By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Security researchers have discovered an emerging threat that they fear could be nearly unstoppable. This growing botnet has already managed to enslave nearly 20,000 computers. It is known as DDG was first discovered in early 2018 by the network security experts at China-based Netlab 360. Back then the nascent botnet had control of just over 4,000 so-called zombies and used them to mine the Monero cryptocurrency. Much has changed since then. Today’s incarnation of DDG isn’t just five times larger. It’s also much more sophisticated. One of its distinguishing features is its command and control system. Most botnets are designed around a client/server model. Infected machines listen for instructions from the servers and then carry out their orders. DDG has a built-in Plan B, however: a proprietary peer-to-peer network. If the zombies can’t contact the servers, they automatically switch over to P2P channels to keep the operation running — exchanging payloads and instructions as if nothing had happened. They even utilize a built-in proxy system to obfuscate their activities. It’s a dastardly one-two punch, and one that Netlab 360 believes makes DDG “seemingly unstoppable.” Security professionals often disrupt botnets by wresting control of a domain name or an essential server away from the criminal operators. That won’t work against DDG. Despite its sophistication, the DDG botnet has grown very slowly. Its spread is also fairly limited geographically-speaking, too, with 86% of infections occurring in China. It’s not in the same league as botnets like Conficker or Necurs, which hit tens of millions of computers. Netlab 360 researchers think there’s a simple explanation for that. DDG’ss creator is probably quite happy with things the way they are. Its zombie army can mine a fair bit of Monero without attracting a lot of attention. By shedding a little light on DDG, Netlab 360 hopes that the cybersecurity community can figure out a way to slow or disrupt its operation before it evolves into something much more sinister. Redis server owners are advised to secure database accounts with strong passwords, while OrientDB server owners should update their machines as soon as possible. The DDG botnet shows that crooks don't have to build advanced malware and multi-layered infrastructure to make a profit today. Because of this reason and the high yielding profits is why we've seen so many Monero-mining botnets appear in the past year. For more turn to OUR FORUM.

Signal has threatened to pull out of the US if the Congress decided to pass the latest anti-encryption bill into law. Last year, the company went against the Australian government who wanted to pass a similar law in the country. In case you don’t know, Signal is a popular encrypted messaging tool used by individuals and organizations to share sensitive information. However, the company is threatening to pull out if Congress passes the controversial anti-encryption bill. The EARN IT Act was introduced to the US Senate last month and has received a lot of backlashes from the public and companies like Signal. The Act would force the tech companies to forgo the use of end-to-end encryption. Signal developer Joshua Lund explained the implications of the new Act in a blog post titled, “230, or not 230? That is the EARN IT question.” Section 230 of the Communications Decency Act “protects online platforms in the United States from legal liability for the behavior of their users.” This basically means that companies like Facebook and Twitter are protected by law against the misuse of their platform by the users. While companies like Facebook can certainly carry the financial burden of being held accountable for the users’ actions, a small company like Signal cannot. Moreover, end-to-end encryption ensures that the data shared by two users cannot be viewed by a third-party including the platform used to transmit data. This is achieved using encryption keys that encrypt and decrypt data in real-time making it almost impossible for a third-party to eavesdrop without the correct encryption key. The US Congress said it needs to pass the Act to track down criminals who exploit children or use social media platforms for human trafficking and other criminal activities. However, the Electronic Frontier Foundation (via Gizmodo) (EFF) has argued that there is already a large swath of existing laws that target child sexual abuse and child sex trafficking ads, the EARN IT Act is not required. Lund correctly noted that “Bad people will always be motivated to go the extra mile to do bad things. If easy-to-use software like Signal somehow became inaccessible, the security of millions of Americans (including elected officials and members of the armed forces) would be negatively affected. Meanwhile, criminals would just continue to use widely available (but less convenient) software to jump through hoops and keep having encrypted conversations.” Follow this and more by visiting OUR FORUM.

