Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task behaviour of the WARP app.

**Package**

Cloudflare WARP Mobile Client (Android)

**Description**

**Impact**

Due to lack of a security policy, the WARP Mobile Client (< 6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task behaviour of the WARP app.

**Patches**

This vulnerability has been fixed in the WARP Mobile Client version 6.29 for Android. Users are encouraged to update to the latest version.

CVE-2023-0238: Injecting Activity Loads in WARP Mobile Client (Android)

By Owais Sultan
In today’s digital age, securing your devices and data from cyber threats is a top priority. Antivirus software…
This is a post from HackRead.com Read the original post: Antivirus Software: The Best Deals, Coupons and Discounts

In today’s digital age, securing your devices and data from cyber threats is a **top priority**. Antivirus software plays a crucial role in safeguarding your online presence, but with countless options available, how do you choose the perfect one?

Worry not, as we have compiled a list of the **best antivirus software**, along with tips to help you decide between free and paid options, use coupons and promo codes, and adopt additional security measures to fortify your digital fortress.

**Short Summary**

*   Antivirus software offers a range of protection levels and features to ensure comprehensive security.
*   Consider factors such as system compatibility, ease of use, and customer service when selecting antivirus software.
*   Utilize coupons and promo codes for cost savings while taking into account expiration dates & restrictions. Free vs. paid solutions should be based on individual needs & budget. Additional security measures are also recommended.

**Top Antivirus Software**

Choosing the right antivirus software can be a daunting task, but here are the top 5 best antivirus programs that consistently rank high in performance and user satisfaction.

1.  Bitdefender Antivirus Plus
2.  Norton AntiVirus Plus
3.  McAfee AntiVirus Plus
4.  ESET NOD32 Antivirus
5.  Webroot SecureAnywhere AntiVirus

Each of these antivirus programs offers unique features and protection levels, ensuring that you can find the perfect fit for your needs. Let’s delve into their characteristics and capabilities.

**Bitdefender Antivirus Plus**

**Bitdefender Antivirus Plus** offers a comprehensive set of features, including:

*   Password manager
*   Secure browser
*   File shredder
*   Vulnerability scanner
*   Wi-Fi security advisor
*   Autopilot feature

It has achieved excellent lab test scores and is considered a top antivirus software. Independent testing labs **consistently provide** Bitdefender with perfect or near-perfect scores, and it successfully passes many of our hands-on tests. For optimal protection that won’t impede the performance of your device, Bitdefender is a top choice.

**Norton AntiVirus Plus**

**Norton AntiVirus** is a Norton Antivirus program. Plus is a well-known antivirus software protecting against viruses, malware, and other online threats. It is intended for those seeking protection from a reputable and established brand.

Key features of Norton AntiVirus Plus include:

*   Robust protection against viruses, malware, and online threats
*   Firewall to block unauthorized access to your computer
*   Backup system to protect your important files and data

With Norton AntiVirus Plus, you can have peace of mind knowing that your computer is protected from the latest threats. This combination of strong defence and extra tools makes Norton a reliable choice for users who want comprehensive protection.

**McAfee AntiVirus Plus**

**McAfee AntiVirus** is a McAfee AntiVirus. Plus stands out as a multi-device antivirus solution that has earned high scores and offers advanced features for comprehensive protection. The first year of service costs $29.99 for one device. For up to five devices, the cost is $39.99. Unlimited devices will cost $44.99.

With its multi-device capabilities and high lab test scores, McAfee AntiVirus Plus is a versatile solution for users looking to protect multiple devices with a single subscription.

**ESET NOD32 Antivirus**

**ESET NOD32 Antivirus** is an ideal choice for users who possess technical proficiency and are seeking a highly configurable antivirus solution. This antivirus software offers high-tech features such as UEFI and WMI database scans, a Host Intrusion Prevention System (HIPS), and a Device Control system.

In independent testing, ESET achieved positive results, obtaining strong scores from AV-TEST and positioning itself near the top of the list for AV-Comparatives. ESET NOD32. Antivirus’ advanced features and top lab test scores make it a reliable option for tech-savvy users.

**Webroot SecureAnywhere AntiVirus**

**Webroot SecureAnywhere AntiVirus** is a lightweight and efficient antivirus solution with advanced features and impressive performance results in tests. Its small size and exceptionally fast scans make it an attractive option for users who value a compact antivirus with minimal impact on system performance. In the competitive market of antivirus software, G Data Antivirus is another solution to consider for comprehensive protection.

Webroot SecureAnywhere AntiVirus provides advanced features that require a higher level of technical expertise. Its unique approach to managing unknown programs by submitting details to the cloud and running them in a virtualized environment sets it apart from other antivirus options.

**How to Choose the Right Antivirus Software**

When selecting the best antivirus software, it is essential to consider factors such as protection level, system compatibility, ease of use, and customer service.

Now, let’s explore these factors in detail to help you make an informed decision in choosing the right antivirus software for your needs.

**Protection Level**

The primary purpose of antivirus software is to protect your device from identified and unidentified risks, such as **viruses, malware, and ransomware**, while providing malware protection and monitoring for any suspicious activity. To evaluate the reliability of antivirus software, it is crucial to examine independent lab results and user reviews.

The most effective antivirus software employs various techniques to protect computers, such as:

*   Sandboxing
*   Behavior monitoring
*   Artificial intelligence
*   Signature-based detection
*   Heuristic-based detection

**System Compatibility**

Ensuring system compatibility when selecting an antivirus program ensures that the software will be able to run effectively on the device’s operating system and hardware, thus providing the necessary protection against cyber threats. Keep in mind that antivirus software may affect the performance of your computer when actively running a scan.

Therefore, it is essential to choose antivirus software that is compatible with your operating system and has minimal impact on system performance.

**User-Friendliness**

User-friendliness is critical when selecting antivirus software as it determines the ease of use and the likelihood of users using it. A user-friendly interface facilitates navigation and management of the software, which is essential for comprehensive protection.

When searching for user-friendly antivirus software, it is advisable to read reviews from other users to gain an understanding of the ease of use. Additionally, it is important to consider software that offers beneficial features such as automatic updates, real-time protection, and straightforward reports.

**Customer Support**

Customer support is essential when selecting antivirus software as it can assist users in resolving technical problems associated with the software, guaranteeing that their system is protected from viruses and other types of malware. To ensure optimal support, look for antivirus software that provides 24/7 customer support, live chat, and a knowledge base for troubleshooting purposes.

Dependable customer support can facilitate the expedient resolution of technical issues, furnish instructions on how to use the software, and address any queries users may have.

**Using Antivirus Coupons and Promo Codes**

The cost of antivirus software can be a significant factor when choosing a solution. However, antivirus coupons and promo codes can help you save money on your purchase.

In this section, we will explore tips for finding reliable antivirus coupons, applying promo codes, and understanding expiration dates and restrictions.

**Finding Reliable Coupons**

To locate reliable antivirus coupons, it is advisable to inspect the official websites of antivirus software companies for discounts before purchase. Additionally, you can filter coupon websites, like **DontPayFull.com** and search for the perfect coupon code in the Antivirus Software category.

To ensure the legitimacy of the coupons before use, reviews from other users, expiration date, and source credibility should be taken into account.

**Applying Coupon Codes**

To utilize an antivirus coupon code, please follow the instructions on the checkout page. The “promo code” or “coupon code” box can be located during checkout. Our system automatically applies promo codes when you enter the code in the box, either by typing or pasting it, and then click “apply”. The discount will be applied to your purchase once the relevant code is entered and applied.

Using a coupon code is a great way to save money on antivirus software. It’s not.

**Expiration Dates and Restrictions**

Expiration dates and restrictions refer to the terms and conditions that may limit the use or validity of the coupon or discount. To ensure accuracy when using antivirus coupons, it is important to carefully review the terms and conditions of the coupon for any expiration dates or restrictions that may be indicated.

If uncertain, contacting the customer support of the antivirus software provider for further clarification is recommended.

**Free vs. Paid Antivirus: Which One to Choose?**

The age-old question of whether to choose free or paid antivirus software depends on your individual needs, budget, and desired level of protection. In this section, we will compare the benefits and limitations of free and paid antivirus options to help you make an informed decision.

Free antivirus software is often limited in terms of features and protection. It may not include real life.

**Benefits of Free Antivirus**

Free antivirus software offers fundamental protection against common viruses and is a viable option for those with limited financial resources or who prefer not to invest in security. The advantages of utilizing free antivirus include no expense, a user-friendly interface, and a basic defence against common risks.

While free antivirus may not provide the same level of protection as paid antivirus software, it can still be a suitable choice for users seeking basic protection against known viruses.

