Jan 18 2022

Microsoft releases Windows out-of-band emergency fixes for Win Server, VPN issues

Category: VPNDISC @ 1:33 pm

Microsoft has released emergency out-of-band (OOB) updates for Windows to address multiple issues caused by security updates issued as part of the January 2021 Patch Tuesday.

The Windows Server updates for January were causing a series of issues for administrators, multiple administrators reported anomalous reboots of Windows domain controllers, and Hyper-V that was no longer starting on Windows servers.

Reports also claim that the Windows Resilient File System (ReFS) volumes were no longer accessible after the installation of January 2021 updates.

Some administrators and users reported problems with L2TP VPN connections on Windows 10 after installing the recent Windows 10 and Windows 11 cumulative updates.

“Microsoft is releasing out-of-band (OOB) updates for some versions of Windows today, January 18, 2022,” the company said. “This update fixes issues related to VPN connectivity, Windows Server domain controller restarts, virtual machine startup failures, and ReFS-formatted removable media that fails to mount.”

The OOB updates can be downloaded from the Microsoft Update Catalog, if they are not installed directly from Windows Update as optional updates.

Emergency out-of-band (OOB) updates through Windows Update are optional updates and have to be manually installed.

Below are the updates can only be downloaded through the Microsoft Update Catalog:

These are the updates for these Windows versions that are also available through Windows Update as an optional update:

  • Windows 11, version 21H1 (original release): KB5010795
  • Windows Server 2022: KB5010796
  • Windows 10, version 21H2: KB5010793
  • Windows 10, version 21H1: KB5010793
  • Windows 10, version 20H2, Windows Server, version 20H2: KB5010793
  • Windows 10, version 20H1, Windows Server, version 20H1: KB5010793
  • Windows 10, version 1909, Windows Server, version 1909: KB5010792
  • Windows 10, version 1607, Windows Server 2016: KB5010790
  • Windows 10, version 1507: KB5010789
  • Windows 7 SP1: KB5010798
  • Windows Server 2008 SP2: KB5010799

Tags: Win Server, Windows out-of-band emergency fixes


Nov 26 2021

NordVPN subscription

Category: VPNDISC @ 12:04 pm

This Black Friday, save 68% | NordVPN2 years of cybersecurity for only $3.71 per month.

One account, 6 devices. Protect yourself, your friends, or your household without buying multiple accounts.

Easy-to-use app. You don’t need to be a cryptographer to use NordVPN. Just pick a server and connect.

For all your gadgets. Get NordVPN for your phone, tablet, and laptop. Don’t forget your smart TV and router.

This Black Friday, save 68% | NordVPN2 years of cybersecurity for only $3.71 per month.

Tags: NordVPN


Jun 17 2021

VPNs and Trust

Category: VPNDISC @ 10:13 am

Most interesting to me is the home countries of these companies. Express VPN is incorporated in the British Virgin Islands. NordVPN is incorporated in Panama. There are VPNs from the Seychelles, Malaysia, and Bulgaria. There are VPNs from more Western and democratic countries like the US, Switzerland, Canada, and Sweden. Presumably all of those companies follow the laws of their home country.

And it matters. I’ve been thinking about this since Trojan Shield was made public. This is the joint US/Australia-run encrypted messaging service that lured criminals to use it, and then spied on everything they did. Or, at least, Australian law enforcement spied on everyone. The FBI wasn’t able to because the US has better privacy laws.

We don’t talk about it a lot, but VPNs are entirely based on trust. As a consumer, you have no idea which company will best protect your privacy. You don’t know the data protection laws of the Seychelles or Panama. You don’t know which countries can put extra-legal pressure on companies operating within their jurisdiction. You don’t know who actually owns and runs the VPNs. You don’t even know which foreign companies the NSA has targeted for mass surveillance. All you can do is make your best guess, and hope you guessed well.

Teleworking: VPN and other recommendations | INCIBE-CERT

The same should be pertinent for any technology or piece of software or hardware produced in other countries where privacy and copywrite laws are lax , anything supporting technology from a piece of software or hardware.

Tags: VPNs and Trust


Jun 15 2021

VPN attacks up nearly 2000% as companies embrace a hybrid workplace

Category: VPNDISC @ 12:33 pm

“As companies return to a hybrid workplace, it’s crucial that they are aware of the evolving threat landscape,” said Craig Robinson, Program Director, Security Services at IDC. “The data highlighted in this threat report by Nuspire and Recorded Future shows that security leaders need to stay vigilant as threat actors see opportunity in the continued era of remote access.”

Increase in VPN attacks

In Q1 2021, there was a 1,916% increase in attacks against Fortinet’s SSL-VPN and a 1,527% increase in Pulse Connect Secure VPN. These vulnerabilities allow a threat actor to gain access to a network. Once they are in, they can exfiltrate information and deploy ransomware.

“2020 was the era of remote work and as the workforce adjusted, information technology professionals scrambled to support this level of remote activity by enabling a wide variety of remote connectivity methods,” said J.R. Cunningham, CSO at Nuspire. “This added multiple new attack vectors that enabled threat actors to prey on organizations, which is what we started to see in Q1 and are continuing to see today.”

Because of the significant increase in VPN and RDP vulnerabilities, the report discovers malware, botnet and exploitation activity are down compared to Q4, but threat actors are still on the prowl.

