There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0.

Let clients suggest prices for your products and services using a simple make-an-offer button.

Version: 1.0

Embed a discrete make-an-offer app into your website and collect your clients' feedback on your pricing. You can either predefine three price options or give users the chance to propose their own price. Review the average offered price for each product or service and use it to adjust your pricing policy accordingly. Depending on the kind of offers made by your clients, you can choose to automatically ask for their email to start sending them your newsletter, or give them a promo code for the specific product, or just thank them.

**Make An Offer Widget**

*   Highlights
*   Features
*   Demo
*   Faq
*   Pricing

**Product Highlights**

Give your customers the chance to negotiate prices and win promo codes for the products and services they suggest prices for. The Make An Offer Widget is a simple call-to-action app that will bring life to your website and help you adjust your pricing policy.

Price Suggestions

With the Make An Offer Widget, you can give your website visitors three price options to choose from or let them propose any price.

Diverse Color Themes

10 color themes are available for each make-an-offer button so that you can easily adapt them to your website design and branding.

Unlimited Offer Widgets

Create separate offer widgets for each product or service. There is no limit on the number of make-an-offer buttons you can create.

Email & SMS Notifications

Create autoresponder messages that will be sent via email or SMS to administrators when a new offer is received.

Three Price Scenarios

Each offer option (both fixed price and price percentage) can lead to a different action: send an email, promo code, or thank-you email.

Expand Your Client Database

Using the make-an-offer app and the emails it collects from your clients you can enrich your customer database.

Review Offers & Emails

See a list of all offers received and check visitors' IP addresses and emails, if available. Filter offers by type using quick tabs.

PHP Source Code Customization

Buy a Developer License and make custom changes to the source code. Or request us to modify the make-an-offer app for you.

SPECIAL OFFER

**Make An Offer Widget for $4.29 Only**

Get all 65 PHPJabbers scripts in a bundle for just $299.

**Live Demo**

Preview both the front end and back end of the Make An Offer Widget and test out the whole functionality.  
If you have any questions or need technical advice, go ahead and contact us.

**Make An Offer Widget**

**Key Benefits**

Installation Support

Key Features

Customizations

Remote Hosting

High Performance

**Pricing**

You can buy the Make An Offer Widget both with a Developer and a User License – compare them below.  
Do you need a custom modification? We'll happily do it for you! Just contact us, describe what you need, and we'll send you a quote!

Mega Sale deal

$4.29

per script

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Contact us and you'll receive quotation for the custom changes you may need

buy now

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

Mega Sale deal

$4.29 per script

Get 65 PHP Scripts

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

LIMITED OFFER

Get the Mega Sale bundle deal with all the PHP scripts you'll ever need for a total of

$299

VIEW DETAILS

**Testimonials**

Let our clients share their experience with the Make An Offer Widget and how the script has improved their online business.

“

PHPjabbers offers incredible PHP scripts that not only look good but are also enjoyable to set up and use. But what keeps me coming back to buy their latest scripts is the unbeatable customer service that you can't find anywhere else.

Andrew Jensen

“

Thank you, you guys are great. I am really impressed with your patience with me, as I am not an expert with codes and the way you come through for me. I am in services myself and I will like to thank you for an excellent service and support. I would recommend your products and your company to all my associates. Excellent service and support.  
Thank you again!

marios constantinou

“

I use Freeway (software) for web design, and learned of PHPJabbers on one of their forums where they received applause as offering easy to implement and well-supported PHP scripts. I totally agree.

Robert Hicks

**FAQ & Knowledge Base**

Pre-Sale FAQ

Read the most Frequently Asked Questions about this script, its features and use.

Support Service FAQ

Read more about our Support Service and how we can help you install Make An Offer Widget.

Custom Mods FAQ

Do you need something changed? We offer customization services.

How to install a Script

See how easy it is to install the script. Just follow the instructions or leave it all to us.

FTP Clients

See how to upload our scripts using different FTP clients.

PHP Framework Used

We use our own in-house build framework which is really easy to understand and work with.

Our Services

We offer a wide range of web development       services.

License Types Explained

User and Developer licence available. We also have a special Extended Licence for webmasters.

Didn’t find exactly what you were looking for?

Contact Us

**Related Scripts**

**STIVA Shopping Cart**

$49 / $89

**Callback Widget**

$19 / $29

**PHP Review Script**

$39 / $79

**PHP Poll Script**

$19 / $29

**Document Creator**

$19 / $39

**PHP Comment Script**

$19 / $39

CVE-2023-40752: Make An Offer Widget | PHPJabbers

User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

A mobile-friendly hotel reservation system that blends perfectly into any site!

Version: 4.0

The online hotel reservation system is built in PHP and uses MySQL to store data. The script provides a powerful room booking and reservation management functionality and allows you to install a clear call-to-action tool on your hotel website which will impact conversions and increase bookings. Our room booking system is highly customizable and compatible with various website types.

**Hotel Booking System**

*   Highlights
*   Features
*   Demo
*   Faq
*   Pricing

**Product Highlights**

Add a smart hotel reservation system on your hospitality website and make online bookings and payments possible! View below the key features that come standard with our PHP hotel booking script and contact us, if you need any customization.

Accept Bookings Online

A complete room booking system to provide hotel managers with an easy way to manage reservations and booking availability.

Mobile-Friendly Design

The front end of the hotel reservation system adapts to any screen resolution and device (PC, Mac, tablets, Android and iOS smartphones, etc.).

Editable Booking Form

Define which customer details the front-end system will require from customers using simple drop-down menus for each booking form field.

Multiple Languages

Translate the hotel reservation system into any language. Add a language tab on the booking form so clients can make their choice.

Payment Processing

Select and enable the payment methods that match your business best – PayPal, Authorize.net, credit card payments, wire transfers, etc.

Free Installation Support

Free installation support is provided for the hotel booking script. Just contact us if you have any difficulties installing the script.

Promos & Vouchers

Manage special offers – launch fixed or percentage discounts for different periods, add holiday packages and free-night promotions.

PHP Source Code Customization

Buy the script with the Developer License and make your own changes! We can customize it for you, too – see licensing options

SPECIAL OFFER

**Hotel Booking System for $4.29 Only**

Get all 65 PHPJabbers scripts in a bundle for just $299.

**Live Demo**

Preview both the front end and back end of the Hotel Booking System script and test out the whole functionality. If you have any questions or need technical advice, go ahead and contact us.