**Limitations of Free Antivirus**

Despite its benefits, free antivirus software does have its drawbacks. It does not provide the same level of security as paid antivirus software, and may not include additional features such as parental controls or identity theft protection.

Furthermore, free antivirus programs may create a false sense of security and not offer protection against unknown threats. As a result, users relying solely on free antivirus software may be more vulnerable to cyberattacks and security breaches.

**Benefits of Paid Antivirus**

Paid antivirus software offers:

*   Technical support
*   More advanced features
*   Additional features such as parental controls and VPN service
*   Proactive security features to prevent breaches before they occur
*   Better protection against a variety of malware and viruses, including both known and unknown threats

By investing in a paid antivirus solution, users can enjoy greater peace of mind and more comprehensive antivirus protection, ensuring their devices have the necessary antivirus protection, especially when it comes to business antivirus needs and ransomware protection.

**Factors to Consider**

When selecting between free and paid antivirus, one should consider the level of protection required, the features available, and the associated cost. Free antivirus options may be sufficient for users seeking basic protection, while those looking for more advanced features and comprehensive security may prefer a paid solution.

Ultimately, the choice between free and paid antivirus software depends on individual needs, preferences, and budget. Weigh the pros and cons carefully to find the perfect solution for you.

**Additional Security Measures**

Antivirus software is a vital component of your online security, but it’s not the only measure you can take to safeguard your devices and data. In this section, we will discuss additional security measures, such as using a VPN, updating software regularly, and practising safe browsing habits, that can further enhance your online protection alongside antivirus services.

Using a VPN is a great way to protect your data and browsing activity from prying eyes.

**Using a VPN**

A VPN (Virtual Private Network) is a secure connection between two or more devices that encrypts data and obscures your IP address, thus providing enhanced security for your data while in transit. **Utilizing a reliable VPN** can offer augmented privacy and security while online, in addition to the capacity to conceal personal information and access geo-restricted content.

Establishing a VPN is relatively straightforward and can be a valuable addition to your online security toolkit.

**Regular Software Updates**

Keeping your software up-to-date is crucial for protecting against newly discovered threats and vulnerabilities. Regular software updates can help protect against security threats, enhance compatibility and program features, and increase productivity.

To ensure regular software updates, users should enable automatic updates, check for updates manually, and stay informed of notifications from the software provider.

**Safe Browsing Habits**

Practising safe browsing habits is another essential aspect of online security. By visiting only legitimate and trusted websites, regularly updating your browser, and avoiding untrustworthy websites, you can significantly bolster your browsing security.

Implementing safe browsing practices, including phishing protection, can protect against:

*   malware
*   identity theft
*   phishing attacks
*   malicious websites

Safe browsing habits, combined with effective antivirus software and additional security measures, can help ensure a secure online experience.

**Summary**

In conclusion, choosing the right antivirus software is a crucial step in protecting your devices and data from cyber threats. By considering factors such as protection level, system compatibility, user-friendliness, and customer support, you can select the best antivirus solution for your needs. Additionally, implementing additional security measures like using a VPN, updating software regularly, and practising safe browsing habits can further enhance your online security. Stay vigilant and stay protected!

**Frequently Asked Questions (FAQs)****Is there a 100% free antivirus?**

There are several reputable companies offering 100% free antivirus software, such as Bitdefender, AVG, Malwarebytes, Kaspersky, TotalAV, and Avast. All these providers offer easy-to-use antivirus software that provides important security features at no cost.

**Which is the best free version of antivirus?**

Based on the most common advice, it appears that The Best Free Antivirus of 2023 is the best free version of antivirus.

**What are the top 5 antivirus software options?**

When it comes to antivirus software, the top five options are Bitdefender Antivirus Plus, Norton AntiVirus Plus, McAfee AntiVirus Plus, ESET NOD32 Antivirus, and Webroot SecureAnywhere AntiVirus.

**How do I choose the right antivirus software?**

Choose an antivirus software based on its protection level, system compatibility, ease of use and customer service to ensure the best experience.

Look for software that offers the highest level of protection against viruses, malware, and other threats. Make sure the software is compatible with your operating system and other programs you use. Consider the user interface and how easy it is.

**What is the difference between free and paid antivirus software?**

Free and paid antivirus software offers varying levels of protection and additional features. Here are the key differences between the two:

**Features and Protection Levels:**

*   **Free Antivirus:** Free antivirus software typically provides basic protection against common viruses, malware, and spyware. It offers essential scanning and removal capabilities but may lack advanced features.
*   **Paid Antivirus:** Paid antivirus software often offers more comprehensive protection, including real-time scanning, advanced malware detection, firewall protection, email filtering, and more. Paid versions are usually equipped to handle a wider range of threats and offer better overall security.

**Performance Impact:**

*   **Free Antivirus:** Free antivirus software tends to have a lighter impact on system performance compared to some paid versions, which might include additional background services and features.
*   **Paid Antivirus:** While modern paid antivirus software is designed to have minimal impact on system performance, some feature-rich suites might have a slightly higher resource usage.

**Updates and Support:**

*   **Free Antivirus:** Free versions might offer basic updates, but access to the latest threat databases and features might be limited. Customer support could also be less robust.
*   **Paid Antivirus:** Paid versions usually provide regular updates to ensure protection against the latest threats. They also offer better customer support options, including dedicated helplines and online assistance.

**Advanced Features:**

*   **Free Antivirus:** Free software generally lacks advanced features like phishing protection, advanced firewall controls, identity theft protection, and secure browsing.
*   **Paid Antivirus:** Paid versions often include these advanced features, providing a more comprehensive and holistic approach to security.

**Additional Tools:**

*   **Free Antivirus:** Additional security tools such as VPNs (Virtual Private Networks), password managers, and system optimization features are typically not included in free versions.
*   **Paid Antivirus:** Some paid antivirus suites might offer these additional tools, enhancing overall online security and privacy.

**License and Device Limits:**

*   **Free Antivirus:** Free versions might come with limitations on the number of devices that can be protected under a single license.
*   **Paid Antivirus:** Paid versions often allow protection for multiple devices (such as computers, smartphones, and tablets) under a single license.

In summary, free antivirus software is suitable for basic protection, while paid antivirus software offers more comprehensive security features, better support, and enhanced protection against a wider range of threats. The choice between free and paid software depends on your specific needs and the level of security you require.

**RELATED ARTICLES**

1.  Top 10 Best Antivirus Software
2.  5 Best Internet Service Locators
3.  10 Powerful But Not Yet Promoted Antivirus for PC, Mac, Android, iPhone

Antivirus Software: The Best Deals, Coupons and Discounts

User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

A mobile-friendly hotel reservation system that blends perfectly into any site!

Version: 4.0

The online hotel reservation system is built in PHP and uses MySQL to store data. The script provides a powerful room booking and reservation management functionality and allows you to install a clear call-to-action tool on your hotel website which will impact conversions and increase bookings. Our room booking system is highly customizable and compatible with various website types.

**Hotel Booking System**

*   Highlights
*   Features
*   Demo
*   Faq
*   Pricing

**Product Highlights**

Add a smart hotel reservation system on your hospitality website and make online bookings and payments possible! View below the key features that come standard with our PHP hotel booking script and contact us, if you need any customization.

Accept Bookings Online

A complete room booking system to provide hotel managers with an easy way to manage reservations and booking availability.

Mobile-Friendly Design

The front end of the hotel reservation system adapts to any screen resolution and device (PC, Mac, tablets, Android and iOS smartphones, etc.).

Editable Booking Form

Define which customer details the front-end system will require from customers using simple drop-down menus for each booking form field.

Multiple Languages

Translate the hotel reservation system into any language. Add a language tab on the booking form so clients can make their choice.

Payment Processing

Select and enable the payment methods that match your business best – PayPal, Authorize.net, credit card payments, wire transfers, etc.

Free Installation Support

Free installation support is provided for the hotel booking script. Just contact us if you have any difficulties installing the script.

Promos & Vouchers

Manage special offers – launch fixed or percentage discounts for different periods, add holiday packages and free-night promotions.

PHP Source Code Customization

Buy the script with the Developer License and make your own changes! We can customize it for you, too – see licensing options

SPECIAL OFFER

**Hotel Booking System for $4.29 Only**

Get all 65 PHPJabbers scripts in a bundle for just $299.

**Live Demo**

Preview both the front end and back end of the Hotel Booking System script and test out the whole functionality. If you have any questions or need technical advice, go ahead and contact us.

**Hotel Booking System**

**Key Benefits**

Payment Gateways

High Performance

Extended Licence

Key Features

Installation Support

**Pricing**

You can buy the Hotel Booking System both with a Developer and a User License – compare them below.  
Do you need a custom modification? We'll happily do it for you! Just contact us, describe what you need, and we'll send you a quote!

