A February 2022 attack knocked the giant tire maker’s North American operations offline for several days. Read More
Related Posts
![YouTube shows ads for ad blocker, financial scams](https://www.malwarebytes.com/wp-content/uploads/sites/2/2023/11/Screenshot-2023-11-08-at-2.20.39-PM.png)
YouTube shows ads for ad blocker, financial scams
YouTube shows ads for ad blocker, financial scams
After performing local experiments for a few months, YouTube recently expanded its effort to block ad blockers. The move was immediately unpopular with some users, and raised some questions in Europe about whether it was breaking privacy laws.
In addition, there are some still some fundamental issues that have some people concerned. In this blog post, we look at a couple of examples that erode our trust in online ads. In fact, it’s not really an argument about free content, it’s about being able to consume content safely, and it seems as though we aren’t quite there yet.
Inconsistent and untrustworthy ads
YouTube has made it quite clear that using an ad blocker goes against its Terms of Service, reminding users that they have a choice between accepting ads or paying for a premium subscription.
Yet, as of November 9 2023, YouTube was still showing an ad for Total Adblock, a browser extension that blocks… ads. It certainly looks confusing and is sending mixed messages.
While there is some irony here, the greater concern is that perhaps YouTube doesn’t have a good handle on its ads and maybe that is why users have resorted to ad blockers in recent years.
It’s not that people want an ad-free experience to purposely hurt content creators. They more likely want a scam-free and malware-free experience but perhaps aren’t in a position to pay for a subscription.
While looking for evidence of scammy ads, it took us less than a minute to come across one of those infamous Quantum AI crypto scams:
The ad used typical click-bait tactics and redirected to a website that was obviously a scam. An unverified advertiser was allowed to serve this ad and expose users to a financial scam where they can lose hundreds or even thousands of dollars.
We have yet to see if YouTube will maintain its stance or take any actions to address those core issues. In the meantime, Malwarebytes continues to protect users from scams and malware, from whichever website they choose to visit. The Malwarebytes Browser Guard extension is the easiest way to block malicious ads and other web threats.
Malwarebytes
New VPN Port Shadow Vulnerability Let Hackers Intercept Encrypted Traffic
New VPN Port Shadow Vulnerability Let Hackers Intercept Encrypted Traffic
Researchers examined how connection tracking, a fundamental function in operating systems, can be exploited to compromise VPN security and identified a new attack method named “port shadow” that allows attackers to intercept encrypted traffic, reveal user identities, or scan devices hidden behind a VPN server.
The vulnerability stems from limitations in connection tracking and resource sharing. They built a model and verified six potential mitigations that focus on enforcing stricter process isolation.
It examines how attackers on the same VPN server can interfere with other users’ connections by exploiting a flaw in connection tracking frameworks.
client’s connecting to the same Web Server through the same
VPN.
The attacker can achieve this by sending packets with a spoofed source IP address that collides with another client’s connection, causing the VPN server to misroute packets.
The authors propose a formal model to analyze the attacks and design mitigations by using the non-interference property to ensure process isolation between clients.
An Adjacent-to-in-Path (ATIP) attack exploits VPN connection tracking mechanisms to redirect a target’s VPN connection request to the attacker. The attacker does this by sending packets with spoofed source and destination ports that collide with legitimate connections in the VPN server’s connection tracking table.
This collision tricks the VPN server into routing the target’s packets to the attacker instead of the VPN endpoint and then leverages this position to perform further attacks, such as DNS injection and web traffic redirection.
Three vulnerabilities in Layer 3 VPNs leverage connection tracking mechanisms to bypass VPN encryption.
The first vulnerability, the ATIP attack, exploits IP and port collisions in the connection tracking table to redirect a client’s DNS request to the attacker.
The attacker can then inject a DNS response to route the client’s traffic outside of the VPN tunnel.
The second vulnerability, the eviction ports reroute attack, exploits the mutability of connection tracking entries to reroute incoming packets to the attacker after the client disconnects from the VPN server. the ATIP
The third vulnerability abuses the shared private IP space and the way packets are routed across the VPN to scan the ports of machines behind the VPN server.
The research paper investigates the connection tracking frameworks used in VPNs and exposes several vulnerabilities.
The authors exploit these vulnerabilities to launch denial-of-service (DoS) attacks and inject malicious content into the target machine’s traffic.
They achieve this by manipulating the ephemeral port space and leveraging the way the connection tracking frameworks handle packet routing.
It also explores how an attacker can learn the target’s public IP address and the VPN server’s IP address, making these attacks more realistic, which suggests that a well-resourced attacker can potentially compromise a user’s VPN connection.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
The post New VPN Port Shadow Vulnerability Let Hackers Intercept Encrypted Traffic appeared first on Cyber Security News.
![Ukraine at D+688: Cyberespionage from your besties?](https://thecyberwire.com/images/social-media/articles/pro/cw-pro-image-108.jpg?#)
Ukraine at D+688: Cyberespionage from your besties?
Ukraine at D+688: Cyberespionage from your besties?
Ukraine’s SSSCIP gets a new chief, and Russian defense industries are targeted by foreign intelligence services. Who those services might be are unknown, but circumstantially they look a little like people from Shanghai or Pyongyang. Read More
The CyberWire