are urged to take immediate action to protect themselves against potential identity theft or fraud. Seeking guidance from a data breach lawyer can provide valuable insights into legal options and steps to mitigate the risks associated with the breach.

Following the breach, Apria Healthcare has worked closely with law enforcement, including the Federal Bureau of Investigation (FBI), to investigate the incident thoroughly. The company has implemented additional security measures to enhance its network’s resilience and prevent similar breaches from occurring in the future. 

While there is currently no evidence of data theft or misuse, the possibility cannot be ruled out. To address the situation and mitigate potential risks, Apria Healthcare has taken several measures to safeguard affected individuals. It has extended a gesture of support to affected individuals by offering one year of complimentary credit monitoring services through Kroll, a renowned provider of identity theft protection services.

**RELATED ARTICLES**

Why IoT Security in Healthcare is Crucial

US healthcare debt collector hit by ransomware attack

Japanese Healthcare Firm Leaked Images of 12,000 Patients

Europe’s largest healthcare provider hit by Snake ransomware

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Apria Healthcare Discloses Major Data Breach Impacting 1.8M Users

By Habiba Rashid
SuperVPN is the same free VPN service provider that leaked customers' data back in May 2022.
This is a post from HackRead.com Read the original post: Free VPN Service SuperVPN Exposes 360 Million User Records

This time, SuperVPN has exposed a whopping 133 GB of data, including personal details of its unsuspecting users, such as IP addresses.

In a recent cybersecurity incident, security researcher Jeremiah Fowler discovered a significant data breach in a non-password-protected database associated with a popular free VPN service.

The exposed database contained a staggering 360,308,817 records, totalling 133 GB in size. These records included a wide range of sensitive information, including user email addresses, original IP addresses, geolocation data, and server usage records.

Additionally, the breach revealed secret keys, Unique App User ID numbers, and UUID numbers, which can be utilized to identify further useful information.

Other information found in the database encompassed phone or device models, operating systems, internet connection types, and VPN application versions. Furthermore, refund requests and paid account details were also present in the breach.

Type of leaked data (VPNmentor)

While SuperVPN claims that it does not store user logs, the leaked data shows otherwise and contradicts the company’s policy. This also goes to show that “_Almost Every Major Free VPN Service is a Glorified Data Farm_.”

With the increasing concerns over online privacy and security, the demand for VPN services has soared in recent years. Consequently, the market has witnessed a significant rise in the number of VPN apps available to users.

However, this surge in offerings has resulted in an alarming proportion of VPN apps that are unreliable and fail to provide the expected level of privacy and security. This results in a counterproductive user experience since a lack of adequate security protocols puts their information at risk of being leaked in a data breach.

The majority of records in the exposed database, according to VPNmentor’s report, were associated with SuperVPN, a free VPN application available on both the Apple and Google application stores.

Furthermore, researchers noted two apps named SuperVPN listed, each credited to separate developers. Qingdao Leyou Hudong Network Technology Co. was the developer behind SuperVPN for iOS, iPad, and macOS, while SuperSoft Tech developed the second app with the same name.

However, it is important to note that this is NOT the first time SuperVPN has been blamed for leaking the personal details of its unsuspecting users. In fact, as reported by Hackread.com in May 2022, SuperVPN was among the list of free VPN services that leaked details of over 21 million users. Other free VPN services to leak customer data included GeckoVPN and ChatVPN. In total, the database contained 10GB worth of data that was leaked on Telegram.

In the report published by vpnMentor, Fowler noticed that SuperVPN’s customer support emails were linked to StormVPN, Luna VPN, RocketVPN and GhostVPN. Additionally, references to each of these VPN providers were observed within the database.

Type of leaked data (VPNmentor)

Although there is no way to confirm that they’re all owned by the same company, it would not come as a surprise if that were the case. The proliferation of unreliable VPN apps can be attributed to profit-driven developers seeking to capitalize on the growing demand for privacy and security.

The VPN industry has become highly lucrative, with millions of users worldwide seeking reliable solutions to safeguard their online presence. In this climate, some developers prioritize monetary gains over user safety, focusing on quick and inexpensive development, marketing, and distribution of VPN apps.

