Archive for NordVPN

NordVPN Launches NordPass

Posted in Commentary with tags on November 26, 2019 by itnerd

NordVPN has launched its latest cybersecurity product. NordPass is a password manager built with a focus on simplicity and security. This tool saves you memory space for more important things than logins.

When it comes to cybersecurity, people have plenty of bad habits. This includes passwords too: from keeping login information in sticky notes or notepads to using “password” or “123456.” And worst of them all — reusing them all for different accounts.

Like a master key, NordPass fits everyone’s needs. Not only does it help to generate new complex passwords, but also lets you share them securely with friends or coworkers. And most importantly, this password manager remembers it all: from complex logins to private notes and credit cards. And you can access it all with a single Master Password.

To keep the information secure, NordPass uses top-of-the-field XChaCha20 encryption for the password vault and Argon 2 for key derivation. Users can also choose optional two-factor authentication for extra safety. Additionally, the new tool will have a zero-knowledge architecture to ensure ultimate security.

Powered by cybersecurity experts, NordPass is easy to use. You can download user-friendly browser extensions for Chrome, Firefox, Opera, Brave, Edge, and Vivaldi. And, of course, apps for iOS and Android.

Key NordPass features:

  • Top security and zero-knowledge architecture
  • Two-factor authentication (2FA)
  • Effortless password management — only a single password to remember
  • Syncing on up to 6 devices at the same time
  • Sharing items (such as passwords, credit cards, and notes) with family, friends, and coworkers
  • Import from other password managers
  • Secure storage for private notes and credit card information
  • Universal availability (apps and extensions)

Premium users can share and use NordPass on more devices at the same time. Monthly prices start from $2.49 with a 2-year plan. If users need basic features only, they can get a freemium version of NordPass. Visit nordpass.com for more information.

 

NordVPN Announces NordLocker

Posted in Commentary with tags on November 12, 2019 by itnerd

NordVPN has announced the launch of its latest cybersecurity product — NordLocker. The new digital tool secures all types of files stored on your computer or in the cloud with end-to-end encryption.

NordLocker is perfect for both personal use and handling work-related data. If someone gets access to your computer or other storage without permission, you don’t want your private files, such as photos, videos, music, notes, etc. to be peeked at or stolen. With NordLocker, what others see on your computer is secure, folder-like “lockers,” which hold your encrypted files and can only be accessed with your master password. The tool is especially handy for protecting your most sensitive data, including finances, IDs, and work files.

On the other hand, NordLocker is a must for companies that store financial, legal, or medical records of their clients or deal with any other confidential information. In case of a breach, the encrypted data remains ultra-safe and private. That’s because NordLocker’s cryptosystem uses the most advanced ciphers and principles, featuring Argon2, AES256, ECC (with XChaCha20, EdDSA, and Poly1305), and other creations of modern cryptography. Military-grade encryption secures files kept both on your computer and in the cloud hosting services, such as Dropbox.

NordLocker features zero-knowledge privacy. “Your data is not our business. Our encryption system is designed in such a way that we can’t see your file content under any circumstances,” says Ruby Gonzalez.

Running on both Windows and macOS, NordLocker supports documents of any type and size. To encrypt files, simply drag and drop them into your locker folder or use the “plus” button within the locker. Once the files are in the locker, they can only be accessed and decrypted with your master password. Finally, your data is safe from hacking, snooping, and unauthorized access of any kind.

The easy-to-use app offers a safe way to share your files with others confidentially. Just encrypt them first and then send them via email, messaging apps, file transfer services, upload them to the cloud, or use any other way. The data stays protected and impossible to crack until you give someone access to it. If the people you want to share your files with don’t have NordLocker, they can download it, sign up, and access your files for free.

Main features of NordLocker:

  • One-click encryption
  • Master password protection
  • Confidential cross-platform sharing
  • Supports files of any type and size
  • Encrypts files stored on a computer and in the cloud
  • Accessible on multiple devices
  • Runs on macOS and Windows
  • Powerful cryptosystem (AES256, ECC, Argon2)
  • Zero-knowledge architecture

A free version of NordLocker is available which gives users 5GB of encrypted data. Premium users can encrypt unlimited amounts of data. Visit nordlocker.com for more information.