Mega Sale deal

$4.29

per script

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Contact us and you'll receive quotation for the custom changes you may need

buy now

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

Mega Sale deal

$4.29 per script

Get 65 PHP Scripts

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

LIMITED OFFER

Get the Mega Sale bundle deal with all the PHP scripts you'll ever need for a total of

$299

VIEW DETAILS

**Testimonials**

Let our clients share their experience with our room booking system and how the script has improved their online business!

“

I have used PHPJabbers in conjunction with my web designer to write a hotel reservation script for our online bookings. I have found the various staff members who have assisted me to be professional, prompt, thorough, and accommodating. Based on my experiences of their work, I would highly recommend their skills and services to anyone in need of the work they do.

Maura Lyons

“

I have used a number of third party scripts over the years as it saves weeks of development time. The problem with third party scripts is that if you want to make changes to it, it can be hard to work out how it is set up. I can say without question this is the best supported PHP script I have used. The PHPJabbers support team team not only custom built my requirements for an incredibly cheap price, they adapted their PHP hotel booking script to work exactly as we required at no extra cost. These people really do make sure you are happy. Very pleased. Thanks again.

Marcus Cox

“

This is by far the best support I ever got from any company. Thanks for your quick reply. I now finished implementation and move to testing your hotel reservation system. So far it meets my expectations.

Aylon Spigel

**FAQ & Knowledge Base**

Pre-Sale FAQ

Read the most Frequently Asked Questions about this script, its features and use.

Support Service FAQ

Read more about our Support Service and how we can help you install Hotel Booking System.

Custom Mods FAQ

Do you need something changed? We offer customization services.

How to install a Script

See how easy it is to install the script. Just follow the instructions or leave it all to us.

FTP Clients

See how to upload our scripts using different FTP clients.

PHP Framework Used

We use our own in-house build framework which is really easy to understand and work with.

Our Services

We offer a wide range of web development       services.

License Types Explained

User and Developer licence available. We also have a special Extended Licence for webmasters.

Didn’t find exactly what you were looking for?

Contact Us

**Related Scripts**

**Restaurant Booking System**

$79 / $129

**Vacation Rental Script**

$49 / $89

**Travel Tours Script**

$49 / $89

**Rental Property Booking Calendar**

$39 / $79

**Availability Booking Calendar**

$39 / $69

**Cleaning Business Software**

$69 / $129

CVE-2023-40760: Hotel Booking System | Online Hotel Reservation System

Categories: News
Tags: week

Tags:  security

Tags:  august

Tags:  2023

Tags:  trusted advisor

Tags:  cyrus

Tags:  

A list of topics we covered in the week of August 21 to August 27 of 2023



(Read more...)




The post A week in security (August 21 - August 27) appeared first on Malwarebytes Labs.

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Cyberprotection for every one.

FOR PERSONAL

Windows Antivirus

Mac Antivirus

Android Antivirus

Free Antivirus

VPN App (All Devices)

Malwarebytes for iOS

SEE ALL

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

FOR BUSINESS

Small Businesses

Mid-size Businesses

Large Enterprise

Endpoint Protection

Endpoint Detection & Response

Managed Detection and Response (MDR)

FOR PARTNERS

Managed Service Provider (MSP) Program

Resellers

MY ACCOUNT

Sign In

SOLUTIONS

Rootkit Scanner

Trojan Scanner

Virus Scanner

Spyware Scanner  

Password Generator

Anti Ransomware Protection

ADDRESS

3979 Freedom Circle  
12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay  
2nd Floor  
Cork T12 X8N6  
Ireland

LEARN

Malware

Hacking

Phishing

Ransomware

Computer Virus

Antivirus  

What is VPN?

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

MY ACCOUNT

Sign In

ADDRESS

3979 Freedom Circle, 12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay, 2nd Floor  
Cork T12 X8N6  
Ireland

A week in security (August 21 - August 27)

An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.

*   Aug 8, 2023
*   273ab05
*   zip
*   tar.gz
*   Notes

*   May 3, 2023
*   cbfa405
*   zip
*   tar.gz
*   Notes

*   Mar 1, 2023
*   b681175
*   zip
*   tar.gz

v4.9 (October 13, 2022)

\* IKEv1: fix crasher (introduced in 4.8) when USE\_NSS\_KDF=false or MD5 \[Andrew\]
\* IKEv2: fix RFC 8229 IKE/ESP over IPv6 TCP \[Andrew\]

*   Oct 14, 2022
*   394c823
*   zip
*   tar.gz

v4.8 (October 2, 2022)

\* release: remove SHA1 bindings from LIBRESWAN OpenPGP key \[dkg/Paul\]
\* pluto: ignore obsoleted unused interfaces= / --iface \[Paul/Andrew\]
\* pluto: various internal crypto struct changes \[Andrew\]
\* pluto: fix traffic counters for AH and IPCOMP \[Andrew\]
\* pluto: improve logging of duplicate serial cert error \[Andrew\]
\* pluto: support for maxbytes/maxpacket counters \[Antony/Paul\]
\* pluto: handle HW tokens using strange CKAIDs; github/815 \[Andrew\]
\* pluto: added --ipsec-max-bytes / --ipsec-max-packets support \[Antony\]
\* libipsecconf: added ipsec-max-bytes= and ipsec-max-packets= options \[Paul\]
\* IKEv2: emit one CERTREQ payload with all the hashes \[Andrew\]
\* addconn/whack: add support for {left,right}pubkey= \[Andrew\]
\* showhostkey: add support for ECDSA pubkeys \[Andrew\]
\* Crypto: add KDF self tests \[Daiki Ueno\]
\* IPv6: open IPv6 IKE port 4500; github/800 \[Andrew\]
\* showhostkey: add --pem option to print PEM encoded public key \[Andrew\]
\* unbound: \_unbound-hook converted from python to shell \[Andrew\]
\* BSD: delete old BSDKAME code replaced by PFKEYV2 code \[Andrew\]
\* BSD: fix replay window byte vs bit math \[Andrew\]
\* BSD: fix code finding interfaces; github/728 \[Andrew\]
\* FreeBSD: support large replay window; github/756 \[Andrew\]
\* FreeBSD: support ESN; github/721 \[Andrew\]
\* linux: update copy of xfrm.h header \[Paul\]
\* packaging: update fedora spec file \[Paul/Tuomo\]
\* building: on BSD, always use GCC; freebsd/264288 llvm/55963 \[Andrew\]
\* building: enable LTO when USE\_LTO=true; github/836 github/834 \[Andrew\]
\* building: dropped default build and packaging support for:
  	    Fedora 22, 28, 29, 30
            Debian stretch
            Ubuntu cosmic, xenial
            RHEL6 was removed in v4.5
            Add SUSE, Arch, Mint

*   Oct 3, 2022
*   be225bf
*   zip
*   tar.gz

v4.7 (May 24, 2022)

\* IKEv2: EAPTLS support \[Timo Teräs / Andrew\]
\* IKEv2: EAPONLY support \[Andrew\]
\* IKEv2: fix interop when IPCOMP+transport-mode \[Andrew\]
\* IKEv2: fix race between new IKE SA and liveness \[Andrew\]
\* IKEv2: fix interop with Android 12 + certificates \[Andrew\]
\* IKEv1: reject IKEv2 only authby=secret+rsasig \[Andrew\]
\* config: end keywords with no left/right prefix are applied to both ends
\* kernel: fix double delete of kernel policy when tearing down SA \[Andrew\]
\* kernel: fix deleting policy when an XFRMi FD ID; github/618 \[Andrew\]
\* kernel: general cleanups \[Andrew\]
\* \_stackmanager / pluto: support Ubuntu 18.04 LTS kernels \[Paul\]
\* FreeBSD: libreswan builds out-of-the-box \[Andrew\]
\* BSD: Add IPv6 support (tested on NetBSD)
\* building: fix build on fedora rawhide \[Paul\]
\* internals: initiate IKEv2 CREATE\_CHILD\_SA exchange using IKE SA \[Andrew\]
\* internals: \_updown.bsdkame renamed to \_updown.bsd

*   May 24, 2022
*   19eabcd
*   zip
*   tar.gz

v4.6 (January 11, 2022)