Therefore, for a single company to produce multiple VPN applications with different names and slightly varying user experiences would not be unlikely since that would allow it to cast a wider net over the users scouring for a suitable VPN provider.

When opting for a free VPN service, it’s essential to exercise caution and consider certain red flags that indicate potential risks. These include:

1.  Unclear data collection and usage policies: Verify that the VPN service doesn’t log your internet activity to avoid the risk of data being sold to advertisers or third parties.
2.  Lack of transparency: Pay attention to the absence of an “About Us” section on the VPN provider’s official website, as this can indicate a lack of information about who handles your data.
3.  DNS-leak protection: Ensure that the VPN service offers DNS-leak protection to prevent your internet service provider from seeing your online activities.
4.  Weak encryption: Avoid VPNs that offer encryption weaker than 128-bit or 256-bit AES, as this increases the risk of your data being compromised.
5.  Negative reviews: Read user reviews and consult reputable review sites to gauge the experiences and concerns of other users before choosing a VPN service.

The proliferation of VPN apps presents both opportunities and challenges for users seeking privacy and security in their online activities. While the market offers a wide range of reliable VPN solutions, the rising number of unreliable apps calls for caution and informed decision-making.

By understanding the factors contributing to the excess of VPN apps, identifying the risks associated with their usage, and implementing measures to mitigate these risks, users can make more informed choices to protect their online privacy and security.

**RELATED ARTICLES**

1.  Beware! This malware hides behind free VPNs
2.  What is an OSINT Tool – Best OSINT Tools 2023
3.  Leaked database of UFO VPN destroyed by hackers
4.  Mullvad VPN and Tor Project Release Mullvad Browser
5.  VPN firm that claims 0 logs policy leaks 20m user logs

Free VPN Service SuperVPN Exposes 360 Million User Records

By Owais Sultan
Memcyco Unveils Groundbreaking Solution to Combat Brandjacking in Real Time, Safeguarding Digital Trust and Reinforcing Brand Reputation.
This is a post from HackRead.com Read the original post: Memcyco Introduces Real-Time Solution to Combat Brandjacking

Memcyco, a pioneering cybersecurity firm, has introduced an innovative real-time website impersonation detection and prevention solution that is set to revolutionize the fight against brandjacking.

Brandjacking, a prevalent form of cyberattack, has inflicted substantial financial losses on consumers worldwide. Shockingly, in 2022 alone, imposter scams cost consumers a staggering $2.6 billion, according to (PDF) the U.S. FTC Consumer Sentinel Network’s data book.

The technique involves luring unsuspecting users to fraudulent copies of legitimate brand websites, where their personal and financial information is compromised, resulting in identity theft and financial fraud.

To counter these malicious assaults, Memcyco has developed an agentless Proof of Source Authenticity (PoSA™) technology, delivering unparalleled Zero Day protection and real-time detection capabilities. By identifying attacks at the point of impact, PoSA™ equips brands with comprehensive details of attempted attack sessions, ensuring complete visibility into the threat landscape.

Significantly, Memcyco’s groundbreaking solution is the first to issue a Red Alert to users navigating spoofed websites, warning them of potential dangers. Leveraging artificial intelligence, PoSA™ analyzes behavioural patterns to proactively identify and alert organizations of any irregular activities.

Additionally, PoSA™ integrates a unique digital watermark into a brand’s legitimate website, assuring customers of its authenticity. The watermark can be effortlessly incorporated into a website and personalized with users’ secret preferences, rendering it instantly recognizable and impossible to forge. This fosters a secure environment and cultivates a sense of trust and confidence among customers, promoting digital trust in brands.

By significantly minimizing the financial impact on both brands and their customers, Memcyco’s cutting-edge solution reduces the need for extensive user education efforts. This breakthrough technology effectively breaks the snowball effect that often deters users from interacting with digital properties, ultimately enhancing brand reputation and bolstering trust among end users.