**Hotel Booking System**

**Key Benefits**

Payment Gateways

High Performance

Extended Licence

Key Features

Installation Support

**Pricing**

You can buy the Hotel Booking System both with a Developer and a User License – compare them below.  
Do you need a custom modification? We'll happily do it for you! Just contact us, describe what you need, and we'll send you a quote!

Mega Sale deal

$4.29

per script

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Contact us and you'll receive quotation for the custom changes you may need

buy now

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

Mega Sale deal

$4.29 per script

Get 65 PHP Scripts

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

LIMITED OFFER

Get the Mega Sale bundle deal with all the PHP scripts you'll ever need for a total of

$299

VIEW DETAILS

**Testimonials**

Let our clients share their experience with our room booking system and how the script has improved their online business!

“

I have used PHPJabbers in conjunction with my web designer to write a hotel reservation script for our online bookings. I have found the various staff members who have assisted me to be professional, prompt, thorough, and accommodating. Based on my experiences of their work, I would highly recommend their skills and services to anyone in need of the work they do.

Maura Lyons

“

I have used a number of third party scripts over the years as it saves weeks of development time. The problem with third party scripts is that if you want to make changes to it, it can be hard to work out how it is set up. I can say without question this is the best supported PHP script I have used. The PHPJabbers support team team not only custom built my requirements for an incredibly cheap price, they adapted their PHP hotel booking script to work exactly as we required at no extra cost. These people really do make sure you are happy. Very pleased. Thanks again.

Marcus Cox

“

This is by far the best support I ever got from any company. Thanks for your quick reply. I now finished implementation and move to testing your hotel reservation system. So far it meets my expectations.

Aylon Spigel

**FAQ & Knowledge Base**

Pre-Sale FAQ

Read the most Frequently Asked Questions about this script, its features and use.

Support Service FAQ

Read more about our Support Service and how we can help you install Hotel Booking System.

Custom Mods FAQ

Do you need something changed? We offer customization services.

How to install a Script

See how easy it is to install the script. Just follow the instructions or leave it all to us.

FTP Clients

See how to upload our scripts using different FTP clients.

PHP Framework Used

We use our own in-house build framework which is really easy to understand and work with.

Our Services

We offer a wide range of web development       services.

License Types Explained

User and Developer licence available. We also have a special Extended Licence for webmasters.

Didn’t find exactly what you were looking for?

Contact Us

**Related Scripts**

**Restaurant Booking System**

$79 / $129

**Vacation Rental Script**

$49 / $89

**Travel Tours Script**

$49 / $89

**Rental Property Booking Calendar**

$39 / $79

**Availability Booking Calendar**

$39 / $69

**Cleaning Business Software**

$69 / $129

CVE-2023-40760: Hotel Booking System | Online Hotel Reservation System

User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.

Let clients suggest prices for your products and services using a simple make-an-offer button.

Version: 1.0

Embed a discrete make-an-offer app into your website and collect your clients' feedback on your pricing. You can either predefine three price options or give users the chance to propose their own price. Review the average offered price for each product or service and use it to adjust your pricing policy accordingly. Depending on the kind of offers made by your clients, you can choose to automatically ask for their email to start sending them your newsletter, or give them a promo code for the specific product, or just thank them.

**Make An Offer Widget**

*   Highlights
*   Features
*   Demo
*   Faq
*   Pricing

**Product Highlights**

Give your customers the chance to negotiate prices and win promo codes for the products and services they suggest prices for. The Make An Offer Widget is a simple call-to-action app that will bring life to your website and help you adjust your pricing policy.

Price Suggestions

With the Make An Offer Widget, you can give your website visitors three price options to choose from or let them propose any price.

Diverse Color Themes

10 color themes are available for each make-an-offer button so that you can easily adapt them to your website design and branding.

Unlimited Offer Widgets

Create separate offer widgets for each product or service. There is no limit on the number of make-an-offer buttons you can create.

Email & SMS Notifications

Create autoresponder messages that will be sent via email or SMS to administrators when a new offer is received.

Three Price Scenarios

Each offer option (both fixed price and price percentage) can lead to a different action: send an email, promo code, or thank-you email.

Expand Your Client Database

Using the make-an-offer app and the emails it collects from your clients you can enrich your customer database.

Review Offers & Emails

See a list of all offers received and check visitors' IP addresses and emails, if available. Filter offers by type using quick tabs.

PHP Source Code Customization

Buy a Developer License and make custom changes to the source code. Or request us to modify the make-an-offer app for you.

SPECIAL OFFER

**Make An Offer Widget for $4.29 Only**

Get all 65 PHPJabbers scripts in a bundle for just $299.

**Live Demo**

Preview both the front end and back end of the Make An Offer Widget and test out the whole functionality.  
If you have any questions or need technical advice, go ahead and contact us.

**Make An Offer Widget**

**Key Benefits**

Extended Licence

Script Modifications

Installation Support

Key Features

Customizations

**Pricing**

You can buy the Make An Offer Widget both with a Developer and a User License – compare them below.  
Do you need a custom modification? We'll happily do it for you! Just contact us, describe what you need, and we'll send you a quote!

Mega Sale deal

$4.29

per script

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Contact us and you'll receive quotation for the custom changes you may need

buy now

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

Mega Sale deal

$4.29 per script

Get 65 PHP Scripts

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

LIMITED OFFER

Get the Mega Sale bundle deal with all the PHP scripts you'll ever need for a total of

$299

VIEW DETAILS

**Testimonials**

Let our clients share their experience with the Make An Offer Widget and how the script has improved their online business.

“

PHPjabbers offers incredible PHP scripts that not only look good but are also enjoyable to set up and use. But what keeps me coming back to buy their latest scripts is the unbeatable customer service that you can't find anywhere else.

Andrew Jensen

“

Thank you, you guys are great. I am really impressed with your patience with me, as I am not an expert with codes and the way you come through for me. I am in services myself and I will like to thank you for an excellent service and support. I would recommend your products and your company to all my associates. Excellent service and support.  
Thank you again!

marios constantinou

“

I use Freeway (software) for web design, and learned of PHPJabbers on one of their forums where they received applause as offering easy to implement and well-supported PHP scripts. I totally agree.

Robert Hicks

**FAQ & Knowledge Base**

Pre-Sale FAQ

Read the most Frequently Asked Questions about this script, its features and use.

Support Service FAQ

Read more about our Support Service and how we can help you install Make An Offer Widget.

