Risk and VPN - Cyber Security Informer

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Digital Shadows

MARCH 17, 2025

Key Findings Even years after their disclosure, VPN-related vulnerabilities like CVE-2018-13379 and CVE-2022-40684 remain essential tools for attackers, driving large-scale campaigns of credential theft and administrative control. How AI and automation are amplifying the scale and sophistication of VPN attacks.

VPN

VPN Authentication Ransomware Risk

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

Security Affairs

OCTOBER 29, 2024

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. reads the advisory.

VPN

VPN Ransomware Firewall Internet

Do you actually need a VPN? Your guide to staying safe online!

Webroot

NOVEMBER 21, 2024

With the rise of online scams and privacy risks, virtual private networks (VPNs) are becoming more popular for day-to-day use. So maybe you’ve heard of VPNs but aren’t actually sure what they are. Do you really need a VPN for personal use? Keep reading for the long answer and for tips on choosing the right VPN.

VPN

VPN Antivirus Internet Internet

Digital nomads and risk associated with the threat of infiltred employees

Security Affairs

MARCH 4, 2025

Companies face the risk of insider threats, worsened by remote work. The insider threat, or the risk that an employee could harm the company, is a growing concern. The insider threat, or the risk that an employee could harm the company, is a growing concern. North Korean hackers infiltrate firms via fake IT hires, stealing data.

Risk

Risk Education Scams VPN

Popular VPNs are routing traffic via Chinese companies, including one with link to military

Malwarebytes

APRIL 3, 2025

That’s according to a report from the non-profit Tech Transparency Project (TTP), who investigated the top 100 mobile VPN apps downloaded from Apple’s App Store as documented by mobile intelligence company AppMagic. Mobile VPNs are apps that connect your smartphone to the internet via different computers around the world.

VPN

VPN Mobile Government Technology

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

.” Meanwhile, this week we learned more details about the ongoing exploitation of a zero-day flaw in a broad range of virtual private networking (VPN) products made by Fortinet — devices many organizations rely on to facilitate remote network access for employees. “Patch your #Fortigate.” “Patch your #Fortigate.”

Risk

Risk VPN Internet Internet

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

SecureList

OCTOBER 29, 2024

The primary objective of these services is risk reduction. Policy violations by employees Most organizations focus on external threats; however, policy violations pose a major risk , with 51% of SMB incidents and 43% of enterprise incidents involving IT security policy violations caused by employees.

Risk

Risk Antivirus Accountability Malware

More Than Two Million Stolen VPN Passwords Discovered

Security Boulevard

SEPTEMBER 20, 2024

million stolen VPN passwords have been compromised by malware in the past year, highlighting a growing risk for unauthorized access to secure networks, according to a Specops Software report. The post More Than Two Million Stolen VPN Passwords Discovered appeared first on Security Boulevard. More than 2.1

VPN

VPN Passwords Malware Software

Not Just for Unlocking Content: How Attackers Are Leveraging Personal VPNs

Duo's Security Blog

APRIL 17, 2025

As many a podcast host will tell you, its about time you used a consumer or personal Virtual Private Network (VPN). VPNs have become commonplace, serving various purposes from the noble, like protecting an individuals digital footprint, to the dubious, like accessing geo-restricted content.

VPN

VPN Risk Cybersecurity

SonicWall warns of an exploitable SonicOS vulnerability

Security Affairs

JANUARY 8, 2025

The vulnerability resides in SSL VPN and SSH management and according to the vendor is “susceptible to actual exploitation.” Again, this upgrade addresses a high vulnerability for SSL VPN users that should be considered at imminent risk of exploitation and updated immediately. hardware firewalls: SonicOS 6.5.5.1-6n

Firewall

Firewall Firmware VPN Authentication

Credit Reporting Companies Put Customer Data at Risk

Adam Levin

MAY 19, 2021

Use a VPN that you pay for: Having a VPN can make it much harder to steal your data and prevent identity theft. Keep in mind, VPNs are great for logging onto suspicious WiFi systems or transferring information between devices, but these services can’t prevent data theft on an institutional level.

Risk

Risk Identity Theft Data breaches VPN

MY TAKE: Surfshark boosts ‘DIY security’ with its rollout of VPN-supplied antivirus protection

The Last Watchdog

SEPTEMBER 13, 2021

Thus, Surfshark has just become the first VPN provider to launch an antivirus solution as part of its all-in-one security bundle Surfshark One. This development is part and parcel of rising the trend of VPN providers hustling to deliver innovative “DIY security” services into the hands of individual consumers.

Antivirus

Antivirus VPN Marketing Digital transformation

U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

NOVEMBER 26, 2024

Attackers can exploit the SSL VPN gateway by accessing the filesystem via an HTTP header flags attribute and a vulnerable URL without authentication. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. ” reads the advisory.