Israel Mazin, CEO and co-founder of Memcyco expressed his enthusiasm for the groundbreaking solution, stating, “At Memcyco, we have introduced a new paradigm for preventing website impersonation by providing multiple layers of protection for companies and their customers. This investment from such experienced leaders in cybersecurity delivers a strong vote of confidence in Memcyco’s ability to deliver a more secure and trustworthy digital ecosystem.”

Memcyco’s remarkable progress in combating brandjacking has not gone unnoticed. The company recently concluded a successful $10 million seed round led by prominent investors Capri Ventures and Venture Guides.

“Almost everyone has been affected by a phishing-based brandjacking scam or knows someone who has,” said Alex Pinchev, Founder and Managing Partner at Capri Ventures. “Memcyco is the first company to offer a real-time solution to this problem, while existing approaches mostly operate after-the-fact, leaving organizations unaware of which users have fallen victim to such attacks.”

In conclusion, Memcyco’s groundbreaking real-time digital brandjacking protection solution is set to revolutionize cybersecurity and safeguard the integrity of online transactions.

**RELATED ARTICLES**

1.  4 Essential Facets of Brand Protection
2.  Brand Protection is Essential for Cybersecurity
3.  Fake branded shoe stores hacked with web skimmer
4.  42K phishing domains masquerading as popular brands
5.  Phishing: Microsoft, PayPal, Facebook most targeted brands

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Memcyco Introduces Real-Time Solution to Combat Brandjacking

By Waqas
Massive crackdown on illegal IPTV services across Europe: Europol assists Dutch authorities in taking down a major network.
This is a post from HackRead.com Read the original post: Europe’s largest known illegal IPTV operation dismantled by police

Europol and Dutch authorities have taken down one of the largest illegal IPTV (Internet Protocol Television) services catering to over one million users throughout Europe.

Amsterdam, May 24, 2023 – In a significant blow to the world of illegal streaming, Europol has joined forces with the Dutch Fiscal Information and Investigation Service (FIOD) to dismantle a vast illegal IPTV (Internet Protocol Television) service catering to over one million users throughout Europe.

On May 23rd, 2023, Eoropol revealed in a press release that a series of meticulously planned raids were executed across the Netherlands as part of a sweeping crackdown on illicit streaming operations. FIOD officers conducted thorough searches at multiple locations across the country, unearthing evidence that could potentially bring down this illegal enterprise.

The operation resulted in the apprehension of several individuals suspected of playing a pivotal role in facilitating the unlawful streaming of premium content. These individuals are believed to have enabled subscribers to gain access to an extensive array of over 10,000 live TV channels, accompanied by an extensive library boasting 15,000 films and TV shows.

Europol, through its European Financial and Economic Crime Centre, provided analytical support to the investigation, aiding in the identification of key targets and their illicit activities across Europe.

According to local Dutch media, FIOD also raided a data center (Globe data center) in Den Helder City for allegedly providing services to the now-seized IPTV infrastructure. A look at the Globe data center’s website shows that it has been offline and unreachable since yesterday.

A Google image that was uploaded by Global Data Center of its infrastructure back in 2021.

Illegal streaming has become a rampant issue in recent years, plaguing the entertainment industry and causing significant financial losses. These criminal networks not only undermine legitimate businesses but also deprive content creators and copyright holders of their rightful earnings.

Europol’s ongoing commitment to combating this form of organized crime highlights the need for international cooperation and coordinated efforts to address the complex challenges posed by illicit IPTV services. By dismantling this major network, Europol and the FIOD have struck a resounding blow against those profiting from piracy and protecting the interests of lawful content providers.

As investigations continue, authorities are confident that this operation will send a strong message to criminals involved in illegal streaming activities across Europe. The collaboration between Europol and national law enforcement agencies serves as a clear warning that the battle against illegal IPTV services is intensifying, leaving no safe haven for those seeking to exploit the entertainment industry.

**RELATED ARTICLES**

1.  Best legal & free online streaming sites
2.  Europol Busts Crypto Fraud Call Centers
3.  Europol seizes VPNLab used by ransomware gangs
4.  Police shut down illegal video streaming app Mobdro
5.  Europol nabs SIM hacking network from across Europe

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Europe’s largest known illegal IPTV operation dismantled by police

By Owais Sultan
The world is more connected than ever before, and the rise of the smart home is just one…
This is a post from HackRead.com Read the original post: The Pros and Cons of Smart Homes

The world is more connected than ever before, and the rise of the smart home is just one of the many signs. According to recent statistics, there are an estimated 300 million smart homes worldwide, with over 60 million smart home devices being used in the US.

