Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Popular VPNs Exposed Users to Attacks

Written by  May 06, 2020

Researchers analysed some of the most popular VPNs and discovered that two of them were affected by vulnerabilities that could be exploited to hack users’ devices.

VPNpro, a company that specialises in analysing and comparing VPN services, analysed the 20 most popular VPNs to see which of them allow attackers to intercept communications and push fake updates.

The analysis revealed that PrivateVPN and Betternet VPNs were vulnerable to these types of attacks. Both vendors were notified in mid-February and they have released patches that should prevent attacks.

The analysis revealed that PrivateVPN, Betternet, TorGuard and CyberGhost allowed an attacker to intercept the connection, and the VPN connected while being intercepted. However, only PrivateVPN and Betternet downloaded a fake update, and PrivateVPN even executed the update automatically. Betternet did not automatically execute the update, but prompted the user to update the app, which in many cases would also likely lead to execution of the fake update.

Advertisement


According to VPNpro, a man-in-the-middle (MitM) attacker could have intercepted the targeted user’s VPN connection and pushed a fake software update. In the most likely scenarios, the attacker convinces the victim to connect to a malicious Wi-Fi network in a public location, or they somehow gain access to the target’s router.

The malicious software update could have unleashed a piece of malware on the victim’s device. This includes ransomware or malware designed to steal sensitive information, abuse the compromised device for cryptocurrency mining, or add the device to a botnet.


Carl Perkins

A security tech expert, Carl specialises in IT Security having worked in the field for over 10 years and has previous Tech admin roles to his credit. He is very experienced and his contribution is invaluable to us.

Contributors

We would like to invite IT Security Professionals from the UK to join our other contributors in providing high quality articles for our website.

To enhance IT Security Centres credentials and to offer an opportunity for other IT Professionals and IT Companies to share their work, information and ideas.

We are always happy to hear from other IT Security Professionals and look forward to your incite. please contact us for more information.

Popular News

Jun 13, 2020 IT Security News

Microsoft announces major issue in Windows 10 June 2020 updates

On 9th June, 2020, Microsoft released cumulative updates for supported versions of Windows 10 including version 2004, ve...

Jun 12, 2020 Cyber Security

NHS email service fooled users in phishing attack

NHS Digital is contacting users of its NHSmail email system after a small number of mailboxes were compromised in a gene...

Jul 23, 2020 Cyber Security

Many cyber attacks on UK sports industry says report

At large percentage of sporting institutions, organisations and teams in the UK have suffered a security incident in the...

Jun 12, 2020 IT Security News

100,000 cheap wireless cameras sold in the UK are vulnerable to hacking

Consumer advocacy organisation Which? has issued a warning over the security of wireless camera brands made by China-bas...

Jun 25, 2020 IT Security News

NCSC catch a million phish

The National Cyber Security Centre has received the millionth submission to its Suspicious Email Reporting Service. ...

Jun 11, 2020 IT Security News

UK government still can’t decide how NHS contact tracing app should work

A new report today says that the UK government still hasn’t decided exactly how its NHS contact tracing app should wor...

Jun 10, 2020 IT Security News

Is your boss spying on you whilst you are homeworking?

The recent worldwide move to working from home has caused concern amongst employers.

Jun 27, 2020 IT Security News

Apple devices to get encrypted DNS

Apple this year will boldly go where its peers have gone before by implementing support for encrypted DNS in iOS and mac...

Jun 12, 2020 Cyber Security

Cybersecurity in the shortsighted gig economy

The ‘gig’ economy encompasses the increasing economic trend for professionals to take on a series of temporary work ...

Jun 16, 2020 Internet of Things

Ripple20 Bug Exposes Millions of IoT Devices

Exactly how many of the devices that include Ripple20 bugs are directly hackable via the internet remains far from clear...

Jun 11, 2020 Cyber Security

UK government to fund nine cyber security projects

The government is to invest £10m through March 2024 from various sources to fund nine academic cyber security projects ...

Jul 03, 2020 IT Security News

Increasing number of UK business PCs are vulnerable

A rising number of business PCs are at risk of malware infections, according to a new report from cybersecurity firm Ava...

Jun 12, 2020 IT Security News

Good reasons to use a proxy server

A proxy server – is a computer on the internet which acts as a middle-man between your computer and the website or ser...

Jul 21, 2020 IT Security News

Businesses underestimate disruptive auto bot traffic

Business leaders say about 15% of their web application resources are taken up in dealing with the impact of automated b...

Jun 12, 2020 IT Security News

Apple hardens security in macOS Catalina

Apple added new security-related features to iOS 13, and the company is not missing out on the opportunity to do the sam...

Jul 21, 2020 Cyber Security

UK number two country for targeted cyberattacks

The UK is the second most frequent target of “serious” cyberattacks, according to a new report from cybersecurity fi...

Advertisement
Symantec Home 120x60

Advertisement