Hong Kong Sees Massive Spike in VPN Use

VPN usage in Hong Kong saw a rapid increase in late May 2020. VPN providers like NordVPN, Surfshark, and ProtonVPN saw unprecedented increases in subscriptions.

What is Signal?

Encrypted messaging has recently increased in popularity. One of the most popular encrypted messaging apps is Signal. Initially released in 2014, Signal is considered the gold standard among privacy advocates, as it’s code is open source.

Learn what Signal offers and how to take advantage of its powerful features.

FCC Delays Law Preventing ISPs from Charging Users for Equipment They Own

In December 2019, the U.S. Senate passed a law that prevented ISPs from charging customers “rental fees” for equipment that customers own themselves. This was a common practice by ISPs like Frontier Communications, which charged users a $10 “rental fee” for equipment that was either never used nor delivered.

The law was supposed to take effect in April 2020. However, the FCC ruled on April 3 to extend the deadline until December 20. Under the law, the FCC has the ability to trigger a 6-month extension if it seems that ISPs cannot comply in time, which it chose to do. Frontier recently filed for bankruptcy but will continue to collect fees in the meantime.

Netgear R9000 FlashRouter Reviewed by TechRadar

TechRadar recently reviewed the Netgear R9000 DD-WRT FlashRouter, calling it, “A hassle-free way to protect multiple devices with a VPN.” Take a look at what else they had to say!

Verizon Releases 2020 Data Breach Investigations Report

On Tuesday, March 19, Verizon released its annual Data Breach Investigations Report, which analyzed 30,000+ security incidents and data breaches over the past year. The report found a decrease in cyber-espionage and malware attacks. However, researchers saw an increase in denial-of-service (DoS) campaigns and web application attacks.

One of the report’s authors, Gabe Bassett, recently sat down with Threatpost to discuss the report’s main insights.

Firefox Announces New Email Alias Feature

Last weekend, Mozilla announced an experimental new feature for its Firefox browser, Private Relay, which allows users to create alias email addresses. The browser extension allows users to generate a random, temporary email account that transfers email to a personal account. The extension creates the alias email and transfers the email to a user’s personal account.

The service can be convenient for users looking to sign up for services without sharing their personal email. At the moment, the service is available only for testing, and users need a Firefox account to participate.

Court Forces ISP to Share The Identities of Alleged Pirates

Last week, a court-appointed arbiter ordered Charter Communications to hand over the personal identifying information of 11,000 alleged pirates to major record labels. The move comes during the discovery phase of a case between Charter and several record labels, including Warner Brothers Records.

Wi-Fi is Getting Its Biggest Upgrade in 20 years

The FCC has voted to open up a plot of spectrum in the 6GHz band for unlicensed use. This will open up airwaves for routers to broadcast Wi-Fi signals, promising faster, more reliable connections for the next generation of devices.

Branded as WiFi 6E, the new spectrum addition will quadruple the amount of space available to routers and internet-connected devices.

Zoom Vulnerabilities and Alternatives

Zoom has come under recent scrutiny over the various security vulnerabilities on the video-conferencing platform. While the company has dedicated its engineering team to fix the issues, users are cautioned from using the platform for business. In the meantime, users can learn about alternate video conferencing to fill the void.

Netgear Fixes Remote Execution Flaw

Netgear has addressed a critical remote code execution vulnerability, tracked as PSV-2019-0076, that would allow an attacker to take over the Nighthawk R7800 router running versions prior to 1.0.2.68.

Another security flaw, PSV-2018-0352, was also addressed by Netgear. This vulnerability is a post-authentication command injection issue that impacts all R7800 routers running firmware versions prior to 1.0.2.60. The PSV-2018-0352 flaw also affects the D6000, R6000, R7000, R8000, R9000, and XR500 family of routers.

While Netgear has released patches for both of these bugs, flashing your router with Open Source DD-WRT firmware is a recommended step to avoid flaws found in default router firmware.

Amazon Engineer Calls for the Shut Down of Amazon’s Ring Smart Doorbell

Amazon’s Ring Doorbell is one of the most popular smart devices on the market. The product reportedly sold over 400,000 units in December 2019 alone. However, Amazon engineer Max Eliaser recently issued a stark warning about the product. Eliaser called for its shut down, citing major privacy concerns that “are not fixable with regulation.”

Privacy experts and activist groups have pointed out issues with Ring, including its use by law enforcement and where the footage is stored. However, such direct criticism of the product from an Amazon employee is unique.

Netgear Vulnerability Exposed TLS Certificates to Public

Nicholas Starke, threat researcher at Aruba Networks, and Tom Pohl, head of software architecture at Businessolver, have found vulnerabilities in the default firmware of Netgear routers, specifically the R9000, the R8900, the RAX120, and the XR700.

Every Netgear device comes with a minimum of two running signed TLS certificates. The vulnerability Starke and Pohl discovered shows that the private keys of signed TLS certificates for several Netgear routers are publicly available. Access to these private keys would allow a hacker access to decrypt any traffic passing through the device.

These keys could be downloaded from Netgear’s support website without any authentication. No patch has been released for this firmware flaw.

A recommended solution is flashing your router with Open Source DD-WRT firmware, to avoid any bugs or backdoors in Netgear’s system.

480 Million+ VPN Mobile App Downloads in the Past Year

Top10VPN.com recently published its Global Mobile VPN Report 2019. The report is the first of its kind. It features an in-depth investigation of VPN mobile use around the world. Top10VPN’s research made several interesting discoveries on the state of the VPN Industry. For example:

• VPNs were downloaded 408.1 million times in 2019, a 54% YoY increase compared with 2018.
• The biggest markets for VPNs are in Indonesia, the US, and India.
• Fastest growing markets: India (405%), Jordan (387%) and Kazakhstan (210%).

For more info, check out the full report on Top10VPN’s site directly. It’s chock full of data, insights, and an interactive map!

Private Internet Access Removes Servers from Brazil to Avoid Logging Laws

As of October 21st 2019, Private Internet Access has announced its intention to pull its servers out of Brazil. The Brazilian government, following the election of Jair Bolsonaro, has become increasingly totalitarian in relationship to data retention laws.

Bolsonaro’s government is currently trying to force VPN companies to comply with draconian logging laws. With this, VPNs and ISPs must keep connection logs for at least a year. As Private Internet Access would like to remain true to their “no logging” policy, the VPN provider will be pulling their servers from Brazil.

It will still be possible for PIA users to access the VPN from within Brazil, but they will need to connect to servers outside of the country.

Firefox Browser Hit By A Serious Security Bug

Mozilla has rolled out Firefox 67.0.3, which has fixed a major security bug in the previous version of the browser. Firefox 67.0 contained a security bug which allowed hackers to manipulate javascript code to trick users into visiting websites that deploy a malicious code onto their PCs.

The bug is so severe that the US Cybersecurity and Infrastructure Security Agency has gotten involved in spreading the word about the patch.