Custom Mods FAQ

Do you need something changed? We offer customization services.

How to install a Script

See how easy it is to install the script. Just follow the instructions or leave it all to us.

FTP Clients

See how to upload our scripts using different FTP clients.

PHP Framework Used

We use our own in-house build framework which is really easy to understand and work with.

Our Services

We offer a wide range of web development       services.

License Types Explained

User and Developer licence available. We also have a special Extended Licence for webmasters.

Didn’t find exactly what you were looking for?

Contact Us

**Related Scripts**

**STIVA Shopping Cart**

$49 / $89

**Callback Widget**

$19 / $29

**PHP Review Script**

$39 / $79

**PHP Poll Script**

$19 / $29

**Document Creator**

$19 / $39

**PHP Comment Script**

$19 / $39

CVE-2023-40767: Make An Offer Widget | PHPJabbers

Categories: News
Tags: week

Tags:  security

Tags:  august

Tags:  2023

Tags:  trusted advisor

Tags:  cyrus

Tags:  

A list of topics we covered in the week of August 21 to August 27 of 2023



(Read more...)




The post A week in security (August 21 - August 27) appeared first on Malwarebytes Labs.

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Cyberprotection for every one.

FOR PERSONAL

Windows Antivirus

Mac Antivirus

Android Antivirus

Free Antivirus

VPN App (All Devices)

Malwarebytes for iOS

SEE ALL

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

FOR BUSINESS

Small Businesses

Mid-size Businesses

Large Enterprise

Endpoint Protection

Endpoint Detection & Response

Managed Detection and Response (MDR)

FOR PARTNERS

Managed Service Provider (MSP) Program

Resellers

MY ACCOUNT

Sign In

SOLUTIONS

Rootkit Scanner

Trojan Scanner

Virus Scanner

Spyware Scanner  

Password Generator

Anti Ransomware Protection

ADDRESS

3979 Freedom Circle  
12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay  
2nd Floor  
Cork T12 X8N6  
Ireland

LEARN

Malware

Hacking

Phishing

Ransomware

Computer Virus

Antivirus  

What is VPN?

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

MY ACCOUNT

Sign In

ADDRESS

3979 Freedom Circle, 12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay, 2nd Floor  
Cork T12 X8N6  
Ireland

A week in security (August 21 - August 27)

The sabotage of more than 20 trains in Poland by apparent supporters of Russia was carried out with a simple “radio-stop” command anyone could broadcast with $30 in equipment.

Since war first broke out between Ukraine and Russia in 2014, Russian hackers have at times used some of the most sophisticated hacking techniques ever seen in the wild to destroy Ukrainian networks, disrupt the country's satellite communications, and even trigger blackouts for hundreds of thousands of Ukrainian citizens. But the mysterious saboteurs who have, over the last two days, disrupted Poland's railway system—a major piece of transit infrastructure for NATO's support of Ukraine—appear to have used a far less impressive form of technical mischief: Spoof a simple radio command to the trains that triggers their emergency stop function.

On Friday and Saturday, more than 20 of Poland's trains carrying both freight and passengers were brought to a halt across the country through what Polish media and the BBC have described as a “cyberattack.” Polish intelligence services are investigating the sabotage incidents, which appear to have been carried out in support of Russia. The saboteurs reportedly interspersed the commands they used to stop the trains with the Russian national anthem and parts of a speech by Russian president Vladimir Putin.

Poland's railway system, after all, has served as a key source of Western weapons and other aid flowing into Ukraine as NATO attempts to bolster the country's defense against Russia's invasion. “We know that for some months there have been attempts to destabilize the Polish state,” Stanislaw Zaryn, a senior security official, told the Polish Press Agency. “For the moment, we are ruling nothing out.”

But as disruptive as the railway sabotage has been, on closer inspection, the “cyberattack” doesn't seem to have involved any “cyber” at all, according to Lukasz Olejnik, a Polish-speaking independent cybersecurity researcher and consultant and author of the forthcoming book _Philosophy of Cybersecurity_. In fact, the saboteurs appear to have sent simple so-called “radio-stop” commands via radio frequency to the trains they targeted. Because the trains use a radio system that lacks encryption or authentication for those commands, Olejnik says, anyone with as little as $30 of off-the-shelf radio equipment can broadcast the command to a Polish train—sending a series of three acoustic tones at a 150.100 megahertz frequency—and trigger their emergency stop function.

“It is three tonal messages sent consecutively. Once the radio equipment receives it, the locomotive goes to a halt,” Olejnik says, pointing to a document outlining trains' different technical standards in the European Union that describes the “radio-stop” command used in the Polish system. In fact, Olejnik says that the ability to send the command has been described in Polish radio and train forums and on YouTube for years. “Everybody could do this. Even teenagers trolling. The frequencies are known. The tones are known. The equipment is cheap.”

Poland's national transportation agency has stated its intention to upgrade Poland's railway systems by 2025 to use almost exclusively GSM cellular radios, which do have encryption and authentication. But until then, it will continue to use the relatively unprotected VHF 150 MHz system that allows the “radio-stop” commands to be spoofed.

The only real limitation of the train-paralyzing radio attack, Olejnik says, would be that the saboteurs would have to be relatively close to the target trains—somewhere from hundreds of feet to miles, depending on the power of the radio equipment used in their disruption operation. (Olejnik was careful to note that he hasn't tested the attack himself.) Given that the disruptions appear to have occurred in three different Polish administrative regions across the country, getting that equipment close enough to all the target trains would likely have been the biggest challenge for the saboteurs. “It is really a cheap operation,” Olejnik says. “The biggest risk is the need of being in proximity.”

Polish State Railways didn't immediately respond to WIRED's request for comment. But a statement from the railways agency notes that the train disruptions were due to “unauthorized broadcasting of the radio-stop signal” sent “by means of a radiotelephone by an unknown perpetrator.” The statement adds that “receiving a radio-stop signal results in an immediate stop of all trains whose radios operate on a given frequency.”

Despite those automated emergency stops, the railway agency wrote that “there is no threat to rail passengers. The result of this event is only difficulties in the running of trains.” The Polish Press Agency reported no injuries or damage as a result of the radio sabotage operation.

If Russia or its supporters have in fact sabotaged the railway system of Ukraine's ally, the operation wouldn't be without precedent. In fact, Belarusian dissident hackers known as the Cyber Partisans protested Belarus's support of the Russian military by launching their own rare political ransomware attack against Belarus's Railways' IT network in January of 2022, in an attempt to prevent Belarus's participation in the invasion that came just a month later.