Guest Post: NordVPN Discusses Their Recent Independent Security Audit

Posted in Commentary with tags on November 6, 2019 by itnerd

This October, NordVPN has completed an application security audit. The in-depth application penetration test was conducted by an independent auditor VerSprite, one of the leading cybersecurity consulting firms, which specializes in finding threats, risks, and vulnerabilities in application software.

“This audit made our apps even stronger. After the initial test, our developers followed the auditor’s recommendations and implemented a few changes,” explains Ruby Gonzalez, NordVPN’s Head of Communications. “We intend to regularly audit our service in the future.”

NordVPN’s application penetration test covered NordVPN’s API endpoint and Clients Panel, mobile apps for iOS and Android, and desktop applications for Windows and macOS.

The VerSpirte’s penetration testing methodology is based on real-world attack simulations by a malicious actor. Auditors focused on identifying high-impact vulnerabilities that could lead to IP leaks, breaching confidential user data, and overall privilege escalation.

Just recently NordVPN received another good evaluation during the extensive VPN test by the AV-TEST GmbH. The independent research institute for IT security from Germany distinguished NordVPN for its speed, security, and bypassing censorship.

A year ago, NordVPN completed another third-party audit. Then PricewaterhouseCoopers AG (Switzerland) performed an industry-first audit of NordVPN’s no-logs policy.

At the moment NordVPN is used by over 12 million users worldwide and has over 5,000 servers in 60 countries. This year, Panama-based company announced three new tools: a new-generation password manager NordPass, a powerful file encryption tool NordLocker, and a VPN solution for businesses and teams NordVPN Teams.

Guest Post: NordVPN Comments On The Five Measures They Are Taking To Enhance Their Security

Posted in Commentary with tags on October 30, 2019 by itnerd

In the aftermath of a security incident involving NordVPN and a third-party data center, the company is taking action to enhance its security. One of the first moves is a long-term strategic partnership with VerSprite — one of the leading cybersecurity consulting firms.

The partnership will include threat and vulnerability management, penetration testing, compliance management and assessment services. VerSprite will also help to form an independent cybersecurity advisory committee, which will consist of selected experts and oversee NordVPN’s security practices.

“We are planning to use not only our own knowledge, but to also take advice from the best cybersecurity experts and implement the best cybersecurity practices there are,” says Laura Tyrell, Head of Public Relations at NordVPN. “And this is the first of many steps we are going to take in order to bring the security of our service to a whole new level.”

According to NordVPN, they are ready to take action in five different fields to become more secure than ever. Here’s the list of the planned measures:

1. Partnership with the top cybersecurity consulting firm VerSprite. Penetration testers are a key part of NordVPN’s security efforts. Their job is to prod the infrastructure for weaknesses and mitigate the vulnerabilities. That’s why NordVPN is engaging in a long-term strategic partnership with VerSprite, a leading cybersecurity consulting firm.

VerSprite will work with NordVPN’s in-house team of penetration testers to challenge the infrastructure and ensure the security of customers. The main tasks covered in the new agreement include comprehensive penetration testing, intrusion handling, and source code analysis. VerSprite will also help to form an independent cybersecurity advisory committee.

2. Bug bounty program. Over the next few weeks, NordVPN is going to introduce a bug bounty program. Bug bounties reward cybersecurity experts for catching potential vulnerabilities and reporting to the developers so they can fix them. Bounty hunters will get a well-earned payout, and NordVPN users will get a service they know is scoured for bugs by thousands of people every day to make it as secure as possible.

3. Infrastructure security audit. NordVPN is planning to complete a full-scale third-party independent security audit in 2020. The audit will cover the infrastructure hardware, VPN software, backend architecture, backend source code, and internal procedures. The chosen vendor for the security audit will be announced in the future.

