Security News

It wasn't the best of New Year's Day mornings for some Check Point customers; in addition to possible hangovers, those who lagged with their patching had been left with inoperable systems and a tough fix ahead for some. On January 1, 2021, a certificate used for outdated Check Point Remote Access VPN clients and Endpoint services expired.

Zyxel has released a patch to address a critical vulnerability in its firmware concerning a hardcoded, undocumented secret account that could be abused by an attacker to login with administrative privileges and compromise its networking devices. The flaw, tracked as CVE-2020-29583, affects version 4.60 present in a wide-range of Zyxel devices, including Unified Security Gateway, USG FLEX, ATP, and VPN firewall products.

The global VPN market was valued at $25.41 Billion in 2019 and is projected to reach $75.59 Billion by 2027, growing at a CAGR of 14.7% from 2020 to 2027, Valuates Reports reveals. Major factors...

You should always lock your computer when you walk away. I'm a firm believer in locking your computer when you step away from it for any amount of time.

A VPN service used by many cybercriminals has been disrupted in a global operation that involved law enforcement agencies in Germany, the United States, the Netherlands, France and Switzerland. Europol reported on Tuesday that the operation targeted a service called Safe-Inet, and the U.S. Justice Department clarified that three associated domains have been seized, namely insorg.org, safe-inet.com and safe-inet.net.

Law enforcement agencies around the world in a coordinated effort took down and seized the infrastructure supporting Safe-Inet and Insorg VPN and proxy services known for catering to cybercriminal activity. In announcements made today, Europol and the U.S. Department of Justice say that these VPN services were "Used by some of the world's biggest cybercriminals."

Law enforcement agencies from the US, Germany, Netherlands, Switzerland, France, along with Europol's European Cybercrime Centre, announced today the coordinated takedown of Safe-Inet, a popular virtual private network service that was used to facilitate criminal activity. The service, which comes with support for Russian and English languages and has been active for over a decade, offered "Bulletproof hosting services" to website visitors, often at a steep price to the criminal underworld.

Australia's consumer watchdog launched legal action against Facebook on Wednesday, alleging the social media giant "Misled" thousands of Australians by collecting user data from a free VPN service advertised as private. The Australian Competition and Consumer Commission has accused Facebook and two of its subsidiaries - Facebook Israel and Onavo Inc - of misleading people who downloaded its virtual private network app Onavo Protect, by collecting and using their "Very detailed and valuable personal activity data".

D-Link is working on releasing firmware updates to address two command injection vulnerabilities that affect multiple VPN router models. Security researchers at Digital Defense identified a total of three vulnerabilities that affect several D-Link VPN routers, including authenticated and unauthenticated command injection flaws, and an authenticated crontab injection issue.

A vulnerability in D-link firmware powering multiple routers with VPN passthrough functionality allows attackers to take full control of the device. Reported by Digital Defense's Vulnerability Research Team on August 11, the flaw is a root command injection that can be exploited remotely if the device's "Unified Services Router" web interface is reachable over the public internet.