This disruption of Poland's rail system doesn't appear to have required any such ransomware or even a penetration of a digital network. But Olejnik cautions that the simplicity of the attack shouldn't lead anyone to underestimate its effects, which may continue to play out given the difficulty of preventing the radio attack on Polish trains' unauthenticated communication systems.

“When you’re a hub of support to war-stricken Ukraine, you’re indeed a target,” says Olejnik. “Low-hanging fruits are always the best approach.”

_Additional reporting by Lily Hay Newman._

The Cheap Radio Hack That Disrupted Poland's Railway System

Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access.

August 2, 2023 • Knowledge

**Overview and Impact:**

Currently supported Infoblox NIOS versions through 8.5.2 have a faulty component that accepts malicious input without sanitization, resulting in shell access. The absence of proper validation on an input field allowed for the exploitation of a remote code execution (RCE) vulnerability. The malicious actor needs access to an authenticated feature in the NIOS UI to be able to execute the malicious input to gain access to the shell.  
 

**Affected Versions:**

NIOS 8.5.2 and prior

**Resolution:**

The fix for this issue was included in 8.5.3 and later releases of NIOS. A hotfix identified as NIOS-93969 is available for NIOS 8.5.2 and is attached to this article. Additionally this issue was resolved in the hotfix for CVE-2023-2828.

The vulnerability was identified thanks to the efforts of Sean Morland of NCC Group.

CVE-2023-37249: NIOS is vulnerable to CVE-2023-37249

By Owais Sultan
Okay, digital explorers! Strap yourselves in as we prepare to embark on a thrilling expedition through the complex and ever-shifting digital wilderness.
This is a post from HackRead.com Read the original post: Defending the Virtual Kingdom: Exploring Modern Cybersecurity Landscapes

In this realm of ones and zeros, a captivating dance of technology and tactics unfolds, revealing a modern battlefield where the stakes are high and the adversaries are often invisible. Let’s delve into the intricate world of modern cybersecurity – a vital invisible shield that tirelessly defends our precious virtual dominion.

**Chapter 1: Decoding the Shifting Threatscape**

Imagine a virtual Wild West, where the nefarious characters aren’t just the black-hat hackers but a diverse cast of digital personas. Picture ransomware renegades as modern-day bandits, taking your data hostage and demanding a hefty digital bounty (ransom) for its release. These outlaws hold your crucial files at virtual gunpoint, paralyzing organizations and individuals alike. 

Meanwhile, the cunning phishing outlaws employ a different weapon: psychology. Through a careful masquerade, they impersonate trusted entities to deceive unsuspecting victims into revealing sensitive information. All of this makes advanced preemptive measures like cloud penetration testing all the more important. 

**The new cybercriminals**

Think of them as modern-day con artists, using technology to manipulate human nature itself. Don’t forget the elite APT bandits, the cyber equivalent of skilled ninjas. They execute stealthy, long-term attacks, infiltrating high-value targets with precision and quietly exfiltrating valuable data, leaving little trace. 

And then, there are the enigmatic zero-day gunslingers. With exploits that target undiscovered vulnerabilities in software, they wield powerful weapons that are as elusive as they are dangerous. To navigate this perilous digital realm, fluency in this diverse cast of threats isn’t just helpful – it’s an imperative survival skill.

**Chapter 2: The Great Game of Digital Nations**

The geopolitical landscape is no longer confined to conventional borders and physical territories. Nation-states have unshackled themselves from traditional realms and entered the domain of digital warfare.

Stuxnet, a digital weapon that crippled Iran’s nuclear program, was a harbinger of this transformation. It marked the debut of a new era where nations conduct covert operations and pursue strategic goals through cyber means. These digital campaigns aren’t limited to espionage or data theft; they now encompass economic disruption and even sabotage.

Nation-states have become adept at deploying cyberweapons, infiltrating critical infrastructure, and manipulating global narratives. In this complex game of digital chess, your personal data and digital interactions might unwittingly play a pivotal role.

You’re no longer just a bystander in this grand theatre; you’re a potential player, whether you choose to be or not. As nation-states engage in this high-stakes digital chess match, understanding the rules and anticipating their moves is vital for the safety of individuals, organizations, and entire nations.

**Chapter 3: Fortifying the Digital Stronghold**

Now that we’ve ventured into the heart of this digital landscape, it’s time to gear up for defence. Imagine firewalls as the towering walls of a medieval castle, standing guard at the entrance of your digital domain.

These digital barriers scrutinize incoming and outgoing data, allowing the safe passage of legitimate traffic while fending off malicious invaders. Intrusion detection systems act as vigilant sentinels equipped with the ability to identify abnormal patterns or behaviours that may indicate a breach. They raise the alarm, summoning the cyber garrison to repel any imminent threat. But these fortifications only form the outer layer of your defence strategy.

Encryption, your ultimate cryptographic shield, takes centre stage when safeguarding sensitive information. Just as a vault secures your valuables, encryption transforms your data into an unreadable cypher, accessible only to those with the key. By combining these technological bastions, you’re building a formidable stronghold against the relentless tide of cyber threats.

As we traverse the digital landscape, we encounter not just lines of code, but the intricate dance of human psychology. Enter the art of social engineering, where hackers leverage the vulnerabilities of the human mind to breach digital defences.

**Pretexting**, the act of creating a plausible pretext to extract information, is akin to an actor donning multiple personas to deceive you. Baiting, on the other hand, exploits curiosity or desire. Hackers dangle tantalizing offers like digital bait, luring you into traps that compromise your security.

**Tailgating** capitalizes on trust – an unauthorized entity gains access by simply following you through a secured entrance, just as a person might slip through a closing door after someone else. With social engineering, the adversary isn’t just the code; it’s the understanding of human behaviour that’s their potent weapon. Arm yourself with awareness, scepticism, and a dash of digital paranoia to outsmart these psychological manoeuvres.

**Chapter 5: The AI Enigma: Cybersecurity’s Double-Edged Sword**

The dawn of Artificial Intelligence (AI) brings both promise and peril to the realm of cybersecurity.

Picture AI as a digital ally, a vigilant sentinel that spots unusual patterns in the vast sea of data, sounding the alarm when something’s amiss. It’s like a digital bloodhound that sniffs out anomalies, flagging potential threats before they materialize.