\* SECURITY: Fixes CVE-2022-23094 https://libreswan.org/security/CVE-2022-23094
\* IKEv2: aggressively check incoming fragments \[Andrew\]
\* IKEv2: when rekeying and PFS, only propose/allow original crypt-suite \[Andrew\]
\* IKEv2: when PFS, don't repeatedly log all proposals \[Andrew\]
\* IKEv2: Labeled IPsec improvements \[Andrew\]
\* IKEv1: support for ISAKMP\_N\_CISCO\_LOAD\_BALANCE removed \[Andrew\]
\* pluto: Revamp the host connection lookup mechanism \[Andrew\]
\* pluto: Change default replay-window from 32 to 128 \[Paul\]
\* pluto: Change default esn= to "either" and prefer "yes" \[Paul\]
\* pluto: Disable esn when replay-window=0 \[Paul\]
\* pluto: Drop obsolete debug options such as crypto-low \[Andrew\]
\* seccomp: Updated syscall allow-list \[Paul\]
\* packaging: replace old SUSE packaging with pointer to downstream \[Andrew\]
\* NetBSD: Don't use ESN - not supported by kernel \[Andrew\]
\* letsencrypt: Fix bashisms in letsencrypt script \[dkg\]
\* libipsecconf: allow leftauth=ecdsa|rsa (match authby= values) \[Paul\]
\* testing: significantly improved testing \[Andrew, Paul\]

*   Jan 12, 2022
*   5cb4ea7
*   zip
*   tar.gz

v4.5 (August 20, 2021)

\* IKEv1: multiple subnets could lead to crossed wires, failures \[Paul/Andrew\]
\* IKEv2: don't tear down IKE SA on TS\_UNACCEPTABLE \[Paul\]
\* IKEv2: unpend/delete Child SA when rejected by IKE\_AUTH response \[Andrew\]
\* IKEv2: mobike: resolve\_defaultroute\_one() updates \[Andrew\]
\* IKEv2: mobike: prevent sending duplicate mobike response \[Andrew\]
\* IKEv2: Support for Childless IKE SA \[Andrew\]
\* IKEv2: redirect: make peer redirecting in IKE\_AUTH childless \[Vukasin\]
\* IKEv2: Labeled IPsec --up causes Childless IKE SA \[Andrew/Paul\]
\* IKEv2: Labeled IPsec conns share SPD policies (as IKEv1) \[Andrew/Paul/Kavinda\]
\* IKEv2: Performance; eliminate more O(#CONNECTIONS) code \[Andrew\]
\* IKEv2: Immediately delete replaced Child from new (IC) IKE SA \[Andrew/Paul\]
\* pluto: mismatched subnets= could take down all conns \[Paul\]
\* pluto: Don't delete existing IKE SA of connection instance \[Paul\]
\* pluto: fail better on parse errors in subnet= clause \[Paul\]
\* libswan: use getaddrinfo(3) instead of gethostbyname2(3) \[Hugh\]
\* libipsecconf: fail to load conn if no right= or left= set \[Paul\]
\* libipsecconf: change default of initial-contact= to yes \[Paul\]
\* X509: directly append new CRL requests to the fetch queue \[Andrew\]
\* whack: implement --impair trigger:<global-event> \[Andrew\]
\* ipsec.service: remove reload which did not work as expected \[Tuomo\]
\* portexcludes: update to use python3 \[Kim\]
\* building: fix NetBSD build \[Andrew\]
\* building: fix arm / aarch64 build \[kekePower@github\]
\* building: Remove support for RHEL6 USE\_OLD\_SELINUX \[Paul\]
\* packaging: handle properly rpm sysctl config \[Tuomo\]
\* packaging: rhel7: fix python2 shebang \[Tuomo\]

*   Aug 20, 2021
*   f36ab1b
*   zip
*   tar.gz

v4.4 (April 22, 2021)

\* IKEv2: Fixes for TCP encap in Transport Mode and host-to-host \[Paul/Sabrina\]
\* IKEv2: Fixes to Labeled IPsec policies \[Kavinda Wewegama/Paul\]
\* IKEv2: Add redirect statistics to whack --globalstatus \[Clive Zagno\]
\* IKEv2: Connections would not always switch when needed \[Andrew/Paul\]
\* pluto: Fix for host-to-host connections use non-standard IKE ports \[Paul\]
\* pluto: Use peer ID (IKEv2 IDr, IKEv1 Aggr) to select best initial conn \[Paul\]
\* pluto: Disable interface-ip= as the feature is not yet implemented \[Paul\]
\* pluto: Fix PLUTO\_PEER\_CLIENT\* in updown for NAT + Transport Mode \[Paul\]
\* pluto: Remove never updated PLUTO\_VERSION for updown scripts \[Paul\]
\* pluto: Actually set PLUTO\_CONNECTION\_TYPE= to transport or tunnel \[Paul\]
\* pluto: Allow non-templated wildcard ID connections to match \[Paul\]
\* pluto: Reduce and merge various logging messages \[Andrew\]
\* libipsecconf: Do not allow vhost/vnet in IKEv2 connections \[Paul\]
\* XFRM: Restarting pluto when using ipsec-interface= could fail \[Paul\]
\* contrib/munin: Update plugin to use python3 and update doc header \[Tuomo\]
\* testing: Enable OpenBSD interop tests \[Paul/Ravi\]
\* testing: Make tests more reliable on KVM \[Andrew\]

*   Apr 22, 2021
*   383a28e
*   zip
*   tar.gz

v4.3 (February 21, 2021)

\* pluto: Restore range checking on Labeled IPsec \[Paul/Andrew\]
\* pluto: Higher state serialno does not imply newest state \[Paul\]
\* pluto: Cleanup ip\_address vs ip\_endpoint (protoport dropping) \[Andrew\]
\* pluto: Revival of code could accidentally fallback to IKEv1 \[Andrew\]
\* newhostkey: Add support for generating ECDSA keys \[Daiki Ueno\]
\* libipsecconf: Ignore empty option at end of config (rhbz#1685653) \[Andrew\]
\* whack: Add --global-redirect and --global-redirect-to options \[Pietro Monteiro\]

*   Feb 21, 2021
*   8a6ccf7
*   zip
*   tar.gz

CVE-2023-38712: Tags · libreswan/libreswan

AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets.

AdGuard DNS versions

2.2.1

Aug 7, 2023

In this update, we have improved the DNS server performance, fixed a few issues, and released a new authorization service that will allow users to access their personal account quicker.

Changelog

Performance

The number of AdGuard DNS users is growing at an enormous rate, and the total number of requests per second has closely approached 2 million. Meanwhile, over 90% of these requests come to us through encrypted DNS protocols (DoT, DoH, DoQ, DNSCrypt). Therefore, in this release, we focused on improving the DNS server’s performance and achieved great success. We can now handle an astronomical number of requests with reasonable server power.

Features

Added Czech and Slovak languages

Improved readability of highlighted text in dark theme #617

Full DNS address now displayed when setting up a device in a mobile browser #625

Fixes

Misalignment of columns when the “Device not connected” indicator dot appears #575

AdGuard verification code auto-fill issue with two-factor authentication enabled in Safari #314

Email address auto-fill bug on the login page in Safari #319

Incorrect functioning of the $dnsrewrite modifier

2.2

Apr 24, 2023

The highlight of this release is the ability to customize the Team subscription — now you can choose the number of devices, servers, and monthly requests you want before purchasing it. Also, we've added the option to select a response code for blocked requests and, of course, fixed some bugs.

Changelog

Features

Added the ability to customize the Team subscription

Added more information about monthly traffic update #490

Added the option to select a response code for blocked requests

Added AdGuard DNS blog

Updated Linked IP block design

Updated translations #570

Fixes

In the mobile version of Safari, the filtering log automatically reverts to its default state after scrolling

Problem with statistics and log retention settings #472

EDNS Client Subnet could not be disabled #542

Error condition is not reset when the type of line to be added is changed #563

Slashes are not saved in the comments of the user rules editor #576

Real-time query log updates don't retain filter changes #460

Fixed an issue that allowed a DoS attack against the service using malformed UDP packets

2.1.6

Mar 1, 2023

Minor bugs should be tackled before they build up and affect the performance of AdGuard DNS. We aim to release patches in a timely fashion, and here's another one.

Changelog

Fixed

Can't reach the 'Try AdGuard DNS' button in Safari on iOS #436

The settings of the selected server are reset after refreshing the page

The domain is not found in the search field if it was copy-pasted #530

Changed the hint text for clearing device logs/statistics #536

Added

Default TTL hint #535

Ability to customize which response will be used for a blocked domain

Option to block Mozilla canary domain

2.1.5

Feb 2, 2023

In this patch we've fixed several bugs — now AdGuard DNS runs better.

Changelog

Fixed

Spikes on the stat graph

Incorrect triggering of the device limit

Resetting statistics does not occur in all filter sections

Unable to log in to account via Apple ID if 2FA is enabled

Top blocked domains and top requested domains values in mobile version are mixed up #482

Resetting filters in filtering log does not clear domain search field #524

2.1.4

Dec 29, 2022

This patch is a little New Year’s present for you. We’ve significantly improved the performance of our DNS servers, added instructions for connecting AdGuard DNS to AdGuard VPN and AdGuard Browser extension, and fixed minor bugs.