If just about any manufacturer besides Huawei had faced such extreme restrictions on its software, its smartphone division would be facing a guaranteed death sentence. Yet here we are, nine months on from Huawei's initial placement on the U.S.'s "entity list," and the company's consumer device arm is very much alive and kicking. More than that, in fact -- it's pushing ahead with building out its own ecosystem and has recently launched what might well be the best smartphone camera of the year in the Huawei P40 series. As a recap, Huwaei's smartphone software challenges are about more than just not having Google's applications and storefront preloaded on its new phones. Google services are ubiquitous elsewhere, of course, but the larger issue has to do with the under-the-hood bits and bytes that help other manufacturers' apps work, which live inside Google Play Services. Think: single sign-on for apps like Skyscanner, Concur and Skype. Or Widevine DRM for Netflix. Or SafetyNet for mobile payments and banking. No Google doesn't just mean no Google apps, it means anything that relies on Google's under-the-hood components will also face issues. In some cases, that means even downloading an APK file from elsewhere won't get you optimal performance if a certain app still relies on the underlying Google code. It's also far from clear whether it'll ever be possible to reliably sideload Google Mobile Services on the P40 series, as it (briefly) was for the Mate 30 series and some older Google-less Huawei phones. Which is where Huawei Mobile Services comes in. Starting last summer, Huawei embarked upon the mammoth task of creating its own mobile services framework, with the ultimate goal of emerging as the third major mobile platform, alongside Google and Apple. The company certainly has near-limitless resources to dedicate to this task, as proven by its actions in recent weeks: wooing developers with a more generous revenue cut, while also building compelling new features into the new Huawei ecosystem. Though there are still app gaps to be seen, Huawei's AppGallery storefront has improved considerably since last May. The most significant absences are U.S.-developed apps, for obvious reasons. Elsewhere, Huawei has tapped local alternatives for features like maps, messaging and the like. And efforts to bring more big-name developers to Huawei's storefront are ongoing. Nevertheless, the stopgap solution of using the "Phone Clone" feature to port across apps that aren't yet available is imperfect at best. If an app isn't available on AppGallery, you're left having to manually update it via unofficial sites like APKMirror. If you're going in fresh, you may find an unofficial, curated site like this to be your best option. Even then, many of these apps rely on Google Mobile Services at present, and until Huawei is able to coax all the big players into adopting its HMS alternative, there are going to be some unavoidable teething issues. One scenario which seems increasingly unlikely is some sort of truce between Huawei and the U.S. government, with rumors swirling this week that the administration may even try to cut off Huawei from US-aligned chip vendors like TSMC. There's more posted on OUR FORUM.

Apple iPhone owners could not be blamed for rushing to upgrade to Apple iOS 13.4. It brings a lorry load of new features but unfortunately, it is also full of problems. The bugs keep coming in iOS 13.4. 9to5Mac has spotted a new search bug for iPhone users where the plus sign (+) is automatically deleted. This is less troublesome than most of the bugs listed below, but it can have consequences, ranging from the irritating ('Disney+' only brings up 'Disney') to the potentially costly (searching for Galaxy S20+ prices will show you the 'Galaxy S20' which could see you jump at the lower price and accidentally purchase the wrong phone). Ironically, iPhone users interested in Apple's new Apple TV+ service will only be shown Apple TV hardware boxes. Curiously, 9to5Mac notes that MacOS 10.15.4 also suffers from this so Apple is spreading the bugs around with its latest updates. iOS has again hit the headlines, and not in a way Apple will like. Digging through leaked iOS 14 code, MacRumors has discovered an image buried inside the code of a controller for an AR/VR headset. In keeping with Apple's design aesthetic, the controller is typically minimalist: cylindrical tube with a matte black finish and single power button. This builds on an earlier MacRumors finding that iOS 14 contains a new AR app codenamed Gobi, which it believes Apple is using for internal testing. Curiously, the company has also set up an AR "bowling game [which] can only be triggered at an intersection near an Apple office known as 'Mathilda 3' at 555 N Mathilda Ave in Sunnyvale, California, which may be one of the locations that Apple is developing its AR/VR headset." A lot of mystery remains, but one thing is clear: following the arrival of the advanced LiDAR sensor in Apple's new iPad Pros, Apple will make a major push for AR/VR in 2020 and the iPhone 12 will be next. Discovered by popular VPN service Proton, Apple iOS 13.4 contains a security vulnerability that prevents your data from being secured when using a VPN on your iPhone. Proton explains that iOS 13.4 fails to close existing unsecured connections when your VPN is started and “some are long-lasting and can remain open for minutes to hours outside the VPN tunnel.” This is hugely significant for any iPhone owner who uses a VPN to protect their most sensitive data. And, most worryingly, Proton explains that it originally discovered the bug in iOS 13.3.1 and told Apple - who acknowledged it - but has since failed to provide any subsequent fix, despite iOS 13.4 coming out almost two months later. “Neither ProtonVPN nor any other VPN service can provide a workaround for this issue because iOS does not permit a VPN app to kill existing network connections,” Proton explains. It suggests starting your VPN, and turning AirPlane mode on and off as a way to kill active connections outside the VPN but this only works for Apple’s Always-on VPN since it requires device management, to which no third-party VPNs have access. Aside from its security vulnerabilities, iOS 13.4 and iPadOS 13.4 upgraders are reporting multiple issues, including broken third-party keyboards on iPads, unreliable Bluetooth connectivity with odd shortcut glitches and crashes and missing cellular networks for dual sim users. On top of this, there are bugs in Control Center, the virtual keyboard, Assistive Touch, opening and updating apps and more. This list also excludes the ongoing cellular data and hotspot problems Apple has privately recognized but, so far, failed to fix in iOS 13. We have more posted on OUR FORUM.

