alt=Digital illustration of a secure network with a glowing shield and padlock icons, symbolizing cybersecurity protection.
Cyber security
2025-06-05 Post a Comment

Do I need an antivirus and a VPN?

Story by Sead Fadilpašić

The best antivirus acts as most people’s go-to for device protection, but as I have already discussed, there are some threats that antivirus can’t protect against.

With online threats are becoming ever more prevalent, an increasing number of people have an “it won’t happen to me” attitude about their security.

<cs-card “=”” class=”card-outer card-full-size ” card-fill-color=”#565656″ card-secondary-color=”#272727″ gradient-angle=”112.05deg” id=”native_ad_inarticle-1-64134ab6-2d50-42da-bedb-6fc7674dd9eb” size=”_2x_1y” part=””>

Ad

Try a FTMO Free Trial

It’s easy to understand why – the web standards have drastically increased over the years, and vanilla browsers and operating systems have become better at identifying all kinds of dangers.

However, with the rising sophistication of cyberthreats (and an uptick in hybrid working environments), a robust antivirus software in combination with a VPN is necessary for complete protection of your computers.

The new threats emerging

Artificial intelligence is, unfortunately, ushering in an era of more sophisticated malware and phishing attacks. If AI-generated phishing emails that are indistinguishable from the real thing weren’t bad enough, cybercriminals can now use AI to modify malware in real time, making it more likely to slip under the radar.

<cs-card “=”” class=”card-outer card-full-size ” card-fill-color=”#565656″ card-secondary-color=”#272727″ gradient-angle=”112.05deg” id=”native_ad_inarticle-2-d3d3d8fa-c295-46e9-860b-a6ee84d66367″ size=”_2x_1y” part=””>

Ad

Cegal Cetegra Cloud Platform – Effective Cost Management – Low-Emission Data Centers

There’s also a major uptick in ransomware. In the past, threat actors would implant malware that would encrypt the data and demand a ransom in exchange for decryption. Now, they exfiltrate the data and threaten to leak it on the dark web.

Not only are ransomware kits freely available for purchase, thus lowering the barrier of entry for cybercrime, but attackers also use AI to optimize their methods and choose their next target.

Remote work environments are simply adding fuel to the fire. Hackers will often compromise unsecured home or public networks to gain access to company systems through vulnerable personal and work devices.

Unfortunately, not all cybersecurity risks happen at the hands of a shady external individual. People also have to contend with internal threats, such as children or the elderly who may inadvertently expose systems to malicious actors.

<cs-card “=”” class=”card-outer card-full-size ” card-fill-color=”#565656″ card-secondary-color=”#272727″ gradient-angle=”112.05deg” id=”native_ad_inarticle-3-5418d5e3-1943-4bc7-8698-c1199978e7ee” size=”_2x_1y” part=””>

Ad

9 Enneagram Types Test – Best Enneagram Test – Free Enneagram Test

Again, people that enjoy remote working practices get the short end of the stick. Companies that allow staff to connect to the company network with personal devices may get their system decimated by malware on the employee’s own device.

Regardless of the nature of the threat, your entire home network including your personal device can completely fall apart due to a cyberattack, and the financial toll can lead to some serious headaches.

How an antivirus can help

While safeguarding your computer from the wide scope of emerging cyber threats requires continuous effort, a dedicated antivirus software is the bare minimum.

It protects your devices from malware and viruses by scanning files and applications, as well as keeping an eye on the network. In other words, a good AV can stop viruses and malware before they cause damage to your device and files.

Now, we get what you may be thinking – modern devices usually have pre-installed antivirus software like Windows Defender. However, such solutions fall short of the comprehensive security that you might need to face modern threats.

For instance, even the best free antivirus may not have a centralized dashboard for monitoring security across different devices on your network. Windows Defender also doesn’t protect against sophisticated threats like targeted attacks or zero-day exploits, and is notorious for its slow response time. Put differently, it may not recognize the malware immediately, and if it does, it may only identify the attack when a device is already infected.

On the other hand, a robust antivirus will safeguard your information and offer additional security layers. Modern tools also implement AI to identify issues more quickly, allowing you to proactively boost your network security.

It’s also worth noting that investing in antivirus software is cost-effective, especially when you compare it to all the expenses that a cyberattack could incur.

How a VPN can help

A VPN (virtual private network) is a piece of software that routes your data through an encrypted tunnel to a secure server, encrypting your data in the process. In even simpler terms, it changes your IP address and makes internet traffic unreadable by third parties, even if they somehow manage to intercept the connection.

This simple tool is vital as it helps protect your sensitive data regardless of how secure the network it travels over is, thus allowing you to also securely access your company’s network and resources, or your cloud storage, in a safe and responsible way.

Compared to an antivirus, implementing a VPN is one of the cheapest ways to strengthen your cybersecurity. To put things into perspective, NordLayer, TechRadar’s top choice for the best VPN, can be snagged for just $3.39 per month. That’s practically nothing when you consider the benefits it brings to the table, and costs far less than a potential data breach.