2.1.3

Dec 7, 2022

Now it’s possible to connect an Android or iOS device with AdGuard VPN to AdGuard DNS via email. To do so:

Open the AdGuard DNS dashboard and tap the Connect new device button,

Choose Android or iOS and enter your device’s name,

Tap Next and then Send link by email,

Enter the email address you want to send the link to and click Send,

​​Open the email on the device you want to connect to AdGuard DNS and tap the Connect device button.

For this release we’ve also expanded the list of used filters, made some UI enhancements, fixed a few bugs, and added Vietnamese localization.

Added

Option to connect AdGuard DNS in the AdGuard VPN app by sending a configuration email

Vietnamese language support

Added filters

1Hosts (mini)

HaGeZi Personal Black & White

HUN: Hufilter

LIT: EasyList Lithuania

No Google

Fixed

AdGuard DNS homepage doesn’t load when iCloud+ Private Relay is enabled

2.1.2

Nov 22, 2022

In AdGuard DNS v2.1.2 we’ve enhanced the dashboard interface, added a server in Johannesburg and an option to disable automatic filtering log updates. Also, we’ve fixed some bugs so it will no longer be a problem to rename the device or understand the statistical report.

If you use AdGuard VPN for Android or iOS, you can easily add an encrypted DNS to your device. Just follow our instructions when adding a new device.

Added

Option to disable automatic filtering log updates #264

Johannesburg server

Turkish language support

Fixed

Flags were displayed incorrectly in the Traffic Direction section#428

Blank space in the Connection check section #431

Text started to glitch when renaming a device #354

Incorrect dates in the weekly stats report

2.1.1

Oct 25, 2022

This hotfix is intended to correct minor errors and add two localizations as a bonus.

Changelog

\[Enhancement\] Added translation of the dashboard and login page into Portuguese and Portuguese Brazilian

\[Fixed\] Incorrect time of latest device activity #427

\[Fixed\] Incorrect VPN subscription status #352

\[Fixed\] Refreshing the Device settings page redirects back to server settings #430

2.1

Oct 20, 2022

AdGuard DNS now supports DNS-over-HTTP/3 in experimental mode. It was a challenge, but we made it. For now only AdGuard Home and dnsproxy fully support DNS-over-HTTP/3, but soon DoH3 will appear in other AdGuard products. However, we focus on DNS-over-QUIC and consider it more advanced, but we strive to support the other protocols too, and DoH3 is a proof of that.

Another good news is that we will email AdGuard DNS users weekly and monthly reports with stats on requests, devices, and companies, which is convenient and visual. If there are too many reports, you can unsubscribe at any time.

Changelog

\[Enhancement\] Added the Apply button that appears after changing the server name

\[Enhancement\] Query log data cutoff in desktop mode #366

\[Enhancement\] Query log page numbers move when a new page is opened #368

\[Fixed\] Switching from 90 days to anything less causes dates to overlap #323

\[Fixed\] Text is cut off for the last domain in Top domains #339

\[Fixed\] Dates are cut off on the left and right side of the chart (mobile version of the website) #341

\[Fixed\] Misleading subscription status (from AdGuard VPN) #352

\[Fixed\] Wrong status of applied unblocking rules #361

\[Fixed\] The "Refresh" button on the homepage does not override the number of requests

\[Fixed\] Query log data is cut off (desktop version of the website) #366

\[Fixed\] Limit triggering in Enterprise plan

\[Fixed\] Can't scroll to account settings on Safari for macOS #353

\[Fixed\] In some cases the statistics were counted incorrectly

\[Fixed\] Top Destinations stats overlap when set to 90 days #326

2.0.1

Sep 7, 2022

It's been two weeks since the release of AdGuard DNS 2.0, but there's still a pleasant aftertaste. We've been painstakingly working on this product to give you a reliable and convenient tool to control your online traffic. And we succeeded.

Still, small bugs had crept into the release. That's why we're publishing a patch today: so you can enjoy the service, and we can move on to some bigger tasks with peace of mind.

Changelog

\[Enhancement\] Added search to the DNS knowledge base

\[Enhancement\] Updated link for Contact Us button on purchase page

\[Enhancement\] Improved the Traffic Destinations page

\[Enhancement\] Add an option to use add-cpe-id in Dnsmasq to identify the device

\[Fixed\] Disabling logs disables tariff statistics

\[Fixed\] Numbers in Japanese, Korean, Chinese are displayed incorrectly

2.0

Aug 18, 2022

The beta testing phase is finally over! From now on the new level of traffic control is available for you. With AdGuard DNS 2.0 you can:

Flexibly configure domain blocking via blocklists, query log and user rules;  

See real-time requests statistics from all connected devices;  

Enable and set up Parental control;  

Learn more about all the changes and improvements of AdGuard DNS 2.0 in our blog.

0.6

Jul 29, 2022

Check out the sixth beta version of AdGuard DNS (and hopefully the final one before the release). In it we’ve improved the dark theme: updated the map styles and QR-code, so that everything could be easily read and scanned. And, of course, we fixed some minor bugs. The private AdGuard DNS now runs smoother!

Changelog

\[Enhancement\] Updated map styles in the dark theme

\[Enhancement\] Added an option to disable iCloud Private Relay

\[Fixed\] QR code is not scanned in the dark theme

\[Fixed\] Autofill doesn’t work in Safari on macOS and iOS

\[Fixed\] Minor bug fixes in desktop и mobile versions

0.5

Jul 13, 2022

There are five fingers in a hand, five oceans on Earth, and five betas of the private AdGuard DNS. Today we're releasing the fifth beta of our DNS and we hope you'll rate it 5/5!

In this version we’ve implemented support for DDR (Discovery of Designated Resolvers) by the latest draft of the new standard. With this feature, an encrypted connection to the DNS server will be set up automatically on devices with DDR support, provided the device previously knew the server address. A computer or smartphone will send a request to the known address and receive all the necessary information to establish a secure connection.

DDR support appeared in Windows 11 Insider Preview Build 22489, which means that the feature will get into the release version after a while. When this happens, Windows and AdGuard DNS users will be automatically reconnected to encrypted DNS servers – public or private, depending on the services selected earlier.

We’ve also improved ECS (EDNS Client Subnet) implemented in the third beta. Servers now respond with more precise IP addresses that better match your location. Furthermore, we are continuing to refine the open AdGuard DNS API, and now there are methods for getting statistics. All documentation is available at Knowledge Base.

We’ve fixed some bugs and worked on the interface: authorization via Apple ID now works properly, the dark theme has become really dark, and the Query log is prettier than ever. French, Italian, Chinese, Japanese, and Korean were added to the dashboard, and we are committed to continue localizing the private AdGuard DNS, making it accessible to users from all over the world!

Changelog

\[Enhancement\] Added support for DDR (Discovery of Designated Resolvers)

\[Enhancement\] Statistic retrieval methods were added to the API

\[Enhancement\] Added an option to change subscription type

\[Enhancement\] Added an option to extend subscription

\[Enhancement\] Added support for Chinese, Japanese, Korean, French, and Italian

\[Enhancement\] Added the "Don’t ask again" checkbox to the system notification that appears when deleting user rules

\[Fixed\] After logging in via Apple ID the personal account opens instead of dashboard if the user has an AdGuard VPN subscription

\[Fixed\] In dark theme statistics blocks are highlighted in white

\[Fixed\] In dark theme text in some fields is grayed out

\[Fixed\] Some elements in the mobile version of the website are displayed incorrectly

0.4

Jun 21, 2022

The period of active "building" of the private AdGuard DNS is left behind, and now we're polishing the service to a shine. Just take a look at the current changelog and compare it to the one we published for the previous beta. The difference is obvious.

The fourth beta features dark theme and language selection – at the moment, the dashboard is translated into German, Spanish, and Russian. To find both options, go to Account settings. And some more good news: from now on all AdGuard VPN users with a subscription will get the Personal plan of the private AdGuard DNS for free.

We hope you’ll enjoy the new version. Use the service and leave feedback on any platform you like.

Changelog

\[Enhancement\] Added dark theme

\[Enhancement\] Added support for VPN subscriptions and information about VPN subscribers automatically getting a Personal DNS subscription

\[Enhancement\] Added German and Spanish localizations

\[Enhancement\] Improved search function in the filter section on mobile devices

\[Enhancement\] Supplemented instructions for different devices

\[Enhancement\] Added a link to DNS rules syntax in the query log dialog

\[Fixed\] The “View device settings” button doesn't work on iOS devices

\[Fixed\] The “Unable to renew subscription” popup hangs for too long

0.3.1

Jun 10, 2022

The recently released third beta of private AdGuard DNS was really good and brought a lot of useful features to users. However, as it turned out, it contained a few flaws. So that you don't have to deal with them anymore, we are releasing a patch v0.3.1 for private AdGuard DNS.