4. Vendor security assessment and higher security standards. NordVPN is planning to build a network of collocated servers. While still located in a data center, collocated servers are wholly owned exclusively by NordVPN. NordVPN is currently finishing its infrastructure review so that they can eliminate any exploitable vulnerabilities left by third-party server providers. NordVPN is committed to ensuring that their exclusively owned data centers maintain the highest security standards.

5. Diskless servers. NordVPN is planning to upgrade their entire infrastructure (currently featuring over 5100 servers) to RAM servers. This will allow to create a centrally controlled network where nothing is stored locally — not even an operating system. Everything the servers need to run will be provided by NordVPN’s secure central infrastructure. If anyone seizes one of these servers, they’ll find an empty piece of hardware with no data or configuration files on it.

“The changes we’ve outlined will make you significantly safer every time you use our service. Every part of NordVPN will become faster, stronger, and more secure – from our infrastructure and code to our teams and our partners,” says Laura Tyrell. “That’s our promise – we owe it to you.”

What happened last week

Last week, it was announced that 1 of more than 5000 NordVPN’s servers was accessed by an unauthorized third party. The hacker managed to access this single server located in Finland because of mistakes made by the data center owner, of which NordVPN was not aware.

However, NordVPN is sure that no customer data was affected or accessed by the malicious actor, as the server did not contain any user activity logs, usernames, or passwords. NordVPN’s service as a whole was not hacked, the code was not hacked, the VPN tunnel was not breached, and the NordVPN apps stayed unaffected.

vcsPRAsset_3564741_110533_fb78eb66-32e4-46ca-874b-53e5d8c9cdd4_0.png

vcsPRAsset_3564741_110534_f1faf3e4-aa0a-469d-b449-93486eeb5162_0.png

Guest Post: NordVPN Discusses The Fact That Hackers Are Selling Passport Credentials To The Highest Bidder

Posted in Commentary with tags on October 17, 2019 by itnerd

Identity theft is becoming a popular crime. In 2018, the Identity Theft Resource Center saw a 126 percent increase in the number of data breaches, most of which affected sensitive personal information.

Hackers steal passport and ID card data to use it for illegal activities, such as crossing borders and taking bank loans in another person’s name. Cybercriminals only need to get the victim’s full name, birthday, nationality, and passport number to falsify their documents. While most people are aware of the common credit card frauds, not all of them know that stolen passport credentials can put them at more risk.

During a massive data breach at Marriot hotels in 2018, hackers accessed its reservation database, reportedly collecting information on 500 million people. The fraudsters stole guests’ names, surnames, contact information, and dates of birth. On top of that, they got the passport credentials of Marriot clients.

“When cybercriminal attack hotels, they gain access to people’s passports. That leads to a significant risk of the hotel clients  getting their identities stolen. Moreover, passports and ID cards contain information that can be useful for social engineering. Fake IDs are later used to enter or leave the country, open bank accounts, or hide from the authorities,” explains Daniel Markuson, the digital privacy expert at NordVPN.

After stealing passport credentials, online hackers sell them in the black market. They use the data to create physical passports, their digital scans, and templates for finished IDs. The prices of passports in the black market may vary. A physical passport costs an average of $14,000 on the dark web. It may include the passport data, a digital chip, and other components, making it useable in many countries. Proof of identification (for example, a person holding a passport and a scanned copy of it) costs about $61 on the black market. Digital scans cost around $15.

There are ways to find out whether your passport data is being exploited by criminals. According to the Department of Homeland Security, people who come and leave the United States can track their international travel history. The system requires to enter their name, surname, birthday, and a passport number.

However, the function is not available in other countries. Fraudsters may be using people’s private data without the victims being aware of that. Thus, it is important to take some preventative actions to ensure that your identity information stays secure.

“First of all, it is worth paying attention to where you enter your passport data. Only enter your identity information on safe websites. Also, if you know that your sensitive information has been leaked during a data breach, it might be good to invest in checking it online. Finally, changing your passport after a possible data breach can also be an option,” advises Daniel Markuson, the digital privacy expert at NordVPN.