VPN

VPN Authentication Hacking Risk

App Stores OK’ed VPNs Run by China PLA

Security Boulevard

APRIL 3, 2025

is the shady entity behind a clutch of free VPN appswith over a million downloads. The post App Stores OKed VPNs Run by China PLA appeared first on Security Boulevard. Bad Apple: Chinese firm banned by the U.S.

VPN

VPN Social Engineering Data privacy Security Awareness

News alert: Seraphic launches BrowserTotal™ — a free AI-powered tool to stress test browser security

The Last Watchdog

JUNE 9, 2025

The launch coincides with the Gartner Security & Risk Management Summit 2025, where Seraphic will be showcasing the new platform with live demos at booth #1257. ” Attendees of the Gartner Security & Risk Management Summit 2025 can experience Browser Total firsthand at booth #1257.

Marketing

Marketing Risk CISO Architecture

Work-from-Home Security Advice

Schneier on Security

MARCH 19, 2020

If the organization is lucky, they will have already set up a VPN for remote access. Handing people VPN software to install and use with zero training is a recipe for security mistakes, but not using a VPN is even worse. Three, employees are more likely to access their organizational networks insecurely.

VPN

VPN Network Security Accountability Hacking

ThreatLabz 2025 VPN Report: Why 81% of Organizations Plan to Adopt Zero Trust by 2026

Security Boulevard

APRIL 10, 2025

VPN technologies have long been a backbone of remote access but according to new ThreatLabz research, the security risks and performance challenges of VPNs may be rapidly changing the status quo for enterprises. Overall, 65% of organizations plan to replace VPN services within the year, a 23% jump from last years findings.

VPN

VPN Risk Internet Internet

Revolutionizing Cisco VPN Access with Duo SSO

Duo's Security Blog

JANUARY 11, 2024

Secure Cisco VPN logins in less than an hour Authenticate users in seconds Verify user + device posture Blog unmanaged devices Mitigate modern security threats with phishing-resistant authentication Join the thousands of Cisco firewall customers who take advantage of protecting Cisco VPN logins with Cisco Duo Single Sign-On via SAML 2.0

VPN

VPN Authentication Firewall Risk

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 25, 2024

is a Denial of Service (DoS) issue that impacts the Remote Access VPN (RAVPN) service of ASA and FTD. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. Services that are not related to VPN are not affected.” continues the advisory.

VPN

VPN Firewall Technology Passwords

VPNs and Trust

Schneier on Security

JUNE 16, 2021

TorrentFreak surveyed nineteen VPN providers, asking them questions about their privacy practices: what data they keep, how they respond to court order, what country they are incorporated in, and so on. Express VPN is incorporated in the British Virgin Islands. Most interesting to me is the home countries of these companies.

VPN

VPN Surveillance Encryption Risk

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 19, 2024

Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software. In each of the cases, attackers initially accessed targets using compromised VPN gateways without multifactor authentication enabled. Some of these VPNs were running unsupported software versions.”

Backups

Backups VPN Ransomware Authentication

Everyday Threat Modeling

Daniel Miessler

SEPTEMBER 27, 2020

The Difference Between Threats and Risks. The problem we have as humans is that opportunity is usually coupled with risk, so the question is one of which opportunities should you take and which should you pass on. And If you want to take a certain risk, which controls should you put in place to keep the risk at an acceptable level?

VPN

VPN Risk Hacking Encryption

Free VPN apps turn Android phones into criminal proxies

Malwarebytes

APRIL 1, 2024

Researchers at HUMAN’s Satori Threat Intelligence have discovered a disturbing number of VPN apps that turn users’ devices into proxies for cybercriminals without their knowledge, as part of a camapign called PROXYLIB. Privacy risks should never spread beyond a headline.

VPN

VPN Advertising Mobile Marketing

Voice Phishers Targeting Corporate VPNs

Krebs on Security

AUGUST 19, 2020

But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees. The employee phishing page bofaticket[.]com. Image: urlscan.io. ” SPEAR VISHING.

Phishing

Phishing VPN Social Engineering Media

GUEST ESSAY: A new year, a familiar predicament — consumers face intensifying cybersecurity risks

The Last Watchdog

JANUARY 3, 2023

With more and more people working remotely, unsecured home or public WiFi networks represent a security risk not only to individuals but to their companies as well. Since many people are now working from home at least partially, vulnerabilities at home are vulnerabilities at work, and threaten to put a company’s data at risk.