Changelog

\[Fixed\] Clicking the Block button in Query log deletes all existing user rules and replaces them with a new one #265

\[Fixed\] Unable to move devices between servers #248

\[Fixed\] Incorrect links on the "Thanks for your purchase" page

\[Fixed\] Discount promo codes do not work correctly

\[Fixed\] There is no payment button in the mobile version of the website

\[Fixed\] Incorrect designation of the number of requests in Statistics

0.3

May 26, 2022

Meet the third beta version of private AdGuard DNS! We are steadily moving towards a full-fledged product, adding new features, changing and improving UI — everything to make you really enjoy using AdGuard DNS.

The version history – in front of your eyes

First and foremost, we've added a version history page for the AdGuard DNS service. Now you can see the full list of changes, learn about new features, and see how the work on private AdGuard DNS service is progressing.

Contribute to AdGuard DNS translation

Until now, private AdGuard DNS could only be used in English: first we had to make sure everything was working as it should. With this version we've extended the geography by adding the possibility to translate the dashboard into different languages. Help us make AdGuard DNS more accessible to everyone by participating in the translations! You can find a detailed article on how to use the Crowdin platform in our Knowledge Base. And if you already know how to use it, visit the AdGuard DNS project in Crowdin. Select the Dashboard and choose the language you want, then you're ready to translate!

AdGuard DNS Knowledge Base

Subscription

We've added a paid subscription on private AdGuard DNS. Subscription is not required during beta testing, but we'd appreciate it if you'd like to support us now.

DNS filters

We've also fixed DNS filters: eliminated the bug with the /etc/hosts-style rules failing to work and added support for rules with $dnsrewrite. By the way, you can read about the DNS filtering syntax in the Knowledge Base.

ECS support

The AdGuard DNS servers now support EDNS Client Subnet (ECS).

This feature allows users to get responses corrected for the location of the DNS user. We had long been hesitating to implement it in AdGuard DNS: ECS assumes handing over an anonymized user's IP address to the name server. In this version, we've solved the problem: instead of the user's IP address, we pass another address from approximately the same location as the user's.

New blocklists

We've added a lot of new blocklists — now it's even easier to customize AdGuard DNS. And if that's not enough, you can request and add more blocklists in the GitHub repository (before you do that, read requirements for blocklists in the section “What Blocklists Can Be Added Here”).

Open API

AdGuard DNS now has an open API. If you want to integrate with AdGuard DNS, read the documentation.

UI fixes and more

We've also fixed a lot of minor bugs and added some useful features.

Test private AdGuard DNS and leave feedback on any convenient platforms — it will help us become better.

Changelog

\[Enhancement\] Improved the appearance of the multiselect (element with the ability to select multiple values, such as countries, devices)

\[Enhancement\] For the device location, the Traffic Destination section uses data from its last activity

\[Fixed\] Incorrect detection for account time zone

\[Fixed\] Statistics and logs do not get cleared when their retention period is changed

\[Fixed\] Incorrect country detection for some domains

\[Fixed\] Significant delay in clearing logs and statistics

\[Other\] Added the option "Last 7 days" to date selector

0.2

Mar 16, 2022

We’ve all been waiting for it: we're proud to present the open beta of private AdGuard DNS! From now on, anyone can set up their own DNS server.

We took the best of AdGuard DNS and AdGuard Home and designed a product that would be flexible and customizable, meet the needs of "geeks", and have a user-friendly interface. We hope we succeeded! And now let's take a closer look at the best features of private AdGuard DNS.

Block/unblock domains

With a private DNS server, it is only you who decides which domains should be blocked and which shouldn’t — on each device! Connect your computer, smartphone, tablet or router and manage their requests as desired.

Blocklists management

You can also choose which domain blocking rules should be implemented. And those who aren't satisfied with dozens of pre-installed blocklists can import and export their own custom rules.

Advanced statistics

Now you can see the full statistics of your requests: how many requests were registered, to which companies, and to which countries. Besides, you can view this information for different dates, countries, and even for different devices connected to your DNS server. And of course, block and unblock requests on the go.

Parental control

To protect your child from online content you deem inappropriate, you can use Parental control. You can activate the safe search and manually specify domains for blocking as well as set the schedule: for instance, not allow your child to watch videos during homework.

Join beta testing

To take part in beta testing go to AdGuard DNS website and press \*Join beta\*\*\*, then sign up or log into your AdGuard account. You're done! Create your own DNS server and manage your requests — you are in control.

0.1

Sep 28, 2021

Great news: AdGuard DNS is advancing to a new level. We're about to release the product that many have yearned for so long — the private AdGuard DNS!

What a public DNS server blocks cannot be changed — it only has to be taken for granted. With your own DNS server, you'll be in control of all the query statistics and be able to choose which domains you want to block. It'll allow you to add blocklists and set up Parental control. And the user-friendly interface will make it no problem to get to grips with it all.

We added a new website where you can already see what the private AdGuard DNS interface will look like, learn how to connect to the public DNS server, and subscribe to the AdGuard DNS newsletter. If you do, we'll message you at launch and keep you up-to-date with the latest AdGuard news.

Thank you for your support! Stay tuned — and in the meantime, we're working to make sure the next release is to your liking.

CVE-2023-41173: AdGuard DNS — ad-blocking DNS server

Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android  6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device.

CVE-2023-40530

The latest activity from Lazarus Groups, .gov domains scamming people out of "V-Bucks" and more in this week's edition.

Thursday, August 24, 2023 14:08

Welcome to this week’s edition of the Threat Source newsletter.

I have no idea how “Fortnite” keeps coming up in this newsletter, but here we are again.

Even though the game/metaverse has never been bigger, it had been a while since I had heard about “V-Bucks” scams. V-Bucks are the in-game virtual currency “Fortnite” uses to sell character skins and other visual elements.

After the game’s initial surge in popularity, scams claiming to get players easy V-Bucks were all over the place in the form of fake advertisements, phishing emails, scams and YouTube videos. And as the game has only become more ubiquitous, so have scams and cyber attacks centered around the game.

Wired reported last week that a central network of bad actors is responsible for compromising legitimate domains (some of them with the .gov and .edu top-level domains) and using them to trick players into sharing personal information or downloading malicious apps. This widespread campaign targets players of “Fortnite” and “Roblox,” another half-game, half-metaverse.

These compromised sites promised to send rewards in these games to players in exchange for clicking on a link, downloading a file or filling out a form.

This led me down another rabbit hole of potential Fortnite scams that I hadn’t thought about, which are the thousands of knockoffs that exist.

For some reason, just searching “Fortnite” on the Google Play store doesn’t return any results, but when you search “Fortnite game,” users are served with tons of apps of questionable origin and legitimacy. The real “Fortnite” can only be downloaded from the Epic Games Store, owned by the game’s publisher and the subject of a long legal saga with Apple.

The second-most-popular result for “Fortnite game” is something called “Battle Royale Chapter 4 Season3” published on the store by the auspiciously named “EPic Games,” which wreaks of the same vibes as a typosquatted domain.

Some of the top reviews for the app also seem to be written by bots, and in one case, the most recent 5-star review came from a user who appeared to credit ChatGPT with writing the text.

I’m not blaming anyone or any company for the existence of these types of scams, I just think it’s worth noting to parents and potential players that bad actors are still trying to backpack off the popularity of these games. It likely doesn’t fall on the companies making these games to regulate this space and make sure scammers aren’t capitalizing off their popularity — after all, no one blames the bank if an attacker uses their name in a phishing email to steal login credentials.

But I also don’t know who it falls to, either. As users, it again falls on us to just be hyper-vigilant and prepared, knowing attackers will try to leverage anything, even fake money used to buy virtual hot dog suits, to scam people.

**The one big thing**

The infamous Lazarus Group APT is back at it again with two new remote access trojans. The North Korean state-sponsored group is well known for using a variety of malware to generate revenue for the hermit government and trying to spy on their various adversaries. Now, they have two new RATs that Talos recently discovered, largely based on open-source tools or previously leaked malware code. Lazarus Group is increasingly using the Qt framework to create their malware, which poses new challenges for defenders. It increases the complexity of the malware’s code, making human analysis more difficult.

**Why do I care?**

Any time the Lazarus Group is active, everyone should take notice. This is one of the most high-profile APTs on the threat landscape right now, and they’ve shown that they will not hesitate to exhaust all options to try to generate money for North Korea’s government. With this specific set of RATs, they are smaller than Lazarus’ usual payloads, which makes their operations slimmer, faster and harder to detect. Once infected, Lazarus Group can carry out a wide range of malicious actions on targets, ranging from deploying ransomware to completely lock down targeted machines, stealing personal information, or hijacking hardware for cryptocurrency mining.

