Researchers discovered that critical vulnerabilities are present in three popular VPN services. If cybercriminals leverage the weaknesses, they can obtain users’ real IP addresses and other sensitive data.
Today Virtual Private Network aka VPN, represent a great cybersecurity solution that will protect your online activities by encrypting your data and by obscuring your actual IP address.
VPN services are used by most people to hide their real IP addresses to bypass online censorship and access websites that are blocked by their ISPs.
But some VPNs will actually leak your sensitive data and real location.
These VPN services are: HotSpot Shield, PureVPN, and Zenmate – the biggest cybersecurity problem here is not the flaws present in each, the most significant cybersecurity problem is, in fact, the millions of customers worldwide that are left vulnerable.
For those who don’t remember… PureVPN is the same company that lied about having a ‘no log’ policy, and a few months ago helped the FBI with logs that lead to the arrest of a Massachusetts man in a cyberstalking case.
The same vulnerabilities can allow governments, hostile organizations, or cybercriminals to identify the actual IP address of a user.
It is essential for every user and company to add extra measures or cybersecurity not only a VPN service.
Every user must use only the best cybersecurity solution like an antivirus for Windows or an antivirus for Mac depending on which OS their device is running. Also, every company must go an extra step to obtain the best cybersecurity measure; this can be done by hiring a cybersecurity firm that will attack purpose company’s network to reveal the most destructive and dangerous flaws.
This kind of deliberate attacks is done through specialized cybersecurity tests like penetration test and ethical hacking tests.
Another three vulnerabilities were found in AnchorFree’s HotSpot Shield:
• (CVE-2018-7879) used to hijack all traffic — This vulnerability allowed remote hackers to hijack and redirect victim’s web traffic to a malicious site.
• (CVE-2018-7878) used for DNS leak — this DNS leak flaw can expose users’ original IP address to the DNS server.
• (CVE-2018-7880) used for Real IP Address leak — This flaw is a privacy threat to users because hackers can track user’s real location and the ISP.
Because we want you to stay safe and secured in front of vulnerabilities like this, we recommend implementing a robust cybersecurity solution into your devices like an antivirus for windows or antivirus for mac depending of which OS are your machines running. We also suggested that every company must hire a specialized cybersecurity firm that will perform various tests like a penetration test and various ethical hacking tests on company’s network to reveal if any network flaws are present.
For companies that exist 100% online, we recommend the using of cyber-secured web hosting services.