Risk

Risk Cybersecurity Antivirus Phishing

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

The Last Watchdog

MARCH 6, 2021

Many people use a virtual private network (VPN) to bypass geographic restrictions on streaming sites or other location-specific content. Since a VPN tunnels traffic through a server in a location of your choosing. VPN’s can play another critical role, such as improving online privacy.

VPN

VPN Firewall Antivirus Risk

Vulnerability in Popular VPN Software Could Lead to Crashes and Service Disruptions

Penetration Testing

APRIL 15, 2024

A newly discovered vulnerability in Libreswan, a widely used open-source VPN (Virtual Private Network) software, could leave systems open to crashes and potential denial of service attacks, say researchers.

VPN

VPN Software Penetration Testing Risk

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

911 says its network is made up entirely of users who voluntarily install its “free VPN” software. In this scenario, users indeed get to use a free VPN service, but they are often unaware that doing so will turn their computer into a proxy that lets others use their Internet address to transact online. “The 911[.]re

VPN

VPN Computers and Electronics Antivirus Software

Popular Chrome Extensions Caught Leaking Sensitive User Data via Unencrypted HTTP

Penetration Testing

JUNE 6, 2025

Symantec reveals popular Chrome extensions like Browsec VPN & DualSafe Password Manager are leaking sensitive user data over unencrypted HTTP, risking privacy.

Password Management

Password Management VPN Passwords Risk

Get an Extra 20% Off a Lifetime of Powerful VPN Protection Through 4/7

Tech Republic Security

APRIL 5, 2024

There’s no reason to risk your privacy or your most confidential information, or even be deprived of your favorite content, when a solution is so affordable. Use coupon SECURE20 at checkout through 4/7 to unlock an additional 20% off this deal!

VPN

VPN Risk Data privacy

When Security Becomes the Risk

Centraleyes

APRIL 24, 2025

Ivanti Connect Secure VPN (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893) was repeatedly targeted, with Chinese espionage groups among the early adopters. What this means for risk management Its a reminder that perimeter defenses alone arent enough. The post When Security Becomes the Risk appeared first on Centraleyes.

Risk

Risk Firewall VPN Ransomware

How IT leaders were unprepared for the security challenges posed by COVID-19

Tech Republic Security

JULY 29, 2020

The top three challenges cited in a Tanium survey were identifying new computing devices, overwhelmed IT capacity due to VPN requirements, and increased risks from video conferencing.

VPN

VPN Risk

This VPN Lets Anyone Use Your Internet Connection. What Could Go Wrong?

WIRED Threat Level

DECEMBER 19, 2024

A free VPN app called Big Mama is selling access to peoples home internet networks. Kids are using it to cheat in a VR game while researchers warn of bigger security risks.

VPN

VPN Internet Internet Risk

12 Online Resolutions for 2021

Adam Levin

DECEMBER 16, 2020

It’s not worth the risk. Use a VPN: If you need to transmit sensitive information online, look into a VPN provider, or see if your workplace can provide one. VPNs aren’t foolproof, but they can add one more level of security and privacy to what you do online, especially if you rely on public WiFi networks.

VPN

VPN Antivirus Passwords Backups

Industrial Systems at Risk: Lenze VPN Flaws Lead to Root/SYSTEM Access

Penetration Testing

MAY 27, 2025

CERT@VDE and Lenze SE have disclosed two local privilege escalation vulnerabilities affecting the Lenze VPN Client on Windows, The post Industrial Systems at Risk: Lenze VPN Flaws Lead to Root/SYSTEM Access appeared first on Daily CyberSecurity.

VPN

VPN Risk Cybersecurity IoT

How Does a VPN Work? A Comprehensive Beginner’s Overview

eSecurity Planet

AUGUST 27, 2024

A virtual private network (VPN) does more than just mask your identity—it fundamentally changes how your data moves across the internet. But what’s really going on under the hood when you browse the web using a VPN? Step 3: Data Transmission to the VPN Server The encrypted data is then transmitted to the VPN server.

VPN

VPN Encryption Internet Internet

Differences in App Security/Privacy Based on Country

Schneier on Security

SEPTEMBER 30, 2022

Three VPN apps enable clear text communication in some countries, which allows unauthorized access to users’ communications. are at higher privacy risk. Apps in Bahrain, Tunisia and Canada requested the most additional dangerous permissions. One hundred and three apps have differences based on country in their privacy policies.

Mobile

Mobile Internet Internet VPN

Supercharging Your Fortinet FortiGate VPN With Duo SSO

Duo's Security Blog

OCTOBER 30, 2024

Let's talk about how Duo SSO is revolutionizing FortiGate VPN access. Picture this: You're securing VPN logins in under an hour, authenticating users in seconds and saying goodbye to those pesky stolen credential risks. Connect your FortiGate VPN to Duo SSO using SAML 2.0 (it's Sounds too good to be true?