**So now what?**

Both the blogs we published Thursday morning include guidance on remediating these threats. The use of open-source tooling can sometimes make it easier for security researchers to spot Lazarus Group activity, and in the case of the two new RATs, Talos has a wide range of Snort and ClamAV detection available.

**Top security headlines of the week**

**The FBI warned that North Korean state-sponsored actors are preparing to cash out up to $40 million worth of cryptocurrency after multiple heists.** The Lazarus Group reportedly is holding onto six separate crypto wallets holding a combined 1,580 Bitcoin over the course of 24 hours earlier this week. This APT is known for carrying out data breaches and cyber attacks to generate funding for the country’s illegal nuclear weapons program. The Lazarus Group previously stole $60 million and $37 million in cryptocurrency from Alphapo and CoinsPaid, respectively, in July, and $100 million from Atomic Wallet in June. In its alert, the FBI shared the Bitcoin addresses associated with the attacks so cryptocurrency agencies could examine their blockchain data and “be vigilant in guarding against transactions directly with, or derived from the addresses.” (TechCrunch, SecurityWeek)

**A previously unknown hacking group appears to be behind a supply chain attack targeting roughly 100 computers located in Hong Kong and other areas of Asia.** Security researchers attributed the attack to a new actor known as “Carderbee” that is currently not tied to any state affiliations. The attackers exploited the legitimate Cobra DocGuard software — made by a Chinese software company — to deliver a malicious software update that compromised the machines. Because only about 2,000 machines worldwide use DocGuard, researchers believe it is a highly targeted attack looking to compromise specific victims. Each attack tried to deploy the Korplug (the predecessor of PlugX) backdoor onto victim computers. (CyberScoop, The Record by Recorded Future)

**The Clop threat actor was responsible for more than a third of all ransomware attacks in July,** according to multiple industry reports. Clop continues to carry out follow-on attacks associated with its massive breach of the MOVEit file transfer software. More than 4 million Colorado residents may have been affected because of the MOVEit breach, with the state’s Department of Health Care Policy & Financing (HCPF) disclosing this week that it was affected through a technology partner, IBM. HCPF stated that the MOVEit data breach leaked sensitive data but did not compromise the state agency’s internal systems. As of this week, some estimates state that more than 730 organizations have been affected by the MOVEit breach. (Cybersecurity Dive, CPO Magazine)

**Can’t get enough Talos?**

*   Talos Takes Ep. #151: Hacktivism is quietly growing, especially when it comes to Russia's invasion of Ukraine
*   Three vulnerabilities in NVIDIA graphics driver could cause memory corruption
*   Generating FLIRT signatures for Nim and other non-C programming languages
*   Cisco: Bringing More Intelligence to Bear on the Threat Landscape

**Upcoming events where you can find Talos**

**LABScon** **(Sept. 20 - 23)**

Scottsdale, Arizona

> Vitor Ventura gives a presentation that’s a detailed account and timeline of one such mercenary organization, from almost bankrupt to having a fully working spyware targeting iOS and Android with a one-click zero-day exploit.

**Grace Hopper Celebration** **(Sept. 26 - 29)**

Orlando, Florida

> Caitlin Huey, Susan Paskey and Alexis Merritt present a "Level Up Lab" titled "Don’t Fail Knowledge Checks: Accelerating Incident Response with Threat Intelligence." Participate in several fast-paced activities that emphasize the importance of threat intelligence in security incident investigations. Attendees will act as incident responders investigating a simulated incident that unfolds throughout this session. Periodic checkpoints will include discussions that highlight how incident response and threat intelligence complement each other during an active security investigation.

**ATT&CKcon 4.0** **(Oct. 24 - 25)**

McLean, Virginia

> Nicole Hoffman and James Nutland discuss the MIRE ATT&CK framework in “One Leg to Stand on: Adventures in Adversary Tracking with ATT&CK.” Even though ATT&CK has become an industry standard for cyber threat intelligence reporting, all too often, techniques are thrown at the bottoms of reports and blogs without any context never to be seen again after dissemination. This is not useful for intelligence producers or consumers. In this presentation, Nicole and James will show analysts how to use ATT&CK as a guideline for creating a contextual knowledge base for adversary tracking.

**Most prevalent malware files from Talos telemetry over the past week**

**SHA 256:** 24283c2eda68c559f85db7bf7ccfe3f81e2c7dfc98a304b2056f1a7c053594fe  
**MD5:** 49ae44d48c8ff0ee1b23a310cb2ecf5a  
**Typical Filename:** nYzVlQyRnQmDcXk  
**Claimed Product:** N/A  
**Detection Name:** Win.Dropper.Scar::tpd

**SHA 256:** a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91  
**MD5:** 7bdbd180c081fa63ca94f9c22c457376  
**Typical Filename:** c0dwjdi6a.dll  
**Claimed Product:** N/A  
**Detection Name:** Trojan.GenericKD.33515991

**SHA 256:** 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507  
**MD5:** 2915b3f8b703eb744fc54c81f4a9c67f  
**Typical Filename:** VID001.exe  
**Claimed Product:** N/A  
**Detection Name:** Win.Worm.Coinminer::1201

**SHA 256:** 4c3c7be970a08dd59e87de24590b938045f14e693a43a83b81ce8531127eb440  
**MD5:** ef6ff172bf3e480f1d633a6c53f7a35e  
**Typical Filename:** iizbpyilb.bat  
**Claimed Product:** N/A  
**Detection Name:** Trojan.Agent.DDOH

**SHA 256:** 5e537dee6d7478cba56ebbcc7a695cae2609010a897d766ff578a4260c2ac9cf  
**MD5:** 2cfc15cb15acc1ff2b2da65c790d7551  
**Typical Filename:** rcx4d83.tmp  
**Claimed Product:** N/A  
**Detection Name:** Win.Dropper.Pykspa::tpd

Years into these games’ histories, attackers are still creating “Fortnite” and “Roblox”-related scams

Musician Alex Pall spoke with WIRED about his VC firm, the importance of raising cybersecurity awareness in a rapidly digitizing world, and his surprise that hackers know how to go hard.

On Saturday, with Hurricane Hilary looming, Alex Pall and Drew Taggart of the DJ duo The Chainsmokers performed a concert at Los Angeles State Historic Park that set an all-time attendance record for the venue. By Tuesday night, Pall was in Switzerland, speaking to WIRED on Zoom, but he had a different recent event on his mind: his and Taggart's first-ever trip earlier this month to the Black Hat security conference in Las Vegas.

On top of being DJs and electronic music producers, The Chainsmokers are also active tech investors. They founded a venture firm, Mantis VC, in 2019 with two other entrepreneurs and now have investments in a broad portfolio of fintech, machine learning, ecommerce, gaming, and healthcare startups. And though Mantis doesn't specifically focus on cybersecurity, the firm is starting to develop a reputation for identifying startups that are attempting to address esoteric yet critical digital security problems.

This morning, for example, the now-independent mobile security app iVerify announced a $4 million seed funding round that Mantis is participating in. The well-regarded app, which grew out of an incubator at the security firm Trail of Bits, aims to take on the mercenary spyware industry by making it easy for people or organizations to scan their iOS and Android devices for suspicious activity and malware. 

How did The Chainsmokers get interested in digital privacy, incident response, software supply chain security, and anti-spyware tools? And how did Pall, a celebrity DJ who performs all over the world, end up partying at Black Hat? He broke it down for us. Our conversation has been lightly edited for length and clarity.

**WIRED: I'm super curious, where does the security and privacy specialization come from?**

**Alex Pall:** I gotta give credit to Saveena \[Mandadi, a Mantis investor and director of operations\] who's definitely the leader of that space for us. She's done a terrific job building out our thesis around the space. But going back a little bit further, you look at our portfolio, and it probably seems a bit out of character for how you would imagine two musicians to be investing their time and money. And that was very much intentional. 

When you're an artist with a platform like ours, you're getting sought out for two things: distribution and marketing—consumer-related brands or creator, economy, and social. But a few years into it, we were reading the news, and you can't help but take a second look at your portfolio and be like, why are we not in companies like Palo Alto Networks and CrowdStrike? And it dawned on us that we were kind of falling victim to the consumer space in a way. We wanted to go out and invest in tools that, behind the scenes, could be the things powering society. And it was also just a challenge at first, like maybe we can be some of the first artists to show what kind of value we could bring outside of the typical ecosystem you'd imagine us investing into.

