Software and VPN - Cyber Security Informer

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Digital Shadows

MARCH 17, 2025

Key Findings Even years after their disclosure, VPN-related vulnerabilities like CVE-2018-13379 and CVE-2022-40684 remain essential tools for attackers, driving large-scale campaigns of credential theft and administrative control. How AI and automation are amplifying the scale and sophistication of VPN attacks.

VPN

VPN Authentication Ransomware Risk

China-linked actor’s malware DeepData exploits FortiClient VPN zero-day

Security Affairs

NOVEMBER 19, 2024

Chinese threat actors use custom post-exploitation toolkit ‘DeepData’ to exploit FortiClient VPN zero-day and steal credentials. Volexity researchers discovered a vulnerability in Fortinet’s Windows VPN client that China-linked threat actor BrazenBamboo abused in their DEEPDATA malware. ” reads the advisory.

VPN

VPN Malware Spyware Passwords

Do you actually need a VPN? Your guide to staying safe online!

Webroot

NOVEMBER 21, 2024

So maybe you’ve heard of VPNs but aren’t actually sure what they are. Simply put, a VPN creates a safe, anonymous pathway for the data you send and receive over a Wi-Fi network, allowing you to browse anonymously and access content as if you were in a different location. Do you really need a VPN for personal use? Why use a VPN?

VPN

VPN Antivirus Internet Internet

Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware

The Hacker News

MAY 25, 2025

Cybersecurity researchers have disclosed a malware campaign that uses fake software installers masquerading as popular tools like LetsVPN and QQ Browser to deliver the Winos 4.0 The campaign, first detected by Rapid7 in February 2025, involves the use of a multi-stage, memory-resident loader called Catena.

Malware

Malware VPN Software Cybersecurity

Cisco fixed tens of vulnerabilities, including an actively exploited one

Security Affairs

OCTOBER 24, 2024

is a Denial of Service (DoS) issue that impacts the Remote Access VPN (RAVPN) service of ASA and FTD. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. . Services that are not related to VPN are not affected.” ” continues the advisory.

VPN

VPN Firewall Passwords Software

Surfshark VPN Review (2023): Features, Pricing, and More

Tech Republic Security

JUNE 30, 2023

TechRepublic's review of VPN software Surfshark looks at pricing, features and pros and cons of the product. The post Surfshark VPN Review (2023): Features, Pricing, and More appeared first on TechRepublic.

VPN

VPN Software Cybersecurity

Hackers Were Inside Citrix for Five Months

Krebs on Security

FEBRUARY 19, 2020

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. Citrix’s letter was prompted by laws in virtually all U.S.

VPN

VPN Passwords Software Telecommunications

20 VPN subscriptions and bundles on sale now

Tech Republic Security

JULY 13, 2022

Keep your internet connection behind lock and key with these 20 VPN subscriptions and bundles offered through TechRepublic Academy. The post 20 VPN subscriptions and bundles on sale now appeared first on TechRepublic.

VPN

VPN Internet Internet Software

Microsoft Defender vs Bitdefender: Compare Antivirus Software

eSecurity Planet

MAY 27, 2025

per user per month) Bitdefender : Better for startups with over 10 employees, identity protection needs, and built-in VPN (starts at $6.33 Its features include identity protection features, a VPN, and a password manager. Bitdefenders SMB security features include identity exposure protection, a VPN, and a password manager.

Antivirus

Antivirus Software Small Business VPN

Vulnerability in Popular VPN Software Could Lead to Crashes and Service Disruptions

Penetration Testing

APRIL 15, 2024

A newly discovered vulnerability in Libreswan, a widely used open-source VPN (Virtual Private Network) software, could leave systems open to crashes and potential denial of service attacks, say researchers.

VPN

VPN Software Penetration Testing Risk

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

911 says its network is made up entirely of users who voluntarily install its “free VPN” software. In this scenario, users indeed get to use a free VPN service, but they are often unaware that doing so will turn their computer into a proxy that lets others use their Internet address to transact online. .

VPN

VPN Computers and Electronics Antivirus Software

More Than Two Million Stolen VPN Passwords Discovered

Security Boulevard

SEPTEMBER 20, 2024

million stolen VPN passwords have been compromised by malware in the past year, highlighting a growing risk for unauthorized access to secure networks, according to a Specops Software report. The post More Than Two Million Stolen VPN Passwords Discovered appeared first on Security Boulevard. More than 2.1

VPN

VPN Passwords Malware Software

Veeam Backup & Replication exploit reused in new Frag ransomware attack

Security Affairs

NOVEMBER 9, 2024

Veeam Backup & Replication is a comprehensive data protection and disaster recovery software developed by Veeam. Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software. Some of these VPNs were running unsupported software versions.”