It’s estimated that by 2023, home industry automation will be over 50%. The smart home market will likely be worth over $80 billion in 2023, and most Americans are willing, even eager, to see the technology proliferate in their own homes.

So what’s all the fuss about when it comes to smart homes, and what are some of the advantages and drawbacks of smart home technology?

**What Is a Smart Home?**

Simply put, a smart home is an outgrowth of the Internet of Things (IoT) — a home with a variety of Internet-capable devices designed to enhance and improve the home living experience. Smart homes are also frequently automated, taking the burden of mundane maintenance tasks out of your hands so you can concentrate on other things.

**Advantages of a Smart Home**

**Convenience.**

One of the major advantages of a smart home is convenience. With smart home technology, you can control multiple functions such as lights, temperature, music, and more through your smartphone or a home automation assistant such as Amazon’s Alexa or Google Home. No more having to move to another room or even get out of your chair to adjust the thermostat or cue up your favourite playlist.

**Remote Accessibility.**

Another major advantage of smart home tech is being able to access certain home functions remotely. If you forgot to leave your lights on at home (or if you want to turn them on), smart home technology lets you handle that through an app on your phone. Some smart home thermostats will even start warming up the house when it detects you’re getting close to coming home.

**Increased security.**

The security advantages of technology such as the Ring doorbell are self-evident. Having a live feed of your home security cameras can make a huge difference in your safety and peace of mind.

**Cost-saving.**

There’s a reason why younger homeowners, especially those conscious of climate change, love smart home technology. Programmable thermostats can lower energy usage significantly, and smart home detection systems can alert you to water or gas leaks before they become a major issue. That can lead you to get big discounts on your homeowners’ insurance, especially if you inform your insurer and compare home insurance quotes for the best deal.

**Customization.**

Smart home technology is highly flexible and customizable — not only can you create a smart home environment that meets your needs and budget with the products you purchase, and set them up in a way that best suits your lifestyle.

**Disadvantages of a Smart Home**

**Reliability.**

While high-tech, internet-connected devices can offer a lot of conveniences, they also have one weakness that more traditional homes don’t: a disruption in your internet connectivity, either from a bad router or your ISP going down, can make it difficult or even impossible to carry out certain functions. A power surge could potentially cause irreparable damage to some of your devices.

**Security concerns.**

While smart home tech can go a long way toward making your home more secure, it also comes with certain vulnerabilities. Many users don’t practice good security hygiene such as changing the default password on their devices, and that can leave you vulnerable to hijacking of your smart home devices.

If you happen to have smart locks, poor security could even lead to a hacker gaining access to your home. In addition, many users have raised concerns about privacy and what happens to the personal data that are monitored by smart home technology. It’s wise to be aware of just what information your tech will share and let that inform your purchasing decisions.

**Complexity.**

If you’re not a “digital native” or sometimes struggle with using technology, you might find dealing with your smart home a bit of an uphill battle. While manufacturers do their best to ensure their devices are easy to use, there is still a learning curve involved — your smart home thermostat, for example, is going to be a little more sophisticated than turning up the dial on a manual thermostat — but the benefits will be worth it in the end.

**Cost.**

While thermostats, automatic lights, and leak detectors can save you a lot of money in the long run, a full smart home suite can be very expensive in the short run. Depending on how elaborate your system is and what features you’re looking for, a smart home overhaul could easily run you into the thousands of dollars. As with any other home renovation project, it pays to shop around and look for the best deals you can.

**RELATED ARTICLES**

1.  Why IoT Security in Healthcare is Crucial
2.  Will a Labeling System Solve IoT Security Challenges?
3.  Smart home device calls police amid domestic dispute
4.  Nuki smart locks were exposed to a plethora of attacks
5.  Access:7 Supply Chain Flaws Impact ATMs & IoT Devices

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.