Additional findings

Network Security, Firewalls, and VPNs with Cloud Labs

Tags: VPN attacks


Jan 25 2021

VisualDoor: SonicWall SSL-VPN Exploit

Category: Information Security,VPNDISC @ 12:28 am

TL;DR: SonicWall “Virtual Office” SSL-VPN Products ship an ancient version of Bash vulnerable to ShellShock, and are therefore vulnerable to unauthenticated remote code execution (as a “nobody” user) via the /cgi-bin/jarrewrite.sh URL.

The exploit is incredibly trivial. We simply spaff a shellshock payload containing a bash /dev/tcp backconnect at it, and we get a shell. Now, the environment on these things is incredibly limited – its stripped down Linux. But we have bash, openssl, and FTP. So you could always download your own toolkit for further exploitation.

Anyway, here is the public exploit. It is incredibly trivial and recycles the telnetlib handler for reverse shells from exploits released by Stephen Seeley. https://github.com/darrenmartyn/visualdoor.

Source: VisualDoor: SonicWall SSL-VPN Exploit


Nov 24 2020

Black Friday deal:

Category: VPNDISC @ 10:37 pm

Get 68% off NordVPN + 3 months FREE

NordVPN’s Black Friday promotion is now live with 68% off a 2-year VPN subscription and an additional three months for free. This offer gives you a total of 27 months of VPN access for a monthly cost of $3.30!

NordVPN’s Black Friday promotion is now live with 68% off a 2-year VPN subscription and an additional three months for free. This offer gives you a total of 27 months of VPN access for a monthly cost of $3.30!

If you wish to stay anonymous on the Internet while browsing the web, streams movies or listen to music, then this NordVPN deal may be something that will interest you.

As part of this deal, you get a 27-month subscription to the NordVPN VPN service, which allows you to browse the Internet, send email, download files, or perform network requests anonymously.

 

Whether you want to explore a new topic, advance your career, or get a degree, you’ll find a place to start learning on edX. Choose from thousands of courses in over thirty subjects, all brought to you by the world’s best universities and industry leaders.

Use code CYBER2020 to save 20% on your next course or program purchase. https://lnkd.in/g_k_QHF

Image may contain: 1 person, text that says 'CYBER MONDAY edX Don't miss out! Save 20% on your purchase CODE: CYBER2020'

Your online bookshop with Free worldwide delivery.





Aug 05 2020

Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers

Category: Security Breach,VPNDISC @ 4:48 pm

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum.

Source: Hacker leaks passwords for 900+ Pulse Secure VPN enterprise servers





Jul 18 2020

Seven ‘no log’ VPN providers accused of leaking – yup, you guessed it – 1.2TB of user logs onto the internet

Category: Log Management,VPNDISC @ 2:34 pm

Maybe it was the old Lionel Hutz play: ‘No-logging VPN? I meant, no! Logging VPN!’

Source: Seven ‘no log’ VPN providers accused of leaking – yup, you guessed it – 1.2TB of user logs onto the internet

 

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles





Jul 06 2020

NSA releases guidance on securing IPsec Virtual Private Networks

Category: VPNDISC @ 11:29 am

The US National Security Agency (NSA) has published guidance on how to properly secure IP Security (IPsec) Virtual Private Networks (VPNs) against potential attacks.

Source: NSA releases guidance on securing IPsec Virtual Private Networks



Networking – IPSec Theory
httpv://www.youtube.com/watch?v=OgbbLCtdVvY



Explore the subject of Cyber Attack

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles





Mar 01 2019

How to set up a VPN

Category: VPNDISC @ 4:02 pm

Make sure you can surf safely

In a nutshell, a VPN establishes a secure, encrypted connection between your device and a private server, hiding your traffic from being seen by others. Of course, the VPN itself can still see your traffic, which is why you should choose a VPN from a company you trust. (A good rule of thumb is to avoid free VPNs, because if they’re not charging you a fee, they may be monetizing in some less desirable way.) In addition, law enforcement can get its hands on your information through the VPN company. However, for the most part, a VPN offers you a way to hide your online activity from others.

Source: How to set up a VPN

 

  • NordVPN apps for iOS and macOS
  • How to connect your phone to a VPN


  • Enter your email address:

    Delivered by FeedBurner





    Aug 24 2018

    NordVPN apps for iOS and macOS

    Category: VPNDISC @ 4:31 pm

    Redesigned NordVPN apps for iOS and macOS are available now!

    NordVPN team has been on a mission “Make the app UX go WOW” for a while. As they want users to have smooth and hassle-free NordVPN experience, rethinking our app navigation from the ground up felt like the right thing to do. Tweak after tweak, and today NordVPN’re more than excited to introduce the redesigned NordVPN apps for iOS and macOS! This a major design update, so let’s take a closer look.

    NordVPN app for iOS goes 4.0. What’s inside?

    Once you open the updated app, the view and navigation you will see is likely to remind you of a deck of cards. We organized our app this way to make it more thumb-friendly and clear for finding what you’re looking for.

    Swipe up to browse servers

    What can you do with a simple swipe-up? Great things, great things… From now on, by swiping up in the main map screen you’ll get one-tap access to:

    • Servers by country
    • Specialty servers
    • Search
    • Your favorites’ list

     

    Anonymous VPN Service

    NordVPN – The World’s most advanced VPN 

     





    Tags: vpn