**Do you feel like you're raising awareness for other investors that security and privacy issues impact everyone's lives and everyone's work?**

People take for granted that if you type in your bank information, it's going to be secure. Or if you log in to your iPhone and send something private to somebody else, that it's not going to end up in the wrong hands. But we had a firsthand experience a number of years ago—our Twitter account got hacked while we were in London. It was a really, really awful experience to have somebody inside your system, speaking like they're you. And obviously, that was just a little taste of the larger consequences that can happen. 

You can easily invest in one really terrible cybersecurity company and say, 'We've made a huge mistake getting into this space.' So I think it's always been the strategy for us to be a part of the best businesses, even if it's not the most exciting work to the average person when you read it on paper. And hopefully, we de-risk it a bit for others by investing in people who are far more experienced than us.

**Why did you want to invest in iVerify? What's important about it and about focusing on the threat of spyware?**

Our phones aren't always as secure as people think, especially for people like journalists and politicians. Mobile device management is obviously a big issue, but there are lots of important people and organizations that probably don't focus enough on it. So it's critical that iVerify is a really powerful but also simple solution.

**What's it been like to connect with the security community? It sometimes has a reputation that it's a group of people who are really tinfoil-hat and hard to interact with or hard to break into.**

There's a lot of pressure on them. Not only do they have to make sure that everything's secure and safe and people are following the guidelines set by an organization, but the pace at which innovation is happening and you're adopting new technologies and bringing new software in—it's a lot of work while still keeping all the customers happy and hoping that the machine doesn't break down. That's a daunting task, and these things are only going to become more and more important as everything becomes more digital. 

In movies, they certainly don't paint \[hackers\] as the outgoing, fun people at the party. They're usually the ones saving the day, which is the truth. So that's something that we've kind of recognized and realized, which is, how do we, through whatever platform we have, bring more awareness to this space and get more people interested and excited about the applications of cybersecurity?

A lot of the time you're dealing with founders who are extremely technical and brilliant, but we all have our shortcomings. I'm not extremely technical or brilliant. So the idea is that we, hopefully, can come together and leverage each others' strengths to accomplish a really challenging goal.

**It sounds like you at least got to have some fun at Black Hat, right?**

We hosted an event at Black Hat for one of the companies we invest in, Chainguard \[which focuses on software supply chain security\]. And they're all wonderful, but I had no idea what kind of crowd we would be drawing on for this. I didn't think everyone was going to be terrible or boring or something, but I was surprised because everyone was awesome. We had a great night out. Eventually, I was like, I've got a show tomorrow, so we can't keep going all night!

**I think security folks are going to be** _**thrilled**_ **to hear that The Chainsmokers had fun partying with them.**

You know, growing up, I was on ClarisWorks pretending I was hacking into things, and I was a big fan of the movie _Hackers._ They were really cool to me. And this stuff is really important. As the world continues to advance with AI technology, we as a society will need more cybersecurity experts. And they deserve more recognition so they can secure all the new things that we're getting excited about. 

We all want to move as fast as possible, but at the end of the day, you can't have this system that's just jerry-rigged together. As new companies spring up and all the code that's being written—you need to have some sort of observability into this in real time to understand where the flaws are. Soon, all of our identities will just be in the metaverse or something. Who knows. So these things become more critical every day.

Why The Chainsmokers Invest in—and Party With—Niche Cybersecurity Companies

By Deeba Ahmed
Akira ransomware operators specialize in targeting corporate endpoints for stealing sensitive data.
This is a post from HackRead.com Read the original post: New Akira Ransomware Targets Businesses via Exploited CISCO VPNs

The Akira ransomware has been repeatedly spotted since mid-2023 by several security firms, but this time it has made headlines for targeting big fish: CISCO VPNs.

**Key Findings**

*   Cisco VPN products are being exploited by the newly identified ransomware group Akira, which focuses on targeted attacks against corporate entities.

*   Akira gang leverages vulnerabilities in Cisco VPNs to gain unauthorized access, enabling them to launch ransomware attacks and demand ransom for sensitive information.

*   The Akira gang’s primary goal is to infiltrate and compromise corporate networks, particularly those lacking multi-factor authentication (MFA) for VPN access.

*   Researchers suspect the hackers might have exploited a zero-day vulnerability, mainly affecting VPN accounts without MFA, to gain unauthorized access.

*   Akira ransomware has been observed targeting various sectors, including education, real estate, healthcare, manufacturing, and corporations, indicating a broad and persistent threat to diverse industries.

Multiple cybersecurity firms have confirmed that Cisco VPN products are being targeted with ransomware, and the perpetrators are members of a relatively new gang identified as Akira.

Corporate entities are the primary target of this ransomware campaign, solely aimed at obtaining sensitive information and making money through ransom. All that Akira members need is to log into the accounts from the VPN service.

However, researchers couldn’t determine how the hackers gained access to Cisco VPN’s accounts’ login credentials in the first place, considering that Cisco ASA doesn’t feature a logging function.

Akira ransomware has been repeatedly spotted since mid-2023 by several security firms. For instance, Sophos detected it in May and reported that the gang utilized VPN access to target their desired networks through Single-factor authentication.

In another report, an incident responder using the alias SecurityAura stated that Akira could only compromise those VPN accounts that didn’t feature (multi-factor authentication).

> I'm just gonna go ahead and say it. If you have:
> 
> Cisco VPN  
> No MFA for it
> 
> You may get a surprise knock from #Akira #Ransomware soon.
> 
> So yeah, go look at your AD auth logs for 4624/4625 from a WIN-\* machine in your user VPN range.
> 
> If you have a hit, may the IR Gods help you.
> 
> — Aura (@SecurityAura) August 5, 2023

Some researchers believe that attackers may have used brute force to compromise these accounts or bought access from a third party via a dark web marketplace. SentinelOne’s research published on 23 August highlighted that the hackers might have used a zero-day vulnerability that mainly impacted accounts without having MFA. 

SentinelOne researchers also noted that threat actors have become increasingly interested in inserting ransomware into the codebases of popular products, especially VPNs. Their most preferred ransomware families include Conti, LockBit, and Babuk.  

Regarding Akira, SentinelOne researchers wrote that the malware’s Linux variant was discovered in June 2023 but the operations have been active since April 2023. Attackers deliver Akira by exploiting vulnerable public services and applications. Per SentinelOne researchers, they are more inclined to target MFA-based vulnerabilities. 

Akira’s attack scope is vast as it targets educational institutions, real estate, healthcare, and manufacturing sectors apart from corporations. Linux versions of Akira ransomware are based on the Crypto++ library for enabling encryption on targeted devices. Akira’s brief command set doesn’t contain options to shut down VMs before encryption.

However, the attacker can control encryption speed and the possibility of data recovery by the victim through the -n parameter. This means if the encryption speed is fast, there is a dim chance that the victim will recover the data using decryption tools. If the speed is slow, there is a good chance the victim can recover data.

Akira’s activities were first detected by a US-based cybersecurity firm Arctic Wolf in March 2023. Per their research, attackers’ main targets were small to medium-sized businesses worldwide, with a considerable focus on the US and Canada. Researchers also found links between Akira and Conti operators.

Akira decryptor was released by Avast in late June 2023 but the ransomware operators updated the encryptor so decryption may only work on older versions.

Cisco VPN products are popular among businesses. Organizations rely on it for the secure transmission of data between networks/users. It is considered mandatory for hybrid and remote workers. This explains why threat actors might be interested in exploiting it. Organizations must remain vigilant and ensure foolproof digital security to prevent data loss and extortion attempts from ransomware operators.

In this regard, My1Login CEO Mike Newman has shared some tips with Hackread.com for organizations to stay protected. “With VPNs providing a direct tunnel, deep into an enterprise’s network, this is not the type of access you ever want to fall into the hands of malicious actors.”

“The best way to protect this access is by implementing two-factor authentication, so any organisation using Cisco VPNs must do this as a priority. But it’s also a practice that should be applied to any business using a VPN,” Mike added.

“VPNs are a direct route into the enterprise network, and they open the organisation’s networks up to the outside world, Securing this with multiple layers of authentication is a standard best practice and one of the best ways to avoid getting caught up in incidents like these.”

“Furthermore, it is also critical to implement policies against password reuse as this reduces the risk of one set of breached credentials on the dark web enabling access to other applications and services,” said Mike.

1.  NSA, CISA Release Guidelines to Secure VPNs
2.  Hackers Leak i2VPN Admin Credentials on Telegram
3.  Popular Swing VPN Android App Identified as DDoS Botnet
4.  Hackers dump login credentials of Fortinet VPN users in plain-text
5.  Chinese Hackers Using Stolen Ivacy VPN Certificate To Sign Malware

Tag

#android