VPN

VPN Authentication Firewall Risk

China’s Volt Typhoon botnet has re-emerged

Security Affairs

NOVEMBER 13, 2024

Microsoft first noticed that to conceal malicious traffic, the threat actor routes it through compromised small office and home office (SOHO) network devices, including routers, firewalls, and VPN hardware. The group also relies on customized versions of open-source tools for C2 communications and stay under the radar.

VPN

VPN Government Malware Manufacturing

Fireside chat: The inevitable replacement of VPNs by ‘ZTNA’ — zero trust network access

The Last Watchdog

JUNE 28, 2022

This is so, despite the fact that the fundamental design of a VPN runs diametrically opposed to zero trust security principles. Guest expert: David Holmes, Analyst for Zero Trust, Security and Risk, Forrester Research. But that doesn’t mean VPN obsolescence is inevitable. Pulitzer Prize-winning business journalist Byron V.

VPN

VPN Encryption Internet Internet

Cybersecurity During COVID-19

Schneier on Security

APRIL 7, 2020

I wrote about the increased risks of working remotely during the COVID-19 pandemic. If the organization is lucky, they will have already set up a VPN for remote access. Handing people VPN software to install and use with zero training is a recipe for security mistakes, but not using a VPN is even worse.

Cybersecurity

Cybersecurity VPN Scams Phishing

Check Point Warns of Hackers Targeting Its Remote Access VPN

SecureWorld News

MAY 28, 2024

Threat actors are targeting Check Point Remote Access VPN devices in an ongoing campaign to breach enterprise networks, the company has warned in a new advisory. We have recently witnessed compromised VPN solutions, including various cyber security vendors.

VPN

VPN Passwords Authentication Architecture

Encrypted messaging service intercepted, 2.3 million messages read by law enforcement

Malwarebytes

DECEMBER 9, 2024

Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN. Although I appreciated the hint of the splash page to the media franchise The Matrix. We don’t just report on privacywe offer you the option to use it.

Encryption

Encryption VPN Marketing Media

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

Security Affairs

OCTOBER 29, 2024

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. reads the advisory.

VPN

VPN Ransomware Firewall Internet

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

Trending Sources

Do you actually need a VPN? Your guide to staying safe online!

Digital nomads and risk associated with the threat of infiltred employees

Popular VPNs are routing traffic via Chinese companies, including one with link to military

CISA Order Highlights Persistent Risk at Network Edge

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

More Than Two Million Stolen VPN Passwords Discovered

Not Just for Unlocking Content: How Attackers Are Leveraging Personal VPNs

SonicWall warns of an exploitable SonicOS vulnerability

Credit Reporting Companies Put Customer Data at Risk

MY TAKE: Surfshark boosts ‘DIY security’ with its rollout of VPN-supplied antivirus protection

U.S. CISA adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog

App Stores OK’ed VPNs Run by China PLA

News alert: Seraphic launches BrowserTotal™ — a free AI-powered tool to stress test browser security

Work-from-Home Security Advice

ThreatLabz 2025 VPN Report: Why 81% of Organizations Plan to Adopt Zero Trust by 2026

Revolutionizing Cisco VPN Access with Duo SSO

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

VPNs and Trust

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Everyday Threat Modeling

Free VPN apps turn Android phones into criminal proxies

Voice Phishers Targeting Corporate VPNs

GUEST ESSAY: A new year, a familiar predicament — consumers face intensifying cybersecurity risks

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

Vulnerability in Popular VPN Software Could Lead to Crashes and Service Disruptions

A Deep Dive Into the Residential Proxy Service ‘911’

Popular Chrome Extensions Caught Leaking Sensitive User Data via Unencrypted HTTP

Get an Extra 20% Off a Lifetime of Powerful VPN Protection Through 4/7

When Security Becomes the Risk

How IT leaders were unprepared for the security challenges posed by COVID-19

This VPN Lets Anyone Use Your Internet Connection. What Could Go Wrong?

12 Online Resolutions for 2021

Industrial Systems at Risk: Lenze VPN Flaws Lead to Root/SYSTEM Access

How Does a VPN Work? A Comprehensive Beginner’s Overview

Differences in App Security/Privacy Based on Country

Supercharging Your Fortinet FortiGate VPN With Duo SSO

China’s Volt Typhoon botnet has re-emerged

Fireside chat: The inevitable replacement of VPNs by ‘ZTNA’ — zero trust network access

Cybersecurity During COVID-19

Check Point Warns of Hackers Targeting Its Remote Access VPN

Encrypted messaging service intercepted, 2.3 million messages read by law enforcement

Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

Stay Connected