Backups

Backups Ransomware VPN Accountability

Is Your Computer Part of ‘The Largest Botnet Ever?’

Krebs on Security

MAY 29, 2024

” The arrest coincided with the seizure of the 911 S5 website and supporting infrastructure, which the government says turned computers running various “free VPN” products into Internet traffic relays that facilitated billions of dollars in online fraud and cybercrime. government, they were unaware,” Leatherman said.

VPN

VPN Government Cybercrime Internet

Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack

The Hacker News

SEPTEMBER 3, 2024

A new malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN software to deliver a variant of the WikiLoader (aka WailingCrab) loader by means of a search engine optimization (SEO) campaign.

VPN

VPN Software Malware Engineering

The top 6 enterprise VPN solutions to use in 2023

Tech Republic Security

MAY 16, 2023

Enterprise VPNs are critical for connecting remote workers to company resources via reliable and secure links to foster communication and productivity. The post The top 6 enterprise VPN solutions to use in 2023 appeared first on TechRepublic. Read about six viable choices for businesses.

VPN

VPN Software

ProtonVPN vs. AtlasVPN (2023): Which VPN Should You Use?

Tech Republic Security

SEPTEMBER 26, 2023

Which VPN is better, ProtonVPN or AtlasVPN? Read our in-depth comparison to decide which one fits you in terms of pricing, key features and more.

VPN

VPN Software Network Security

MY TAKE: Surfshark boosts ‘DIY security’ with its rollout of VPN-supplied antivirus protection

The Last Watchdog

SEPTEMBER 13, 2021

Thus, Surfshark has just become the first VPN provider to launch an antivirus solution as part of its all-in-one security bundle Surfshark One. This development is part and parcel of rising the trend of VPN providers hustling to deliver innovative “DIY security” services into the hands of individual consumers.

Antivirus

Antivirus VPN Marketing Digital transformation

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 19, 2024

Veeam Backup & Replication is a comprehensive data protection and disaster recovery software developed by Veeam. Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software. Some of these VPNs were running unsupported software versions.”

Backups

Backups VPN Ransomware Authentication

This lifetime VPN for $40 can protect all of your devices

Tech Republic Security

MARCH 24, 2022

Stay safe while browsing with a VPN that goes with you and all your internet-connected electronics. The post This lifetime VPN for $40 can protect all of your devices appeared first on TechRepublic. Get a lifetime subscription on sale now.

VPN

VPN Internet Internet Software

How to install the NordLayer VPN client on Linux and connect it to a virtual network

Tech Republic Security

MAY 4, 2022

If you're looking to employ a solid VPN service for remote workers, NordLayer VPN is an outstanding option. The post How to install the NordLayer VPN client on Linux and connect it to a virtual network appeared first on TechRepublic. Find out how to install and use the client on both Ubuntu Desktop and Fedora 36.

VPN

VPN Software

Norton vs McAfee: Compare Antivirus Software 2025

eSecurity Planet

NOVEMBER 12, 2024

Aside from antivirus, Norton offers ransomware and hacking protection, privacy monitoring, and a VPN. Norton has multiple training videos and help articles for using the software, and it offers phone, email, and chat options for customer support. McAfee Essential offers web browsing protection, VPN, and identity monitoring.

Antivirus

Antivirus Software Identity Theft Spyware

Best Anti-Pharming Software For 2025

SecureBlitz

MARCH 12, 2025

Are you looking for the best anti-pharming software? Therefore, using reliable anti-pharming software is the best way to prevent this. The term pharming comes from combining two words: phishing because […] The post Best Anti-Pharming Software For 2025 appeared first on SecureBlitz Cybersecurity.

Software

Software Phishing Cybersecurity Antivirus

FBI, CISA Echo Warnings on ‘Vishing’ Threat

Krebs on Security

AUGUST 21, 2020

The advisory came less than 24 hours after KrebsOnSecurity published an in-depth look at a crime group offering a service that people can hire to steal VPN credentials and other sensitive data from employees working remotely during the Coronavirus pandemic. authenticate the phone call before sensitive information can be discussed.

VPN

VPN Social Engineering Authentication Engineering

The top 6 enterprise VPN solutions to use in 2023

Tech Republic Security

MAY 24, 2023

Enterprise VPNs are critical for connecting remote workers to company resources via reliable and secure links to foster communication and productivity. The post The top 6 enterprise VPN solutions to use in 2023 appeared first on TechRepublic. Read about six viable choices for businesses.