Plus, VPNs often offer applications for different devices, including smartphones – useful if you require protection across all platforms.

Do you need both?

The more the merrier also applies to your cybersecurity. While implementing just one measure is definitely a step in the right direction, both a VPN and an antivirus are necessary if you want to cover all your bases.

In short, a VPN protects the data transmitted over the internet and the connection itself. An antivirus is great against threats attempting to infiltrate the system. You can see a thread develop here, but these solutions are complementary and will lead to a better security posture.

For example, even if you’re using a VPN, you might still fall prey to phishing and download an infected file. What’s more, the opposite is equally dangerous. You may have solid AV protection, but if you connect to a public network, a hacker may be able to intercept the data in transit.

Should you invest in more advanced types of software?

Both an antivirus and a VPN are the essentials when it comes to protecting personal devices. However, businesses are more prone to cyberattacks, and need therefore need to stay on top of the latest developments. A good upgrade is the best endpoint protection solutions, which are becoming the golden standard in digital security.

For consumers this is definitely overkill, as I have discussed before. Most of the time, the combination of antivirus, VPN, and one of the best password managers is enough to secure you against most threats. But it is worth understanding the capabilities an EPP can provide.

Whereas an antivirus is limited to a single endpoint and uses signature-based detection (rendering it useless against fileless malware or threats that don’t use a signature), an endpoint security suite scans all devices connected to the network for suspicious behavior. Put differently, it continuously scans all endpoints and can recognize threats a lot faster.

Investing in such a solution may often end up being more economical in the long run for many businesses. EPP can include a VPN, as well as the basic AV functionality (such is the case with Avast Business Security), which centralizes the protection of the entire network and eliminates the need to deploy separate applications.

You can also get some extra goodies like USB protection, which disables the use of unauthorized removable storage devices. Other providers also employ advanced correlation engines that help identify green zone threats that a regular antivirus might overlook.

The good thing is that despite the advanced nature of an endpoint security software, it’s as easy to implement as a traditional antivirus. You can get it up and running in a few minutes and instantly start protecting thousands upon thousands of endpoints.

Are these tools enough?

Despite being rather effective, the trio of antivirus, VPN, and endpoint security software may not erase all the vulnerabilities in your system, and that’s a fact. We can go as far as to claim they may be dangerous if they lull you into a false sense of security.

Look at it this way:

VPNs and antivirus software are just tools and will always be fallible unless you implement the right personal practices and cybersecurity awareness.

For individuals, this includes being wary of dodgy websites and questionable emails, and also making sure that what your are downloading is legal and from a reputable source. There are many horror stories of people looking to dodge paying for a game or service and being greeted with ransomware the second they launched their new ‘software’.

For businesses on the other hand, training to recognize fake login pages and phishing emails goes a long way in preventing you from becoming a target of a cybercrime. In addition to all the technological gizmos, you also need to work on your password policy by creating strong passwords and enabling multi-factor authentication on all accounts that support it.

Once you minimize the possibility of human error (which is still the leading source of cyberattacks), your VPN and AV will be a lot more effective in your hands, and significantly help you avoid becoming a cyberattack statistic.

read more
alt=Google Chrome, the world's most popular web browser, displayed on a computer screen with vibrant colors and a user-friendly interface.
Cyber security
2024-12-30 Post a Comment

16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft

î „Ravie Lakshmanan

                                                                                                                                                                                                                                                                                               A new attack campaign has targeted known Chrome browser extensions, leading to at least 16 extensions being compromised and exposing over 600,000 users to data exposure and credential theft.

The attack targeted publishers of browser extensions on the Chrome Web Store via a phishing campaign and used their access permissions to insert malicious code into legitimate extensions in order to steal cookies and user access tokens.

The first company to be known to have been exposed was cybersecurity firm Cyberhaven.

On December 27, Cyberhaven disclosed that a threat actor compromised its browser extension and injected malicious code to communicate with an external Command and Control (C&C) server located on the domain cyberhavenext[.]pro, download additional configuration files, and exfiltrate user data.

“Browser extensions are the soft underbelly of web security,” says Or Eshed, CEO of LayerX Security, which specializes in browser extension security. “Although we tend to think of browser extensions as harmless, in practice, they are frequently granted extensive permissions to sensitive user information such as cookies, access tokens, identity information, and more.

“Many organizations don’t even know what extensions they have installed on their endpoints, and aren’t aware of the extent of their exposure,” says Eshed.

Once news of the Cyberhaven breach broke, additional extensions that were also compromised and communicating with the same C&C server were quickly identified.

Jamie Blasco, CTO of SaaS security company Nudge Security, identified additional domains resolving to the same IP address of the C&C server used for the Cyberhaven breach.

Additional browser extensions currently suspected of having been compromised include:

  • AI Assistant – ChatGPT and Gemini for Chrome
  • Bard AI Chat Extension
  • GPT 4 Summary with OpenAI
  • Search Copilot AI Assistant for Chrome
  • TinaMInd AI Assistant
  • Wayin AI
  • VPNCity
  • Internxt VPN
  • Vindoz Flex Video Recorder
  • VidHelper Video Downloader
  • Bookmark Favicon Changer
  • Castorus
  • Uvoice
  • Reader Mode
  • Parrot Talks
  • Primus

These additional compromised extensions indicate that Cyberhaven was not a one-off target but part of a wide-scale attack campaign targeting legitimate browser extensions.

Analysis of compromised Cyberhaven indicates that the malicious code targeted identity data and access tokens of Facebook accounts, and specifically Facebook business accounts:

User data collected by the compromised Cyberhaven browser extension (source: Cyberhaven)
User data collected by the compromised Cyberhaven browser extension (source: Cyberhaven)

Cyberhaven says that the malicious version of the browser extension was removed about 24 hours after it went live. Some of the other exposed extensions have also already been updated or removed from the Chrome Web Store.

However, the fact the extension was removed from the Chrome store doesn’t mean that the exposure is over, says Or Eshed. “As long as the compromised version of the extension is still live on the endpoint, hackers can still access it and exfiltrate data,” he says.

Security researchers are continuing to look for additional exposed extensions, but the sophistication and scope of this attack campaign have upped the ante for many organizations of securing their browser extensions.

read more
alt=1. A man wearing a hoodie is seated at a desk, focused on his computer screen.
Cyber security
2024-08-28 Post a Comment

Things a cybersecurity expert says they would never do

The rise of cyberattacks has become a growing concern in recent years as the threat of data breaches, ransomware and other malicious online activities has plagued organizations and digital users.

How can you protect your personal information and privacy? CTVNews.ca spoke to a cybersecurity expert on how to better safeguard against the evolving landscape of cyber threats.

Don’t: Reuse passwords

Use a unique password for each of your accounts, “especially for sites where you know a cyber criminal getting access to that information would potentially do some damage,” said Sam Andrey, managing director at The Dais, a Toronto Metropolitan University think tank focused on tech policy.

RELATED STORIES

Sensitive materials include your email address, banking information, and personal files, he added.

Andrey said using a unique password for every account may feel unrealistic in a world where users have so many passwords, but password managers exist for that reason.

A password manager is a tech tool that helps users create, save and manage passwords across different online services, including web applications, online shops and social media. It makes it easier to keep track of passwords, as only one master password is needed, Andrey said.

Don’t: Skip two-factor authentication setup

Andrey said two-factor authentication is one of the “best measures” available to protect against breaches to your accounts.

With a two-factor authentication (2FA) setup, a user is granted access to an application after successfully presenting two forms of identification.

This adds an extra layer of security to your account in the event it is compromised or vulnerable to malicious activity.

Don’t: Skip software updates

“It’s very easy to click on ‘Oh I’ll do that tomorrow’ or ‘I’ll do that next time,'” Andrey said.

“It’s actually more important to do [software updates] these days than it is to buy some expensive antivirus software, [keeping updated] Windows Defender and other kinds of operating systems,” Andrey explained.

“Those patches and security updates fix the latest bugs and vulnerabilities that cybercriminals are taking advantage of and those things are always evolving,” he said.

Don’t: Use non-encrypted platforms

Andrey advised users to look for the lock symbol at the top of their browsers.

Encrypted platforms allow users to protect their information by entering it into a form that can only be read by the user who has permission to do so.

Gmail and most email programs are now encrypted by default, Andrey said.

Andrey said some messaging services, including Apple’s iMessage and WhatsApp, are encrypted end to end—not even the software or provider can view the messages.

For online shopping, Andrey said users should ensure they are using a secure website before entering banking or personal information.

Do: Use a VPN when travelling

For people who travel and use public Wi-Fi networks on subways or airports in other jurisdictions around the world, Andrey recommends buying a VPN to secure your connection when you’re away from home.

A VPN, or “virtual private network,” is a digital tool that encrypts your internet traffic and hides your identity online. There are plenty of options available to download with varying prices and features.

Do: Be wary of scams

Don’t provide login information by phone, [or] by text. Anytime anybody’s prompting you to do that, it’s almost for sure a scam,” Andrey said. “Don’t provide sensitive information.”

Andrey said it’s increasingly rare for companies to text links and users should verify the site they are entering information into to ensure legitimacy.

Check display names and emails to verify if they are correct or from the person you are expecting.

Do: Check default settings

“A lot of the times you’re prompted to opt into things that you don’t need. If you don’t need Google holding your search history for more than six months, have them auto delete it,” Andrey said.

Andrey said the same thing goes for personalized ads or location sharing. “Turn those things off because it just stores more data that is vulnerable to being misused,” Andrey explained.

For sites you visit for the first time—and have no intention of coming back—be careful about what information you provide them. Most want location, cookies and to track you across the internet, reject some of those things, Andrey said.

read more
Trustpilot
The rating of livingsafeonline.com at Trustprofile Reviews is 9.1/10 based on 13 reviews.
Verified by MonsterInsights