Free VPN Apps Found Riddled With Security Flaws
A new study by Zimperium has revealed serious risks in free VPN apps, exposing users to privacy threats and security flaws
A VPN creates an encrypted tunnel between devices and a remote network, making its configuration and flaws important to privacy and access control.
Search across headline titles and summaries.
Background for this topic.
VPN (virtual private network) creates an encrypted tunnel between a device and a VPN gateway, or between networks, across an untrusted network such as the internet. It is commonly used for remote access and site-to-site connectivity. Encryption protects traffic in transit between the tunnel endpoints, but it does not secure a compromised device, protect data after it reaches the destination, or automatically make the VPN provider trustworthy; logging and traffic visibility depend on its configuration and operator.
VPN gateways are high-value entry points: vulnerabilities in internet-facing appliances, weak protocols or configurations, and stolen credentials can enable unauthorized access to internal systems. Organizations should patch and securely configure gateways, require phishing-resistant or otherwise strong multi-factor authentication where practical, restrict access and segment remote sessions, and monitor authentication and connection logs. During an incident, VPN account and gateway records can help identify access, while compromised gateways may require credential resets and network-wide review.
A new study by Zimperium has revealed serious risks in free VPN apps, exposing users to privacy threats and security flaws
A new Android banking and remote access trojan (RAT) dubbed Klopatra disguised as an IPTV and VPN app has infected more than 3,000 devices across Europe. [...]
Akira ransomware actors are currently targeting SonicWall firewall customers vulnerable to a bug discovered last year.
'Opportunistic, Mass Exploitation' Campaign Surging, Say Cybersecurity ResearchersAttackers wielding Akira ransomware appear to be engaged in an "opportunistic, mass exploitation" of SonicWall SSL VPN servers, even when they're using the latest firmware and configured to require multifactor authentication one-time passwords, warn cybersecurity researchers.
Akira ransomware attacks on SonicWall SSL VPN appliances are bypassing its MFA for rapid deployment
PLUS: US court grounds China’s DJI; India requires 2FA for most payments; Great Firewall busters launch VPN; and more! Asia In Brief Over 600 e-government services operated by South Korea’s government are offline after a datacenter fire disrupted operations.…
Ongoing Akira ransomware attacks targeting SonicWall SSL VPN devices continue to evolve, with the threat actors found to be successfully authenticating despite OTP MFA being enabled on accounts. [...]