VPN

VPN Software

A zero-day in Atlas VPN Linux Client leaks users’ IP address

Security Affairs

SEPTEMBER 6, 2023

Experts warn of an Atlas VPN zero-day flaw impacting the Linux client that can reveal the user’s IP address by visiting a website. A Reddit user with the handle ‘Educational-Map-8145’ published a proof of concept exploit for a zero-day flaw in the Linux client of Atlas VPN.

VPN

VPN Education Authentication Engineering

SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN Tools

eSecurity Planet

MARCH 10, 2025

Over 2,000 users have been infected through seemingly harmless archives and installation instructions that urge victims to disable their security software, exposing their systems to persistent, hidden threats. Educating employees about the dangers of disabling security software and scrutinizing unsolicited installation instructions is vital.

VPN

VPN Antivirus Cryptocurrency Malware

Work-from-Home Security Advice

Schneier on Security

MARCH 19, 2020

If the organization is lucky, they will have already set up a VPN for remote access. Handing people VPN software to install and use with zero training is a recipe for security mistakes, but not using a VPN is even worse. Three, employees are more likely to access their organizational networks insecurely.

VPN

VPN Network Security Accountability Hacking

Adventures in Contacting the Russian FSB

Krebs on Security

JUNE 7, 2021

In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware. The FSB headquarters at Lubyanka Square, Moscow.

Antivirus

Antivirus VPN Encryption Malware

Free VPN apps on Google Play turned Android phones into proxies

Bleeping Computer

MARCH 26, 2024

Over 15 free VPN apps on Google Play were found using a malicious software development kit that turned Android devices into unwitting residential proxies, likely used for cybercrime and shopping bots. [.]

VPN

VPN Cybercrime Software Mobile

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

OCTOBER 25, 2024

is a Denial of Service (DoS) issue that impacts the Remote Access VPN (RAVPN) service of ASA and FTD. An attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device. Services that are not related to VPN are not affected.” in the open-source Roundcube webmail software.

VPN

VPN Firewall Technology Passwords

North Korean hackers exploit VPN update flaw to install malware

Bleeping Computer

AUGUST 5, 2024

South Korea's National Cyber Security Center (NCSC) warns that state-backed DPRK hackers hijacked flaws in a VPN's software update to deploy malware and breach networks. [.]

VPN

VPN Malware Software

Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client

The Hacker News

MARCH 8, 2024

Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to open a VPN session with that of a targeted user.

VPN

VPN Software

Free VPN apps turn Android phones into criminal proxies

Malwarebytes

APRIL 1, 2024

Researchers at HUMAN’s Satori Threat Intelligence have discovered a disturbing number of VPN apps that turn users’ devices into proxies for cybercriminals without their knowledge, as part of a camapign called PROXYLIB. Keep your online privacy yours by using Malwarebytes Privacy VPN.

VPN

VPN Advertising Mobile Marketing

Voice Phishers Targeting Corporate VPNs

Krebs on Security

AUGUST 19, 2020

But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees. The employee phishing page bofaticket[.]com. Image: urlscan.io. ” SPEAR VISHING.

Phishing

Phishing VPN Social Engineering Media

Treasury Sanctions Creators of 911 S5 Proxy Botnet

Krebs on Security

MAY 28, 2024

911 built its proxy network mainly by offering “free” virtual private networking (VPN) services. 911’s VPN performed largely as advertised for the user — allowing them to surf the web anonymously — but it also quietly turned the user’s computer into a traffic relay for paying 911 S5 customers.

VPN

VPN Banking Cybercrime Internet

Multiple malware used in attacks exploiting Ivanti VPN flaws

Security Affairs

FEBRUARY 1, 2024

Mandiant spotted new malware used by a China-linked threat actor UNC5221 targeting Ivanti Connect Secure VPN and Policy Secure devices. Mandiant researchers discovered new malware employed by a China-linked APT group known as UNC5221 and other threat groups targeting Ivanti Connect Secure VPN and Policy Secure devices.

VPN

VPN Malware Authentication Hacking

International law enforcement operation dismantled RedLine and Meta infostealers

Security Affairs

OCTOBER 29, 2024

. “Investigations into RedLine and Meta started after victims came forward and a security company notified authorities about possible servers in the Netherlands linked to the software. Update software : Keep your operating system, security software, and firewall up to date to patch vulnerabilities.