Guest Post: NordVPN Discusses The Social Media Mistakes We All Make

Posted in Commentary with tags on September 11, 2019 by itnerd

Facebook, Twitter, and Instagram are among the top 10 of the world’s most visited websites, the latest report shows. Although billions of people spend thousands of hours every day on these social media platforms, not many of them think of this activity as risky. The risk stems from the careless actions we all sometimes take online when we forget about our privacy.

Daniel Markuson, the digital privacy expert at NordVPN, says that the privacy of your social network account is as important as the content you post. Though the privacy of social networking services as personal choice might be debatable, the expert picked the most common mistakes all users make and explained how to avoid them:

 

Oversharing

It’s dangerous to reveal too much or too sensitive information, such as locations, plane ticket or passport photos with ID numbers, countdowns until you leave your home for a vacation, new expensive purchases, etc. Criminals lurking online can use that information to steal your identity, break into your house, or simply blackmail you. Moreover, hackers often look for emotionally vulnerable people to attack, so your burst of emotions on social media might be turned against you.

Don’t share your personal details, such as home address and telephone number, on your social media profiles as they can be easily accessible to anyone. Daniel Markuson at NordVPN says it’s better to hold off with posting things online while being away, especially ones that include your location in real time. The expert also argues against posting pictures of any documents that contain sensitive information or scannable codes, such as QR and barcodes. And remember not to share your private feelings or participate in heated online discussions that could catch the eyes of scammers.

 

Using the same password for all accounts on social media

Imagine your Twitter password gets leaked, and you use the same one for your Facebook and Instagram. A hacker now can block you from your social media accounts, access all your private information, including your photos, and use it in malicious ways.

To avoid possible identity theft, you should use different passwords on different social platforms. It is also a good practice to change your passwords frequently and use strong ones. Daniel Markuson recommends using a password manager, like NordPass. It remembers your complicated passwords or generates them for you as well as lets you store, organize, and access your passwords from anywhere.

 

Forgetting about the privacy settings of your account

Social media users sometimes forget about cybersecurity as they share sensitive information and add people they don’t know to their friends’ list. However, some of these strangers might be cyber troublemakers who may feed you harmful fake news or send virus links over messages. These people also get access to the pictures and other information you share with your friends.

So don’t become friends on social media with people you don’t know. You can always go through the mutual friends list or things in common before adding a person to your Facebook.

Even if you don’t befriend strangers, but your profile is public, anyone can scrape your data and use it for their own sneaky needs. Daniel Markuson reminds to check who you’re sharing your information with before posting anything online. Make sure your posts are visible to your friends only instead of everyone on the internet.

 

Doing quizzes

What will you look like in 50 years? Which Game of Thrones character are you? With malware plugins, scammers use these tests to get your personal information. This March, Facebook sued two Ukrainian quiz-makers who had been using such games to access and steal private data from Facebook users. The scammers served Facebook users their own ads instead of officially approved ones.

Although Facebook quizzes seem completely harmless, don’t fall for them. Their algorithms are too simple to tell you the truth, so stay skeptical and just don’t do them. According to Daniel Markuson from NordVPN, if you still can’t resist that tempting test, check what information it requests from your profile and decide whether you really want to share it.

 

Using social media on unsecure public Wi-Fi 

The latest survey shows that 79% of public Wi-Fi users take considerable risks when choosing a network. They select a hotspot for its Wi-Fi strength, go for a name that sounds appropriate, or simply pick any free option. However, hackers use unsecured public connections to spy on people’s devices and steal their private data, including social media passwords.

Stay extra cautious when connecting to free Wi-Fi at coffee shops, hotels, and other public places, as they may be insufficiently protected. Don’t log in to your social accounts or visit sensitive websites when on public Wi-Fi. One of the best ways to safely use a free hotspot is by installing a VPN, like NordVPN. It will make sure your internet connection is private and no sensitive data can be stolen.

