90 Percent Of Free VPNs Have Security Issues: Cyber Security Today for Friday, January 10, 2025

Share post:

90 Percent Of Free VPNs Have Security Issues,  Packers Fans are Victims of a Digital Interception That Captures Their Credit Card Info, Sonic Wall Urges Customers To Update To Fix Critical Vulnerability 

This is Cyber Security Today. I’m your host Jim Love.

90 Percent Of Free VPNs Have Security Issues

Demand for VPNs — virtual private networks — is skyrocketing. The global VPN market is now valued at $45 billion, driven by rising privacy concerns and internet restrictions around the world.

About 40% of users rely on VPNs to prevent tracking by search engines and social media. But there’s a hidden danger: free VPN services. Experts are warning that these free options could compromise your privacy and security.

A real-world example? Florida’s recent Pornhub ban. On January 1st, Pornhub began blocking access in Florida due to new age-verification laws. That led to a 1150% spike in VPN demand in the state between midnight and 4 a.m., as users scrambled to bypass the restriction. The problem? Many likely downloaded free VPN apps without realizing they come with serious security risks.

Reports from Kaspersky, PCMag UK, and Fox News’ CyberGuy Kurt Knutsson highlight those risks. Free VPNs often share your data with third parties, use weak encryption, and can even leak your information. Some turn your device into a proxy for cybercriminals. The 911 S5 botnet hijacked 19 million devices worldwide using free VPNs like MaskVPN and ShineVPN, turning them into tools for fraud and phishing attacks.

The moral of the story? We need to get the message out. Don’t trust free VPNs. CyberGuy Knutsson says it best: “Free VPNs aren’t really free. You’re paying with your data and security.” Instead, invest in a trusted, paid VPN service with strong encryption protocols and clear privacy policies.

Packers Fans are VIctims of a Digital Interception That Captures Their Credit Card Info

Fans of the Green Bay Packers may have had more than just their team’s performance to worry about last fall. The team’s online Pro Shop fell victim to a payment skimmer attack, compromising credit card information from over 8,500 fans.

So, what exactly is a payment skimmer? It’s malicious code that cybercriminals inject into a website’s checkout page. When users enter their payment details, the skimmer secretly captures and sends that data to the attacker. In this case, names, addresses, emails, and full payment card information were stolen — though gift card, PayPal, and Amazon Pay users weren’t affected.

The attack occurred in two short windows between September and October 2024. According to Sansec, a Dutch e-commerce security firm, the attackers exploited a vulnerability in the Pro Shop’s third-party hosting provider to insert malicious JavaScript code, allowing them to bypass security policies and exfiltrate user data.

The Packers aren’t alone. Experts say Magecart-style attacks — a term for skimmer attacks on e-commerce sites — are on the rise, especially during busy shopping periods. Sports teams may be prime targets because of their loyal fan bases and heavy online traffic.

Javvad Malik, a security advocate with KnowBe4, said attackers go after low-hanging fruit, exploiting vulnerabilities in third-party systems that businesses often overlook. Smaller organizations, including those used by sports teams, often have fewer resources for comprehensive cybersecurity.

The Packers acted quickly by taking the Pro Shop offline, but experts warn that digital skimmers are hard to detect and require proactive security measures. Businesses must conduct regular security audits, implement robust content security policies, and monitor for unusual code or behavior patterns to prevent future attacks.

“SonicWall Warns of Critical Firewall Vulnerability in SonicOS”

SonicWall is urging customers to immediately patch a critical vulnerability in its SonicOS firmware, warning that the flaw is “susceptible to actual exploitation.” The vulnerability, tracked as CVE-2024-53704, affects the company’s SSL VPN and SSH management tools and has a CVSS score of 8.2, marking it as high severity.

In an email to customers, SonicWall said users with SSL VPN or SSH management enabled should consider themselves at imminent risk if they don’t upgrade their firewalls. The company recommends updating to the latest SonicOS firmware versions, which were made available on January 7th.

The vulnerability affects a range of devices, including Gen 6, Gen 6.5, Gen 7, and TZ80 firewalls. Customers using unpatched devices risk attackers bypassing authentication controls, potentially giving them unauthorized access to internal networks. Once inside, attackers could steal sensitive data, deploy malware, or launch ransomware attacks.

For customers who can’t patch immediately, SonicWall offered temporary mitigations. The company recommends limiting SSL VPN and SSH access to trusted sources only or disabling Internet access to these services until the firmware is updated.

Authentication bypass vulnerabilities are a serious threat because they can allow unauthorized access without needing credentials. SonicWall’s warning indicates that exploitation of this vulnerability is likely to happen quickly if firewalls remain unpatched. Cybersecurity experts say that firewall vulnerabilities should be prioritized in patch management practices, as they are often a gateway for larger attacks.

That’s our show for today. You can find links in our show notes at technewsday.com or .ca — take your pick. You can reach me with comments, questions, or tips at editorial@technewsday.ca. 

I’m your host Jim Love. Thanks for listening. 

 

SUBSCRIBE NOW

Related articles

Social Media Fraud Focuses Attacks On Truth Social: Cyber Security Today Weekend for January 18, 2025

Unmasking Social Media Scams: An Interview with Netcraft's Robert Duncan In this weekend edition of 'Cybersecurity Today,' host Jim...

Can Canada Get It’s Mojo Back? An Exclusive Interview With Jim Balsillie for Hashtag Trending

In this episode of the series, 'Can Canada Get Its Mojo Back?', host Jim Love explores the economic...

Microsoft Ends Support for Office 365 Apps on Windows 10: Hashtag Trending for Friday, January 17, 2025

Microsoft announces they won’t support  Office 365 on Windows 10, D-Wave achieves a quantum computing milestone, TikTok prepares...

Hackers Mount High Speed Microsoft 365 Attack: Cyber Security Today – January 17, 2025

Hackers exploit a high-speed Go library to target Microsoft 365 accounts worldwide, North Korea’s Lazarus group lures developers...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways