90 Percent of Free VPNs Have Security Weaknesses: Cyber Security Today for Friday, January 10, 2025 - Cybersecurity Today

Summary5 min read

Cybersecurity Today: Episode Summary – “90 Percent of Free VPNs Have Security Weaknesses”
Release Date: January 10, 2025
Host: Jim Love

In this episode of Cybersecurity Today, host Jim Love delves into the pervasive security vulnerabilities associated with free Virtual Private Networks (VPNs), examines a significant data breach affecting Green Bay Packers fans, and highlights a critical vulnerability in SonicWall’s firmware. The discussion offers valuable insights for businesses and individuals striving to navigate the increasingly complex cybersecurity landscape.

1. The Hidden Dangers of Free VPNs

Surge in VPN Demand and Risks of Free Services

Jim Love opens the episode by addressing the skyrocketing demand for VPNs, attributing the global VPN market's valuation of $45 billion to growing privacy concerns and increasing internet restrictions worldwide. He states, “About 40% of users rely on VPNs to prevent tracking by search engines and social media” (00:03).

However, Love warns of the inherent dangers in opting for free VPN services. Free VPNs often come with significant security weaknesses that can compromise users' privacy and safety. These services may share user data with third parties, employ weak encryption, and even leak sensitive information. In some cases, free VPNs can turn users' devices into proxies for cybercriminal activities.

Real-World Implications: Florida’s Pornhub Ban

Citing Florida’s recent ban on Pornhub as a case study, Love explains how the enforcement of new age verification laws led to a dramatic 1,150% increase in VPN demand overnight (00:03). Many users likely turned to free VPNs to bypass the restrictions, unknowingly exposing themselves to security risks.

Expert Insights and Recommendations

Cybersecurity expert Knutson emphasizes the precariousness of free VPNs: “Free VPNs aren't really free. You're paying with your data and your security” (00:03). Knutson advises investing in reputable paid VPN services that offer robust encryption protocols and transparent privacy policies to ensure user safety.

2. Data Breach at Green Bay Packers’ Online Pro Shop

Details of the Breach

The episode transitions to discussing a significant data breach that impacted over 8,500 fans of the Green Bay Packers. Last fall, the team’s online pro shop was compromised by a payment skimmer attack, resulting in the theft of credit card information, including names, addresses, emails, and full payment card details. Notably, users who utilized gift cards, PayPal, and Amazon Pay remained unaffected (00:03).

Mechanism of the Attack

Jim Love explains that a payment skimmer involves malicious code injected into a website’s checkout page. This code captures and transmits user-entered payment details to cybercriminals. In this instance, Sansec, a Dutch e-commerce security firm, revealed that the attackers exploited a vulnerability in the pro shop’s third-party hosting provider. By inserting malicious JavaScript code, they bypassed security measures to exfiltrate user data.

Rise of Magecart-Style Attacks

The discussion highlights a broader trend of Magecart-style attacks—skimmer attacks targeting e-commerce sites—especially during peak shopping periods. Security advocate Javid Malik from KnowBe4 comments, “Attackers go after low hanging fruit, exploiting vulnerabilities in third-party systems that businesses overlook” (00:03). Malik points out that smaller organizations, including sports teams, often lack the resources for comprehensive cybersecurity, making them attractive targets.

Preventative Measures

In response to the breach, the Packers promptly took their Pro Shop offline. Experts advise that combating digital skimmers requires proactive security strategies, including regular security audits, robust content security policies, and vigilant monitoring for unusual code or behavior patterns to prevent future attacks.

3. Critical Vulnerability in SonicWall Firmware

Overview of the Vulnerability

Jim Love brings attention to a critical security flaw identified in SonicWall’s Sonic OS firmware, designated as CVE-2024-53704. With a CVSS score of 8.2, this vulnerability poses a high severity risk, particularly affecting SSL, VPN, and SSH management tools (00:03).

Potential Exploitation and Recommendations

SonicWall has issued an urgent advisory urging customers to patch the vulnerability immediately to prevent unauthorized access to internal networks. Love quotes SonicWall’s warning: “Users with SSL, VPN or SSH management enabled should consider themselves at imminent risk if they don't upgrade their firewalls” (00:03). The company has released updated firmware versions on January 7th, applicable to Gen 6, Gen 6.5, Gen 7, and TZ80 firewalls.

For organizations unable to apply the patches immediately, SonicWall recommends temporary mitigations, such as limiting SSL, VPN, and SSH access to trusted sources or disabling internet access to these services until updates are implemented.

Implications of Authentication Bypass

Authentication bypass vulnerabilities like CVE-2024-53704 are particularly dangerous as they allow attackers to gain unauthorized access without needing credentials. Love underscores the urgency: “The exploitation of this vulnerability is likely to happen quickly if firewalls remain unpatched” (00:03).

Expert Advice on Firewall Security

Cybersecurity experts emphasize that firewall vulnerabilities should be a top priority in patch management practices. A compromised firewall can serve as a gateway for more extensive cyber-attacks, including data theft, malware deployment, and ransomware attacks. Regular updates and vigilant security practices are essential to safeguard against such threats.

Conclusion

Jim Love wraps up the episode by reiterating the critical importance of choosing secure VPN services, safeguarding e-commerce platforms against skimmer attacks, and promptly addressing firmware vulnerabilities in security infrastructure. By staying informed and adopting proactive cybersecurity measures, businesses and individuals can better protect themselves in an increasingly hazardous digital environment.

For more detailed information and resources discussed in this episode, listeners are encouraged to visit the show notes at technewsday.com or CA. Engage with Jim Love by sharing comments, questions, or tips at editor@echnewsday.ca.

Key Takeaways:

Free VPNs are Risky: Free VPN services often compromise user security and privacy by sharing data, using weak encryption, and potentially turning devices into proxies for cybercriminals.
E-commerce Vulnerabilities: Payment skimmer attacks pose significant threats to online businesses, especially those with large, loyal customer bases like sports teams. Regular security audits and robust policies are essential for prevention.
Urgent Patch Management: Critical vulnerabilities in firewall firmware, such as SonicWall’s CVE-2024-53704, require immediate attention to prevent unauthorized access and potential large-scale cyber-attacks.

By addressing these key areas, listeners can enhance their understanding of current cybersecurity challenges and implement strategies to mitigate risks effectively.

Loading summary

Transcript1 lines

[00:03]
Jim Love
Ninety percent of free VPNs have security issues. Packers fans are victims of a digital interception that captures their credit card info, and SonicWall urges customers to update to fix critical vulnerabilities. This is Cybersecurity Today. I'm your host Jim love. Demand for VPNs Virtual Private Networks is skyrocketing. The global VPN market is now valued at $45 billion, driven by rising privacy concerns and Internet restrictions around the world. About 40% of users rely on VPNs to prevent tracking by search engines and social media. But there's a hidden danger. Free VPN services experts are warning that these free options could compromise your privacy and your security. A real world example Florida's recent Pornhub ban. On January 1st, Pornhub began blocking access in Florida due to New Age verification laws. That led to a 1,150% spike in VPN demand in the state between midnight and 4am as users scrambled to bypass the restriction. The problem? Many likely downloaded free VPN apps without realizing they come with serious security risks. Free VPNs often share your data with third parties. They use weak encryption. They can even leak your information. Some turn your device into a proxy for cybercriminals. The 911S5 botnet hijacked 19 million devices worldwide using free VPNs like Mask VPN and and ShineVPN, turning them into tools for fraud and phishing attacks. Free VPNs are a danger even when they are the ones downloaded through app stores and proper sources. The moral of the story and we need to get the message out don't trust free VPNs cyber guy Knutson says it best free VPNs aren't really free. You're paying with your data and your security. Instead, invest in a trusted paid VPN service with strong encryption protocols and clear privacy policies. Fans of the Green Bay packers may have more than just their team's performance to worry about. Last fall, the team's online pro shop fell victim to a payment skimmer attack, compromising credit card information from over 8,500 fans. For those who don't know, a payment skimmer is malicious code that cybercriminals inject into a website's checkout page. When users enter their payment details, the skimmer secretly captures and sends that data to the attacker. In this case, names, addresses, emails, and full payment card information were stolen, Although gift card, PayPal, and Amazon Pay users apparently were not affected. The attack occurred in two short windows between September and October 2024. According to Sansec, a Dutch e commerce security firm, the attackers exploited a vulnerability in the pro shop's third party hosting provider to insert malicious JavaScript code, allowing them to bypass security policies and exfiltrate user data. The packers aren't alone. Experts say that mage cart style attacks, a term for skimmer attacks on e commerce sites, are on the rise, especially during busy shopping periods. Sports teams may be prime targets because of their loyal fan bases and heavy online traffic and sometimes the urgency just to get those tickets. Javid Malik, a security advocate with KnowBe4, said attackers go after low hanging fruit, exploiting vulnerabilities in third party systems that businesses overlook. Smaller organizations, including those used by sports teams, often have fewer resources for comprehensive cybersecurity. The packers acted quickly by taking the Pro Shop offline, But experts warn that digital skimmers are hard to detect and require proactive security measures. Businesses must conduct regular security audits, implement robust content security policies, and monitor for unusual code or behavior patterns to prevent future attacks. And finally, SonicWall is urging customers to immediately patch a critical vulnerability in its Sonic OS firmware, warning that the flaw is susceptible to actual exploitation. The Vulnerability, tracked as CVE2024-53704, affects the company's SSL, VPN and SSH management tools and has a CVSS score of 8.2, marking it as high severity. In an email to customers, Sonicwall said users with ssl, VPN or SSH management enabled should consider themselves at imminent risk if they don't upgrade their firewalls. The company recommends updating to the latest Sonic OS firmware versions, which were made available on January 7th. The vulnerability affects a range of devices, including Gen 6, Gen 6.5, Gen 7 and TZ80 firewalls. Customers using unpatched devices risk attackers bypassing authentication controls, potentially giving them unauthorized access to internal networks. Once inside, the attackers could steal sensitive data, deploy malware, or launch ransomware attacks. For customers who can't patch immediately, SonicWall offered temporary mitigations. The company recommends limiting SSL, VPN and SSH access to trusted sources only, or disabling Internet access to these services until the firmware is updated. Authentication bypass vulnerabilities are a serious threat because they can allow unauthorized access without needing credentials. Sonicwall's warning indicates the exploitation of this vulnerability is likely to happen quickly if firewalls remain unpatched. Cybersecurity experts say that firewall vulnerabilities should be prioritized in patch management practices, as they are often a gateway for larger attacks and that's our show for today. You can find links in the show notes@technewsday.com or CA. Take your pick. You can reach me with comments, questions or tips@editorechnewsday.ca We've got a great weekend show for you. Our weekend panel is back with a look at 2025. I think you'll enjoy it. I'm your host, Jim Love. Thanks for listening.