Earlier this year, Microsoft released its latest chromium-based Edge web browser, the same engine on which Google Chrome is running. This, however, leads to a browser war between the two tech giants. Google warned the user against downloading Chrome’s web extension on the new Edge browser, citing a reason that web extensions are less secured on Edge. Microsoft, on the other hand, asks its users to avoid using Chrome Extensions as they can reduce the Edge performance and functioning. People were waiting for neutral testing and review of both the browsers, which was finally done by Professor Douglas Leith, from the School of Computer Science and Statistics at Trinity College, Dublin. This will surely put a full stop on the arguments and debates which are going on between Chrome Vs Edge. Professor Douglas Leith’s research is based on how all the popular web browsers communicate with the backend servers. And the results were surprising. He categorized the browsers into three groups based on the privacy perspective. In the first group, which is considered to be the most private, there is only a single browser – Brave. The second group with moderate privacy contains Chrome, Firefox, and Safari. And the last group with the browser with the least privacy includes Edge and Yandex. Furthermore, Edge also has a feature of search autocomplete. This feature collects the details of web pages visited by the users and transfers web page information to the servers. Over time, this collected data can reveal the identity of the users following their browsing behavior. However, the good thing is the user can turn off the search autocomplete feature. It is worth mentioning that last year a security researcher reported a similar issue with the old Microsoft Edge. The researcher named Matt Weeks tweeted about the flaw in the Edge. He pointed out that the Edge sends the full URL of the pages you visit, to its backend servers. He also shared a screenshot of an Edge script that had his website and username on it. When Microsoft was confronted, one of their spokespersons provided an explanation. She said that Microsoft Edge collects the diagnostic data that includes the device identifier for the purpose of ‘product improvement.’ This diagnostic data may contain information about the websites you visit. They, however, do not track your browsing history. She further added that Edge asks permission from its users to collect this diagnostic data and also provides an option to turn it off later. Learn more by visiting OUR FORUM.

From time to time we may encounter vulnerabilities in third-party software, which in the future will be disclosed after 90 days in accordance with our responsible disclosure program. We are disclosing this “VPN bypass” vulnerability publicly because it’s important that our community and other VPN providers and their users are aware of this issue. Below we explain the nature of the security flaw, how we investigated it, and what users can do to mitigate their risk until Apple fixes the vulnerability. Typically, when you connect to a virtual private network (VPN), the operating system of your device closes all existing Internet connections and then re-establishes them through the VPN tunnel. A member of the Proton community discovered that in iOS version 13.3.1, the operating system does not close existing connections. (The issue also persists in the latest version, 13.4.) Most connections are short-lived and will eventually be re-established through the VPN tunnel on their own. However, some are long-lasting and can remain open for minutes to hours outside the VPN tunnel. One prominent example is Apple’s push notification service, which maintains a long-running connection between the device and Apple’s servers. But the problem could impact any app or service, such as instant messaging applications or web beacons. The VPN bypass vulnerability could result in users’ data being exposed if the affected connections are not encrypted themselves (though this would be unusual nowadays). The more common problem is IP leaks. An attacker could see the users’ IP address and the IP address of the servers they’re connecting to. Additionally, the server you connect to would be able to see your true IP address rather than that of the VPN server. When you connect a device to VPN, you should only be able to see traffic between the device’s IP and the VPN server or local IP addresses (other devices on your local network). As the capture below shows, there is also direct traffic between the iOS device’s IP and an external IP address that is not the VPN server (in this case it’s an Apple server). For more and a workaround please visit OUR FORUM.