Privacy-focused consumer tech company DuckDuckGo launched a new Privacy Pro subscription on Thursday that bundles a VPN service, personal information removal, and identity theft restoration.
This is the company’s first move towards a subscription service built into the DuckDuckGo browser.
With personal information removal service, DuckDuckGo scans dozens of data broker sites to find details like your name and address.
(At that time, Removaly’s founder, Kyle Krzeski, posted on X that a privacy company acquired the startup without naming it.)
The third feature of DuckDuckGo’s privacy pro plan is identity theft restoration, where an advisor would help you recover your identity-related loss around the clock.
The U.S. National Security Agency has confirmed that hackers exploiting flaws in Ivanti’s widely used enterprise VPN appliance have targeted organizations across the U.S. defense sector.
Confirmation that the NSA is tracking these cyberattacks comes days after Mandiant reported that suspected Chinese espionage hackers have made “mass attempts” to exploit multiple vulnerabilities impacting Ivanti Connect Secure, the popular remote access VPN software used by thousands of corporations and large organizations worldwide.
Mandiant said earlier this week that the China-backed hackers tracked as a threat group it calls UNC5325 had targeted organizations across a variety of industries.
This includes the U.S. defense industrial base sector, a worldwide network of thousands of private sector organizations that provide equipment and services to the U.S. military, Mandiant said, citing earlier findings from security firm Volexity.
Akamai said in an analysis published last week that hackers are launching approximately 250,000 exploitation attempts each day and have targeted more than 1,000 customers.
U.S. software giant Ivanti has confirmed that hackers are exploiting two critical-rated vulnerabilities affecting its widely-used corporate VPN appliance, but said that patches won’t be available until the end of the month.
Ivanti said the two vulnerabilities — tracked as CVE-2023-46805 and CVE-2024-21887 — were found in its Ivanti Connect Secure software.
Formerly known as Pulse Connect Secure, this is a remote access VPN solution that enables remote and mobile users to access corporate resources over the internet.
When TechCrunch asked why patches weren’t being made available immediately, Ivanti declined to comment.
Ivanti is urging that potentially impacted organizations prioritize following its mitigation guidance, and U.S. cybersecurity agency CISA has also published an advisory urging Ivanti Connect Secure to mitigate the two vulnerabilities immediately.
But this year, give the gift of good security (and privacy) and eschew tech that can have untoward risks or repercussions.
Location data is some of the most sensitive data belonging to a person; location can determine where someone was at a particular time, which can be highly revealing and invasive.
Even one of the better-known family tracking apps, Life360, was caught selling the precise location data of its users to data brokers.
There’s no reason why you shouldn’t discuss the benefits and pitfalls of tracking your kids with your kids.
And this year, another smart sex-toy maker exposed the user and location data of its customers thanks to its leaky servers, which the company has yet to fix.
Opera is billing its free VPN as a way to keep users safe online. The company says that while it’s not perfect, the service can help protect users from potential…