Guest Post: NordVPN Discusses The Fact That Governmental Institutions Around the World Fail to Protect Their Citizens’ Data

Posted in Commentary with tags on September 6, 2019 by itnerd

More and more governments around the world are discussing encryption backdoors to help them fight various criminal activities. However, the data breaches, cyberattacks, and hacks, which we hear about every day, affect not just private companies. Governmental institutions suffer from them too. Due to various software system flaws, millions of unsuspecting citizens have been affected only this year.

Daniel Markuson, the digital privacy expert at NordVPN, says that some governmental institutions believe they are too small and insignificant for hackers to attack them. However, recent events in Baltimore, Florida, and Texas defy this belief. In May, Baltimore struggled with a cyberattack that froze thousands of computers and disrupted real estate sales, water bills, health alerts, and many other services. A few Florida municipalities had to pay hackers a ransom of $1.1 million after municipal employees were locked out of their email accounts and important files. Just recently, in August a ransomware attack hit local governments in Texas, affecting up to 23 entities.

“Out-of-date software used by some governments and a variety of contractors make them an easy target. That’s the most common reason why these institutions get hacked. Updating a digital security system and making it immune to cyberattacks require millions of dollars and high-level skills,” explains Daniel Markuson, the digital privacy expert at NordVPN. “Slow internal processes and complicated procurement procedures add up to the reasons why some organizations are still using unsafe security software. However, data breaches are expensive, and the security of people’s sensitive data should be considered priceless.”

Here are just a few examples of the governmental data breaches that happened this year. They became infamous for the scope and the numbers of citizens affected.

  • This May, Ivan Begtin, a co-founder of a Russian NGO called Informational Culture, discovered and documented several leaks from Russian government sites. The personal information and passport details of 2.25 million citizens, including high-profile politicians and government officials, were exposed online and available for download.
  • In June, five million of Bulgaria’s seven million citizens had their personal data compromised in an attack on the country’s national revenue agency. Both private and social security information on every adult in Bulgaria was exposed – perfect for identity theft or attacking lucrative targets. Half of the leaked database was posted on several public forums.
  • In the late spring of this year, an unknown hacker attacked a US Customs and Border Protection subcontractor and put much of its internal data on the open web for download. The exposed database included photos of travelers’ faces and license plates, surveillance equipment schematics, and sensitive contracting documents. Now, the border surveillance company – the longtime contractor named Perceptics – is suspended from carrying out business with the federal government. However, over 400 GB of data was stolen and 100,000 people were reportedly affected.

Human error is one of the biggest sources of data breaches, according to NordVPN’s Daniel Markuson. Using weak passwords and falling for phishing scams can hurt an organization immensely. The digital privacy professional explains that it is quite easy to leak email and password information when an employee clicks on a virus link, reveals user credentials, or downloads malware attachments. “Just one click can compromise the entire database of an institution,” says digital privacy expert.

Daniel Markuson, the digital security expert at NordVPN, says that we can’t control what information authorities have about us and how they handle it. However, you should take some measures once you hear a company or an institution relevant to you has been hacked. Find out what information has been leaked and act accordingly:

  • If the leaked information included your login details, you should change them immediately. Start using a password generator for creating strong passwords. Set up 2-factor-authentication, which requires a second password or PIN, usually sent to your smartphone.
  • If your payment details were stolen, you should contact your bank as soon as possible and freeze your card. Check your recent statements for any suspicious activity. Set up a fraud alert with the credit bureau that would notify you if someone tries to open new accounts or take out loans using your card.
  • If your ID, passport, or social security number were leaked, inform authorities right away. Prove your identity before anyone else did, issue a fraud alert, and review your Social Security statement and credit reports for any illegal activities or suspicious charges.

Remember, everyone can become a data breach victim. Even governmental institutions that handle our most sensitive information are vulnerable as their cybersecurity is sometimes lacking. Just stay alert and notify authorities whenever there is a need in order to minimize the damage. Hopefully, the authorities learn from the mistakes others endured and start investing more in cybersecurity.