Identity Theft

Identity Theft Passwords Malware Banking

Zxyel Flaw Powers New Mirai IoT Botnet Strain

Krebs on Security

MARCH 20, 2020

In February, hardware maker Zyxel fixed a zero-day vulnerability in its routers and VPN firewall products after KrebsOnSecurity told the company the flaw was being abused by attackers to break into devices. Security experts at Palo Alto Networks said Thursday their sensors detected the new Mirai variant — dubbed Mukashi — on Mar.

IoT

IoT DDOS VPN Firewall

GUESST ESSAY: Cybercrime for hire: small businesses are the new bullseye of the Dark Web

The Last Watchdog

MAY 15, 2025

Cybercrime industrialized The dark web has become a marketplace where bad actors can buy tools and access with the ease of shopping for software. Many of these services exploit unpatched software flaws some disclosed years ago that remain active in business environments.

Small Business

Small Business Cybercrime Cyber Insurance Phishing

Cybersecurity During COVID-19

Schneier on Security

APRIL 7, 2020

If the organization is lucky, they will have already set up a VPN for remote access. Handing people VPN software to install and use with zero training is a recipe for security mistakes, but not using a VPN is even worse. Employees using unfamiliar software will get settings wrong and leave themselves open to breaches.

Cybersecurity

Cybersecurity VPN Scams Phishing

North Korea-linked APT Moonstone used Qilin ransomware in limited attacks

Security Affairs

MARCH 10, 2025

Moonstone Sleet threat actors target financial and cyberespionage victims using trojanized software, custom malware, malicious games, and fake companies like StarGlow Ventures and C.C. Additionally, they attempt to infiltrate organizations by posing as software developers seeking employment.

Ransomware

Ransomware VPN Healthcare Malware

How Does a VPN Work? A Comprehensive Beginner’s Overview

eSecurity Planet

AUGUST 27, 2024

A virtual private network (VPN) does more than just mask your identity—it fundamentally changes how your data moves across the internet. But what’s really going on under the hood when you browse the web using a VPN? Step 3: Data Transmission to the VPN Server The encrypted data is then transmitted to the VPN server.

VPN

VPN Encryption Internet Internet

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Security Affairs

SEPTEMBER 8, 2023

CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus.

VPN

VPN Firewall Accountability Cybersecurity

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

China-linked actor’s malware DeepData exploits FortiClient VPN zero-day

Trending Sources

Do you actually need a VPN? Your guide to staying safe online!

Hackers Use Fake VPN and Browser NSIS Installers to Deliver Winos 4.0 Malware

Cisco fixed tens of vulnerabilities, including an actively exploited one

Surfshark VPN Review (2023): Features, Pricing, and More

Hackers Were Inside Citrix for Five Months

20 VPN subscriptions and bundles on sale now

Microsoft Defender vs Bitdefender: Compare Antivirus Software

Vulnerability in Popular VPN Software Could Lead to Crashes and Service Disruptions

A Deep Dive Into the Residential Proxy Service ‘911’

More Than Two Million Stolen VPN Passwords Discovered

Veeam Backup & Replication exploit reused in new Frag ransomware attack

Is Your Computer Part of ‘The Largest Botnet Ever?’

Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack

The top 6 enterprise VPN solutions to use in 2023

ProtonVPN vs. AtlasVPN (2023): Which VPN Should You Use?

MY TAKE: Surfshark boosts ‘DIY security’ with its rollout of VPN-supplied antivirus protection

U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog

This lifetime VPN for $40 can protect all of your devices

How to install the NordLayer VPN client on Linux and connect it to a virtual network

Norton vs McAfee: Compare Antivirus Software 2025

Best Anti-Pharming Software For 2025

FBI, CISA Echo Warnings on ‘Vishing’ Threat

The top 6 enterprise VPN solutions to use in 2023

A zero-day in Atlas VPN Linux Client leaks users’ IP address

SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN Tools

Work-from-Home Security Advice

Adventures in Contacting the Russian FSB

Free VPN apps on Google Play turned Android phones into proxies

U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog

North Korean hackers exploit VPN update flaw to install malware

Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client

Free VPN apps turn Android phones into criminal proxies

Voice Phishers Targeting Corporate VPNs

Treasury Sanctions Creators of 911 S5 Proxy Botnet

Multiple malware used in attacks exploiting Ivanti VPN flaws

International law enforcement operation dismantled RedLine and Meta infostealers

Zxyel Flaw Powers New Mirai IoT Botnet Strain

GUESST ESSAY: Cybercrime for hire: small businesses are the new bullseye of the Dark Web

Cybersecurity During COVID-19

North Korea-linked APT Moonstone used Qilin ransomware in limited attacks

How Does a VPN Work? A Comprehensive Beginner’s Overview

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Stay Connected