But beware, for AI is a double-edged sword. Hackers can wield it too, employing AI to automate attacks, craft sophisticated phishing emails, or even mimic your behaviour to evade detection. Imagine a foe that learns from its mistakes, adapts to your defences, and evolves in real time. In the ongoing battle between offence and defence, AI introduces an element of unpredictability, making this digital frontier an ever more challenging battleground.

**Chapter 6: Cybersecurity Unity: Strength in Numbers**

In this virtual landscape, unity is your secret weapon. Cyber threats transcend borders, and adversaries are bound by neither time nor geography. It’s a call for global cooperation – an alliance that extends beyond political affiliations or economic interests.

International collaboration becomes a formidable force, pooling resources, intelligence, and expertise to counteract the relentless tide of cyber threats. Initiatives for information sharing, response coordination, and the establishment of digital norms become paramount.

It’s not just about individual cybersecurity; it’s about safeguarding the interconnected tapestry of our digital world.

**Conclusion: Rise of the Cyber Guardians**

As we conclude our expedition, one truth becomes apparent: cybersecurity isn’t an endgame; it’s an ongoing quest. In this realm, vigilance is your guiding star, and knowledge is your greatest weapon.

This is a journey where each individual, organization, and nation stands as a potential guardian of the digital realm. The ever-shifting landscape demands adaptability, resilience, and continuous learning.

Remember, the equilibrium between chaos and order rests on your shoulders. So, fellow adventurers, embrace the challenge, rise to the occasion, and navigate this cyber frontier with unwavering determination. Stay curious, stay secure, and in the face of the digital tempest, become the guardians that protect and shape our interconnected world.

Defending the Virtual Kingdom: Exploring Modern Cybersecurity Landscapes

By Owais Sultan
Data security is vital for protecting sensitive information and maintaining trust.
This is a post from HackRead.com Read the original post: Elevating Data Security: Key Considerations When Transferring Your Digital Workspace

In today’s dynamic digital landscape, data security has emerged as a paramount concern. The surge in workspace transitions, encompassing remote work, hybrid models, and flexible office setups, necessitates a meticulous approach to safeguarding sensitive information.

This article delves into the imperative task of upholding data security during workspace transitions, elucidating key measures, legal considerations, and proactive strategies to ensure the integrity of valuable data.

**Understanding Workspace Transitions and Data Vulnerabilities**

Workspace transitions, propelled by evolving work dynamics, demand a comprehensive understanding of potential data vulnerabilities. The shift towards remote work, hybrid setups and the reliance on cloud storage can expose organizations to various security challenges.

These include the use of unsecured networks, the integration of personal devices, and an augmented risk of physical security breaches. Recognizing these vulnerabilities is pivotal in devising effective data security strategies across your organization. 

This is why a good cloud migration plan is of the utmost importance when transferring to a digital workplace. 

**Key Data Security Measures During Workspace Transitions**

Implementing robust access control is a cornerstone of data security during workspace transitions. By employing role-based access mechanisms, organizations can restrict data access based on specific job functions, minimizing the risk of unauthorized information exposure.

Multi-factor authentication (MFA) and biometric verification provide an added layer of defence, fortifying data access against breaches. Additionally, the adoption of encryption protocols for data at rest and in transit ensures that even if data is intercepted, it remains unintelligible to unauthorized entities.

**Establishing Secure Network Infrastructure**

The establishment of a secure network infrastructure is imperative to uphold data security. Virtual Private Networks (VPNs) prove instrumental in encrypting remote connections, thwarting potential eavesdropping attempts and employing network segmentation further fortifying the system by containing potential breaches within isolated segments.

**Data Handling Best Practices**

Data handling practices during workspace transitions should be underscored by stringent best practices. Equipping employees with the knowledge and tools to handle data securely, particularly in remote and hybrid scenarios, is pivotal.

Secure file sharing and collaboration tools must be utilized, enabling seamless interaction while ensuring data protection. Implementing data classification and labelling empowers organizations to prioritize data safeguarding based on sensitivity levels, diminishing the likelihood of inadvertent breaches.

**Endpoint Security and Device Management**

Endpoint security and device management play a pivotal role in data protection. In scenarios involving Bring Your Own Device (BYOD), stringent policies should be instituted to ensure devices meet security requirements.

**Device management**

Mobile Device Management (MDM) solutions play a critical role in today’s digital landscape by providing organizations with the tools they need to manage and secure the wide array of mobile devices that connect to their networks. These solutions enable centralized control over devices, allowing administrators to remotely manage, monitor, and safeguard devices, thereby enhancing security and reducing potential risks.

One of the key features of MDM solutions is their ability to facilitate remote wiping and disabling of lost or stolen devices. This capability serves as a powerful countermeasure against data breaches that could result from unauthorized access to sensitive information stored on these devices. Here’s how MDM solutions accomplish this and why it’s essential:

*   **Centralized Control**: MDM solutions provide a centralized dashboard or console that administrators can use to manage all the enrolled mobile devices. This centralized approach streamlines the management process and ensures consistent security policies across the organization’s mobile device fleet.

*   **Remote Wiping**: In the unfortunate event that a device is lost or stolen, MDM solutions empower administrators to remotely initiate a complete wipe of the device’s data. This action erases all data on the device, returning it to its factory settings. Remote wiping is crucial in preventing unauthorized access to sensitive corporate data, customer information, and proprietary resources.

*   **Disabling Devices**: MDM solutions allow administrators to remotely disable devices, rendering them unusable. This feature can be particularly useful when there’s a high risk of unauthorized access, or if a device has been lost in an area where retrieval is not feasible. By disabling a device, organizations can mitigate the potential damage that could arise from compromised devices falling into the wrong hands.

*   **Data Protection**: MDM solutions often include features like encryption and secure containers. Encryption ensures that data stored on the device is protected even if the physical device is compromised. Secure containers segregate corporate data from personal data, allowing organizations to secure sensitive information without encroaching on users’ personal privacy.

**Monitoring and Incident Response**

Vigilant monitoring and incident response mechanisms are indispensable in the realm of data security. Continuously monitoring network traffic and user activities allows for the timely identification of anomalous behaviour.

Intrusion detection systems (IDS) and intrusion prevention systems (IPS) act as sentinels, mitigating potential threats. Coupled with a meticulously devised incident response plan, organizations can swiftly contain breaches, minimizing damage and ensuring regulatory compliance.

