Month: August 2024

NymVPN seeks to revolutionize VPN privacy and defend against new and old threats. Now, you can see for yourself how the service rises to the challenge.

Although it’s too early to tell if it’ll eventually win the title of best VPN app, the service that promises to be the “world’s most private VPN” has just launched its public beta testing.

First introduced during last year’s Web Summit conference in Lisbon, NymVPN was developed as a solution to the problem of provider trustworthiness thanks to a revolutionary method of protecting people’s online activities. The goal is ambitious: offering users true privacy.

At that time, though, only the alpha version was available – meaning that only those on the waiting list could take it for a spin. Now, everyone can begin testing NymVPN’s features completely free of charge. 

CEO of Nym Technologies, Harry Halpin, chose the stage of the Web3 Summit in Berlin to officially kick off the beta testing on August 21 (see tweet above), giving attendees a glimpse into the product.

“We are proud to launch NymVPN for public beta testing at Web3 Summit where we first took Nym out of stealth mode in 2019,” Harry Halpin said. “We promised then that privacy tech could deliver power to the people, and now we are showing we can deliver!”

A different kind of VPN

A VPN, short for virtual private network, is a security software that encrypts your internet connection and spoofs your IP address. It does so by rerouting your data in transit through one of its VPN servers via an encrypted tunnel.

Beyond the technicalities, all you need to do to use a VPN app is choose a server location and press connect. The main difference between NymVPN and other VPNs is that, here, the first thing you need to decide is how you want your traffic to be rerouted:

Fast mode is best suited for everyday online activities such as messaging, casual browsing, and streaming. It offers, as the name suggests, better connection speeds. Here, the VPN service spoofs your IP address by rerouting traffic through a fully decentralized network running on two-hop servers. With super-speedy WireGuard support coming soon, expect performance to get even better.Anonymous mode is the go-to for protecting highly sensitive activities – and what really promises to set NymVPN apart from the competition. The traffic not only gets rerouted via five different servers, but is also covered with “network noise” to make it even more difficult for snoopers to intercept.

Based upon the idea of mix networks proposed by the cryptographer David Chaum in the 80s, Chelsea Manning came up with the Mixnet concept independently while in prison for disclosing classified documents to non-profit media organization WikiLeaks. (Image credit: Nym Technology)

“With advancements in AI-powered data analytics, data surveillance is becoming increasingly powerful. What is needed are sophisticated decentralized networks capable of confusing all the attempts to track us, not only today but in the future,” explains the provider in a blog post.

As the image above shows, the NymVPN Mixnet approach employs several network strategies to confuse data surveillance efforts. These include data fragmentation, dummy data packets, timing delays, and data packet shuffling.

As Halpin told me when the company first launched NymVPN in Alpha back in November: “AI models collect a lot of data by finding some patterns in the data. Our VPN does the reverse. We add fake traffic, we mix traffic up, we scramble the pattern. To some extent, what we’re building looks like a VPN, but it’s sort of an anti-artificial intelligence machine.”

How to use NymVPN beta

The team behind NymVPN is inviting everyone to begin using the VPN, test its skills, and provide feedback.

All you need to do to get started is head to nymvpn.com and enter your email address. Wait a few minutes and check your mail inbox to validate your subscription. 

In the meantime, you can download the NymVPN app on your chosen device. The service offers a dedicated application for all major operating systems, namely Android, iOS, Windows, macOS, and even Linux.

At this point, you should have received an anonymous credential which you can copy and paste into the Add Your Credential of the NymVPN app under Settings. You’re all set and ready to discover for yourself if this is really the most private VPN out there.

Read More 

Microsoft Sway is being abused to hold QR codes leading to malicious sites where crooks grab Microsoft 365 credentials.

Cybercriminals are using Microsoft Sway to host landing pages used in phishing campaigns, experts have claimed.

The attack was spotted by cybersecurity researchers from Netskope Threat Labs, who observed a 2,000-fold increase in exploits in July 2024.

You can be excused for not knowing what Sway is. It is a niche Microsoft product, a cloud-based presentation and storytelling tool that people can use to create interactive reports, presentations, newsletters, and other similar content. It’s part of the Microsoft Office suite and can be accessed through the browser.

Transparent phishing

Netskope found unnamed threat actors used Sway to create presentations that held a QR code. This code redirected the victims to a phishing landing page that looks like a Microsoft 365 login site. Those that fall for the ruse end up giving away their login credentials.

This is not the first time hackers were observed using QR codes in phishing attacks. Since a QR code is usually an image file (.JPG), it cannot be scanned by antivirus tools and can thus bypass different email protection services. Furthermore, a QR code is usually read through a smartphone (since it’s easier to point the phone’s camera instead of the laptop) which, generally, have weaker protections compared to computers. Cybercriminals have been using QR codes for years now.

However, this campaign also employs something called “transparent phishing”. This is a method where the victim is actually logged into the legitimate site, while at the same time, relaying the stolen credentials (MFA codes included) to the crooks.

The victims are mostly located in Asia and North America, and work in technology, manufacturing, and finance industries.

Cybercriminals are constantly evolving their phishing tactics, but the defense strategy remains the same – be vigilant and skeptical of any incoming email messages, especially those that carry a sense of urgency.

Via BleepingComputer

More from TechRadar Pro

SaaS identity security strategies to prevent cyber risk in the workplaceHere’s a list of the best firewall software around todayThese are the best endpoint security tools right now

Read More