19 Feb 2020

Iranian Hackers Backdoored VPNs Via One-Day Bugs

Security researchers have reported that unpatched bugs in VPN and RDPs allowed Iran to conduct a cyber-espionage campaign that infiltrated global organizations. Although the campaign was already attributed to APT33, a state-sponsored hacking group, security firm Clearsky has publicized further details. The new report claims that the three-year-long campaign named

Read More
15 Jan 2020

Chinese man arrested after making $1.6 million from selling VPN services

Chinese authorities have launched a crackdown against sellers and vendors of unauthorized VPN software within the country. China has been particularly focused on catching sellers advertising VPN services that are capable of bypassing China’s Great Firewall technology. The Chinese government and law enforcement agencies have been making arrests since mid-2017,

Read More
07 Jan 2020

Widely Known Flaw in Pulse Secure VPN Being Used in Ransomware Attacks

Ransomware actors are actively exploiting a critical flaw in the Pulse Secure VPN service, a security researcher recently discovered. The flaw, tracked as CVE-2019-1150, enables attackers to establish unauthenticated HTTPS connections to enterprise networks using the VPN service. Pulse Secure patched the issue in April of last year, and on

Read More
06 Dec 2019

VPN Flaw Allows Criminal Access to Everything on Victims’ Computers

A VPN vulnerability in the Aviatrix VPN client has been patched, but previously gave an attacker unlimited access to the targeted device. Aviatrix VPN client is used by large US organizations, notably NASA and Shell. All versions of the VPN have been patched and are now available for download without

Read More
03 Dec 2019

This iOS Security App Shares User Data With China: 8 Million Americans Impacted

As the use of VPNs increases rapidly, a report warns consumers that VPN apps may be collecting information on identities and locations, sharing this data with Chinese authorities. VPNs are typically used to protect the user from online tracking and snooping, allowing them to browse anonymously and achieve access to

Read More
22 Oct 2019

Hacker Breached Servers Belonging to Multiple VPN Providers

A threat actor has obtained access to servers belonging to NordVPN, TorGuard, and possibly VikingVPN. NordVPN acknowledged that it suffered a data breach in March of 2018 in which a threat actor obtained private keys used by the firm for securing its web servers as well as VPN configuration files.

Read More
08 Oct 2019

US And UK Governments Issue Update Now Warning For Windows, macOS And Linux Users

The US National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA) that falls under the US Department of Homeland Security (DHS) and the UK National Cyber Security Centre (NCSC) are all warning that Windows, macOS And Linux Users relying on certain Virtual Private Network (VPN) applications are at

Read More
26 Aug 2019

Hackers are actively trying to steal passwords from two widely used VPNs

Security researchers are warning that threat actors have begun scanning the web for servers vulnerable to flaws affecting two highly popular VPN solutions. By exploiting vulnerable servers, hackers could steal login credentials , encryption keys and other sensitive information belonging to users of Fortigate VPN and Pulse Secure VPN. The

Read More
04 Jul 2019

29 VPN Services Owned by Six China-Based Organizations

29 of the world’s biggest VPN services are owned by Chinese companies, which often hide their ownership from consumers, a new VPNpro report shows. According to OpenVPN CEO Francis Dinha this finding “is very alarming as this makes the service from these companies very insecure. If you use one of

Read More
15 Apr 2019

Gov’t warns on VPN security bug in Cisco, Palo Alto, F5, Pulse software

VPN applications offered by Cisco, Palo Alto, F5 and Pusle are putting users at risk by failing to securely store session cookies, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and Carnegie Mellon’s CERT are warning. If threat actors can obtain access to a session cookie,

Read More