**Legal and Compliance Considerations**

Akin to an intricately woven tapestry, legal and compliance considerations interlace with data security during workspace transitions.

Navigating the labyrinth of data protection regulations such as GDPR, HIPAA, and CCPA is imperative. Organizations must navigate these regulations adeptly, particularly in the context of international data transfers, to ensure seamless transitions without violating regulatory norms.

**Employee Education and Awareness**

A resilient data security strategy is incomplete without a robust focus on employee education and awareness.

Ensuring that every member of the organization comprehends the significance of data security is paramount. You need regular workshops and awareness programs to cultivate a culture of security consciousness, fostering a vigilant workforce that actively contributes to data protection.

**Case Studies: Data Security Success Stories**

Drawing inspiration from real-world scenarios, a compilation of case studies serves as a testament to effective data security during workspace transitions.

These success stories underscore the relevance of meticulous planning, technological integration, and strategic execution. By analyzing these case studies, organizations can distil valuable insights and replicate these strategies to ensure data integrity in their unique contexts.

**Future Trends in Data Security and Workspaces**

Peering into the horizon of data security and workspaces unveils a landscape marked by future trends. Emerging technologies like AI and blockchain are poised to transform workspace security dynamics.

Yet, these advancements come with their own set of challenges, demanding the constant evolution of cybersecurity practices. The role of cybersecurity professionals will be pivotal in embracing and adapting to these changes, ensuring data security remains robust in the face of evolving work paradigms.

**Conclusion**

The modern era demands a steadfast commitment to data security during workspace transitions. As work dynamics continue to evolve, organizations must fortify their data protection measures to navigate the intricate labyrinth of digital landscapes. By embracing robust access controls, secure network infrastructures, vigilant monitoring, and comprehensive employee education, enterprises can elevate data security, ensuring the sanctity of their invaluable information.

Elevating Data Security: Key Considerations When Transferring Your Digital Workspace

AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets.

AdGuard DNS versions

2.2.1

Aug 7, 2023

In this update, we have improved the DNS server performance, fixed a few issues, and released a new authorization service that will allow users to access their personal account quicker.

Changelog

Performance

The number of AdGuard DNS users is growing at an enormous rate, and the total number of requests per second has closely approached 2 million. Meanwhile, over 90% of these requests come to us through encrypted DNS protocols (DoT, DoH, DoQ, DNSCrypt). Therefore, in this release, we focused on improving the DNS server’s performance and achieved great success. We can now handle an astronomical number of requests with reasonable server power.

Features

Added Czech and Slovak languages

Improved readability of highlighted text in dark theme #617

Full DNS address now displayed when setting up a device in a mobile browser #625

Fixes

Misalignment of columns when the “Device not connected” indicator dot appears #575

AdGuard verification code auto-fill issue with two-factor authentication enabled in Safari #314

Email address auto-fill bug on the login page in Safari #319

Incorrect functioning of the $dnsrewrite modifier

2.2

Apr 24, 2023

The highlight of this release is the ability to customize the Team subscription — now you can choose the number of devices, servers, and monthly requests you want before purchasing it. Also, we've added the option to select a response code for blocked requests and, of course, fixed some bugs.

Changelog

Features

Added the ability to customize the Team subscription

Added more information about monthly traffic update #490

Added the option to select a response code for blocked requests

Added AdGuard DNS blog

Updated Linked IP block design

Updated translations #570

Fixes

In the mobile version of Safari, the filtering log automatically reverts to its default state after scrolling

Problem with statistics and log retention settings #472

EDNS Client Subnet could not be disabled #542

Error condition is not reset when the type of line to be added is changed #563

Slashes are not saved in the comments of the user rules editor #576

Real-time query log updates don't retain filter changes #460

Fixed an issue that allowed a DoS attack against the service using malformed UDP packets

2.1.6

Mar 1, 2023

Minor bugs should be tackled before they build up and affect the performance of AdGuard DNS. We aim to release patches in a timely fashion, and here's another one.

Changelog

Fixed

Can't reach the 'Try AdGuard DNS' button in Safari on iOS #436

The settings of the selected server are reset after refreshing the page

The domain is not found in the search field if it was copy-pasted #530

Changed the hint text for clearing device logs/statistics #536

Added

Default TTL hint #535

Ability to customize which response will be used for a blocked domain

Option to block Mozilla canary domain

2.1.5

Feb 2, 2023

In this patch we've fixed several bugs — now AdGuard DNS runs better.

Changelog

Fixed

Spikes on the stat graph

Incorrect triggering of the device limit

Resetting statistics does not occur in all filter sections

Unable to log in to account via Apple ID if 2FA is enabled

Top blocked domains and top requested domains values in mobile version are mixed up #482

Resetting filters in filtering log does not clear domain search field #524

2.1.4

Dec 29, 2022

This patch is a little New Year’s present for you. We’ve significantly improved the performance of our DNS servers, added instructions for connecting AdGuard DNS to AdGuard VPN and AdGuard Browser extension, and fixed minor bugs.

2.1.3

Dec 7, 2022

Now it’s possible to connect an Android or iOS device with AdGuard VPN to AdGuard DNS via email. To do so:

Open the AdGuard DNS dashboard and tap the Connect new device button,

Choose Android or iOS and enter your device’s name,

Tap Next and then Send link by email,

Enter the email address you want to send the link to and click Send,

​​Open the email on the device you want to connect to AdGuard DNS and tap the Connect device button.

For this release we’ve also expanded the list of used filters, made some UI enhancements, fixed a few bugs, and added Vietnamese localization.

Added

Option to connect AdGuard DNS in the AdGuard VPN app by sending a configuration email

Vietnamese language support

Added filters

1Hosts (mini)

HaGeZi Personal Black & White

HUN: Hufilter

LIT: EasyList Lithuania

No Google

Fixed

AdGuard DNS homepage doesn’t load when iCloud+ Private Relay is enabled

2.1.2

Nov 22, 2022

In AdGuard DNS v2.1.2 we’ve enhanced the dashboard interface, added a server in Johannesburg and an option to disable automatic filtering log updates. Also, we’ve fixed some bugs so it will no longer be a problem to rename the device or understand the statistical report.

If you use AdGuard VPN for Android or iOS, you can easily add an encrypted DNS to your device. Just follow our instructions when adding a new device.

