Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Popular VPNs Exposed Users to Attacks

Written by  May 06, 2020

Researchers analysed some of the most popular VPNs and discovered that two of them were affected by vulnerabilities that could be exploited to hack users’ devices.

VPNpro, a company that specialises in analysing and comparing VPN services, analysed the 20 most popular VPNs to see which of them allow attackers to intercept communications and push fake updates.

The analysis revealed that PrivateVPN and Betternet VPNs were vulnerable to these types of attacks. Both vendors were notified in mid-February and they have released patches that should prevent attacks.

The analysis revealed that PrivateVPN, Betternet, TorGuard and CyberGhost allowed an attacker to intercept the connection, and the VPN connected while being intercepted. However, only PrivateVPN and Betternet downloaded a fake update, and PrivateVPN even executed the update automatically. Betternet did not automatically execute the update, but prompted the user to update the app, which in many cases would also likely lead to execution of the fake update.

Advertisement


According to VPNpro, a man-in-the-middle (MitM) attacker could have intercepted the targeted user’s VPN connection and pushed a fake software update. In the most likely scenarios, the attacker convinces the victim to connect to a malicious Wi-Fi network in a public location, or they somehow gain access to the target’s router.

The malicious software update could have unleashed a piece of malware on the victim’s device. This includes ransomware or malware designed to steal sensitive information, abuse the compromised device for cryptocurrency mining, or add the device to a botnet.


Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Advertisement

Popular News

May 06, 2020 IT Security News

Popular VPNs Exposed Users to Attacks

Researchers analysed some of the most popular VPNs and discovered that two of them were affected by vulnerabilities that...

May 19, 2020 IT Security News

EasyJet data breach: Over 9 million customers affected

The personal data of over 9 million EasyJet customers has been infiltrated by hackers, including over 2,000 users' credi...

May 22, 2020 Cyber Security

EasyJet will be sued over customer data breach

Legal firm PGMBM, a specialist in group legal action, has issued a class action claim under Article 82 of the General Da...

Mar 27, 2020 Cyber Security

Hospitals worldwide offered free security software

As cyberattacks against hospitals surge during the coronavirus crisis, technology companies are stepping up to alleviate...

May 18, 2020 Cyber Security

UK power grid operator Elexon hit by cyberattack

The UK’s power grid middleman Elexon has announced it has fallen victim to a cyberattack, which did not compromise pow...

May 05, 2020 Cyber Security

The importance of cybersecurity for UK businesses

Technology is constantly changing and at a pace which is hard to keep up with, but 'safety first' always applies. ...

May 11, 2020 Cloud Security News

Tips to help secure your cloud data in the UK

In this digital age, it’s not a great idea to trust someone with your sensitive data. ...

Apr 01, 2020 IT Security News

Online privacy is all but gone, say Brits

Nearly 80% of UK consumers believe they have lost any real control over how their personal data is collected and used by...

Apr 10, 2020 IT Security News

The importance of security for UK office printers

When it comes to digital security, we tend not to think about printers as they are often seen as dumb devices with a few...

May 07, 2020 Cyber Security

Three quarters of UK homeworkers haven't received cybersecurity training

As Covid-19-related cybersecurity threats continue to multiply, three in four of home workers are yet to receive any cyb...

May 14, 2020 IT Security News

Windows 10 is getting DNS over HTTPS (DoH) support

DNS is one of the last protocols that still runs unencrypted on the Internet. ...

Apr 11, 2020 IT Security News

Tips for testing an IT security experts worth in the UK

There is no shortage of people presenting themselves as security experts. Some of them truly are, the others may or may ...

May 20, 2020 IT Security News

To VPN or not to VPN for business users

It’s a question many organisations are asking as they work to provide secure and reliable remote access at scale. ...

Apr 07, 2020 IT Security News

Eighty per cent of exposed Exchange servers remain unpatched

Over 350,000 Microsoft Exchange servers have not been patched against the CVE-2020-0688 post-auth remote code execution ...

Apr 22, 2020 IT Security News

Kaspersky shares 10 security and privacy tips when using Zoom

The recommendations from Kaspersky come following recent concerns regarding Zoom's security and privacy. ...

Apr 17, 2020 Cyber Security

SonicWall launches boundless cyber security platform

SonicWall has released a new boundless cyber security platform to protect companies and government agencies remote workf...

Advertisement
Symantec Home 120x60

Advertisement