Added

Option to disable automatic filtering log updates #264

Johannesburg server

Turkish language support

Fixed

Flags were displayed incorrectly in the Traffic Direction section#428

Blank space in the Connection check section #431

Text started to glitch when renaming a device #354

Incorrect dates in the weekly stats report

2.1.1

Oct 25, 2022

This hotfix is intended to correct minor errors and add two localizations as a bonus.

Changelog

\[Enhancement\] Added translation of the dashboard and login page into Portuguese and Portuguese Brazilian

\[Fixed\] Incorrect time of latest device activity #427

\[Fixed\] Incorrect VPN subscription status #352

\[Fixed\] Refreshing the Device settings page redirects back to server settings #430

2.1

Oct 20, 2022

AdGuard DNS now supports DNS-over-HTTP/3 in experimental mode. It was a challenge, but we made it. For now only AdGuard Home and dnsproxy fully support DNS-over-HTTP/3, but soon DoH3 will appear in other AdGuard products. However, we focus on DNS-over-QUIC and consider it more advanced, but we strive to support the other protocols too, and DoH3 is a proof of that.

Another good news is that we will email AdGuard DNS users weekly and monthly reports with stats on requests, devices, and companies, which is convenient and visual. If there are too many reports, you can unsubscribe at any time.

Changelog

\[Enhancement\] Added the Apply button that appears after changing the server name

\[Enhancement\] Query log data cutoff in desktop mode #366

\[Enhancement\] Query log page numbers move when a new page is opened #368

\[Fixed\] Switching from 90 days to anything less causes dates to overlap #323

\[Fixed\] Text is cut off for the last domain in Top domains #339

\[Fixed\] Dates are cut off on the left and right side of the chart (mobile version of the website) #341

\[Fixed\] Misleading subscription status (from AdGuard VPN) #352

\[Fixed\] Wrong status of applied unblocking rules #361

\[Fixed\] The "Refresh" button on the homepage does not override the number of requests

\[Fixed\] Query log data is cut off (desktop version of the website) #366

\[Fixed\] Limit triggering in Enterprise plan

\[Fixed\] Can't scroll to account settings on Safari for macOS #353

\[Fixed\] In some cases the statistics were counted incorrectly

\[Fixed\] Top Destinations stats overlap when set to 90 days #326

2.0.1

Sep 7, 2022

It's been two weeks since the release of AdGuard DNS 2.0, but there's still a pleasant aftertaste. We've been painstakingly working on this product to give you a reliable and convenient tool to control your online traffic. And we succeeded.

Still, small bugs had crept into the release. That's why we're publishing a patch today: so you can enjoy the service, and we can move on to some bigger tasks with peace of mind.

Changelog

\[Enhancement\] Added search to the DNS knowledge base

\[Enhancement\] Updated link for Contact Us button on purchase page

\[Enhancement\] Improved the Traffic Destinations page

\[Enhancement\] Add an option to use add-cpe-id in Dnsmasq to identify the device

\[Fixed\] Disabling logs disables tariff statistics

\[Fixed\] Numbers in Japanese, Korean, Chinese are displayed incorrectly

2.0

Aug 18, 2022

The beta testing phase is finally over! From now on the new level of traffic control is available for you. With AdGuard DNS 2.0 you can:

Flexibly configure domain blocking via blocklists, query log and user rules;  

See real-time requests statistics from all connected devices;  

Enable and set up Parental control;  

Learn more about all the changes and improvements of AdGuard DNS 2.0 in our blog.

0.6

Jul 29, 2022

Check out the sixth beta version of AdGuard DNS (and hopefully the final one before the release). In it we’ve improved the dark theme: updated the map styles and QR-code, so that everything could be easily read and scanned. And, of course, we fixed some minor bugs. The private AdGuard DNS now runs smoother!

Changelog

\[Enhancement\] Updated map styles in the dark theme

\[Enhancement\] Added an option to disable iCloud Private Relay

\[Fixed\] QR code is not scanned in the dark theme

\[Fixed\] Autofill doesn’t work in Safari on macOS and iOS

\[Fixed\] Minor bug fixes in desktop и mobile versions

0.5

Jul 13, 2022

There are five fingers in a hand, five oceans on Earth, and five betas of the private AdGuard DNS. Today we're releasing the fifth beta of our DNS and we hope you'll rate it 5/5!

In this version we’ve implemented support for DDR (Discovery of Designated Resolvers) by the latest draft of the new standard. With this feature, an encrypted connection to the DNS server will be set up automatically on devices with DDR support, provided the device previously knew the server address. A computer or smartphone will send a request to the known address and receive all the necessary information to establish a secure connection.

DDR support appeared in Windows 11 Insider Preview Build 22489, which means that the feature will get into the release version after a while. When this happens, Windows and AdGuard DNS users will be automatically reconnected to encrypted DNS servers – public or private, depending on the services selected earlier.

We’ve also improved ECS (EDNS Client Subnet) implemented in the third beta. Servers now respond with more precise IP addresses that better match your location. Furthermore, we are continuing to refine the open AdGuard DNS API, and now there are methods for getting statistics. All documentation is available at Knowledge Base.

We’ve fixed some bugs and worked on the interface: authorization via Apple ID now works properly, the dark theme has become really dark, and the Query log is prettier than ever. French, Italian, Chinese, Japanese, and Korean were added to the dashboard, and we are committed to continue localizing the private AdGuard DNS, making it accessible to users from all over the world!

Changelog

\[Enhancement\] Added support for DDR (Discovery of Designated Resolvers)

\[Enhancement\] Statistic retrieval methods were added to the API

\[Enhancement\] Added an option to change subscription type

\[Enhancement\] Added an option to extend subscription

\[Enhancement\] Added support for Chinese, Japanese, Korean, French, and Italian

\[Enhancement\] Added the "Don’t ask again" checkbox to the system notification that appears when deleting user rules

\[Fixed\] After logging in via Apple ID the personal account opens instead of dashboard if the user has an AdGuard VPN subscription

\[Fixed\] In dark theme statistics blocks are highlighted in white

\[Fixed\] In dark theme text in some fields is grayed out

\[Fixed\] Some elements in the mobile version of the website are displayed incorrectly

0.4

Jun 21, 2022

The period of active "building" of the private AdGuard DNS is left behind, and now we're polishing the service to a shine. Just take a look at the current changelog and compare it to the one we published for the previous beta. The difference is obvious.

The fourth beta features dark theme and language selection – at the moment, the dashboard is translated into German, Spanish, and Russian. To find both options, go to Account settings. And some more good news: from now on all AdGuard VPN users with a subscription will get the Personal plan of the private AdGuard DNS for free.

We hope you’ll enjoy the new version. Use the service and leave feedback on any platform you like.

Changelog

\[Enhancement\] Added dark theme

\[Enhancement\] Added support for VPN subscriptions and information about VPN subscribers automatically getting a Personal DNS subscription

\[Enhancement\] Added German and Spanish localizations

\[Enhancement\] Improved search function in the filter section on mobile devices

\[Enhancement\] Supplemented instructions for different devices

\[Enhancement\] Added a link to DNS rules syntax in the query log dialog

\[Fixed\] The “View device settings” button doesn't work on iOS devices

\[Fixed\] The “Unable to renew subscription” popup hangs for too long

0.3.1

Jun 10, 2022

The recently released third beta of private AdGuard DNS was really good and brought a lot of useful features to users. However, as it turned out, it contained a few flaws. So that you don't have to deal with them anymore, we are releasing a patch v0.3.1 for private AdGuard DNS.

Changelog

\[Fixed\] Clicking the Block button in Query log deletes all existing user rules and replaces them with a new one #265

\[Fixed\] Unable to move devices between servers #248

\[Fixed\] Incorrect links on the "Thanks for your purchase" page

\[Fixed\] Discount promo codes do not work correctly

\[Fixed\] There is no payment button in the mobile version of the website

\[Fixed\] Incorrect designation of the number of requests in Statistics

0.3

May 26, 2022

Meet the third beta version of private AdGuard DNS! We are steadily moving towards a full-fledged product, adding new features, changing and improving UI — everything to make you really enjoy using AdGuard DNS.

The version history – in front of your eyes

First and foremost, we've added a version history page for the AdGuard DNS service. Now you can see the full list of changes, learn about new features, and see how the work on private AdGuard DNS service is progressing.

Contribute to AdGuard DNS translation

Until now, private AdGuard DNS could only be used in English: first we had to make sure everything was working as it should. With this version we've extended the geography by adding the possibility to translate the dashboard into different languages. Help us make AdGuard DNS more accessible to everyone by participating in the translations! You can find a detailed article on how to use the Crowdin platform in our Knowledge Base. And if you already know how to use it, visit the AdGuard DNS project in Crowdin. Select the Dashboard and choose the language you want, then you're ready to translate!

AdGuard DNS Knowledge Base

Subscription

We've added a paid subscription on private AdGuard DNS. Subscription is not required during beta testing, but we'd appreciate it if you'd like to support us now.

DNS filters

We've also fixed DNS filters: eliminated the bug with the /etc/hosts-style rules failing to work and added support for rules with $dnsrewrite. By the way, you can read about the DNS filtering syntax in the Knowledge Base.

ECS support

The AdGuard DNS servers now support EDNS Client Subnet (ECS).

This feature allows users to get responses corrected for the location of the DNS user. We had long been hesitating to implement it in AdGuard DNS: ECS assumes handing over an anonymized user's IP address to the name server. In this version, we've solved the problem: instead of the user's IP address, we pass another address from approximately the same location as the user's.

New blocklists

We've added a lot of new blocklists — now it's even easier to customize AdGuard DNS. And if that's not enough, you can request and add more blocklists in the GitHub repository (before you do that, read requirements for blocklists in the section “What Blocklists Can Be Added Here”).

Open API

AdGuard DNS now has an open API. If you want to integrate with AdGuard DNS, read the documentation.

UI fixes and more

We've also fixed a lot of minor bugs and added some useful features.

Test private AdGuard DNS and leave feedback on any convenient platforms — it will help us become better.

Changelog

\[Enhancement\] Improved the appearance of the multiselect (element with the ability to select multiple values, such as countries, devices)

\[Enhancement\] For the device location, the Traffic Destination section uses data from its last activity

\[Fixed\] Incorrect detection for account time zone

\[Fixed\] Statistics and logs do not get cleared when their retention period is changed

\[Fixed\] Incorrect country detection for some domains

\[Fixed\] Significant delay in clearing logs and statistics

\[Other\] Added the option "Last 7 days" to date selector

0.2

Mar 16, 2022

We’ve all been waiting for it: we're proud to present the open beta of private AdGuard DNS! From now on, anyone can set up their own DNS server.

We took the best of AdGuard DNS and AdGuard Home and designed a product that would be flexible and customizable, meet the needs of "geeks", and have a user-friendly interface. We hope we succeeded! And now let's take a closer look at the best features of private AdGuard DNS.

Block/unblock domains

With a private DNS server, it is only you who decides which domains should be blocked and which shouldn’t — on each device! Connect your computer, smartphone, tablet or router and manage their requests as desired.

Blocklists management

You can also choose which domain blocking rules should be implemented. And those who aren't satisfied with dozens of pre-installed blocklists can import and export their own custom rules.

Advanced statistics

Now you can see the full statistics of your requests: how many requests were registered, to which companies, and to which countries. Besides, you can view this information for different dates, countries, and even for different devices connected to your DNS server. And of course, block and unblock requests on the go.

Parental control

To protect your child from online content you deem inappropriate, you can use Parental control. You can activate the safe search and manually specify domains for blocking as well as set the schedule: for instance, not allow your child to watch videos during homework.

Join beta testing

To take part in beta testing go to AdGuard DNS website and press \*Join beta\*\*\*, then sign up or log into your AdGuard account. You're done! Create your own DNS server and manage your requests — you are in control.

0.1

Sep 28, 2021

Great news: AdGuard DNS is advancing to a new level. We're about to release the product that many have yearned for so long — the private AdGuard DNS!

What a public DNS server blocks cannot be changed — it only has to be taken for granted. With your own DNS server, you'll be in control of all the query statistics and be able to choose which domains you want to block. It'll allow you to add blocklists and set up Parental control. And the user-friendly interface will make it no problem to get to grips with it all.

We added a new website where you can already see what the private AdGuard DNS interface will look like, learn how to connect to the public DNS server, and subscribe to the AdGuard DNS newsletter. If you do, we'll message you at launch and keep you up-to-date with the latest AdGuard news.

Thank you for your support! Stay tuned — and in the meantime, we're working to make sure the next release is to your liking.

CVE-2023-41173: AdGuard DNS — ad-blocking DNS server

Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android  6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device.

Tag

#ios