90 percent of free VPNs have security issues. Packers fans are victims of a digital interception that captures their credit card info and SonicWall urges customers to update to fix critical vulnerabilities. This is cybersecurity today. I'm your host, Jim Love. Demand for VPNs, virtual private networks is skyrocketing. The global VPN market is now valued at 45 billion, driven by rising privacy concerns and internet restrictions around the world.
About 40 percent of users rely on VPNs to prevent tracking by search engines and social media. But there's a hidden danger. Free VPN services. Experts are warning that these free options could compromise your privacy and your security. A real world example? Florida's recent Pornhub ban. On January 1st, Pornhub began blocking access in Florida due to new age verification laws.
That led to a 1, 150 percent spike in VPN demand in the state between midnight and 4am as users scrambled to bypass the restriction. The problem, many likely downloaded free VPN apps without realizing they come with serious security risks. Free VPNs often share your data with third parties. They use weak encryption. They can even leak your information. Some turn your device into a proxy for cybercriminals.
The 911S5 botnet hijacked nineteen million devices worldwide using free VPNs, like Mask VPN and Shine VPN, turning them into tools for fraud and phishing attacks. Free VPNs are a danger, even when they are the ones downloaded through app stores and proper sources, the moral of the story, and we need to get the message out, don't trust free VPNs. Cyber guy Knudsen says it best free VPNs aren't really free. You're paying with your data and your security.
Instead, invest in a trusted paid VPN service with strong encryption protocols and clear privacy policies. Fans of the Green Bay Packers may have more than just their team's performance to worry about last fall. The team's online pro shop fell victim to a payment skimmer attack, compromising credit card information from over 8, 500 fans. For those who don't know, a payment skimmer is malicious code that cyber criminals inject into a website's checkout page.
When users enter their payment details, the skimmer secretly captures and sends that data to the attacker. In this case, names, addresses, emails, and full payment card information were stolen. Although gift card, PayPal, and Amazon Pay users apparently were not affected. The attack occurred in two short windows between September and October, 2024.
According to Sansec, a Dutch e commerce security firm, the attackers exploited a vulnerability in the ProShop's third party hosting provider to insert malicious JavaScript code, allowing them to bypass security policies and exfiltrate user data. The Packers aren't alone. Experts say that mage cart style attacks, a term for skimmer attacks on e commerce sites, are on the rise, especially during busy shopping periods.
Sports teams may be prime targets because of their loyal fan bases and heavy online traffic, and sometimes the urgency just to get those tickets. Javed Malik, a security advocate with KnowBe4 said, attackers go after low hanging fruit, exploiting vulnerabilities in third party systems that businesses overlook. Smaller organizations, including those used by sports teams, often have fewer resources for comprehensive cybersecurity.
Packers acted quickly by taking the pro shop offline, but experts warn that digital skimmers are hard to detect and require proactive security measures. Businesses must conduct regular security audits, implement robust content security policies, and monitor for unusual code or behavior patterns to prevent future attacks. And finally, SonicWall is urging customers to immediately patch a critical vulnerability in its SonicOS firmware, warning that the flaw is susceptible to actual exploitation.
The vulnerability tracked as CVE 2024 53704 affects the company's SSL, VPN, and SSH management tools and has a CVSS score of 8. 2, marking it as high severity. In an email to customers, SonicWall said users with SSL VPN or SSH management enabled should consider themselves at imminent risk if they don't upgrade their firewalls. The company recommends updating to the latest Sonic OS firmware versions, which were made available on January 7th.
The vulnerability affects a range of devices including Gen 6, Gen 6. 5, Gen 7 and TZ80 firewalls. Customers using unpatched devices risk attackers bypassing authentication controls, potentially giving them unauthorized access to internal networks. Once inside, the attackers could steal sensitive data, deploy malware, or launch ransomware attacks. For customers who can't patch immediately, SonicWall offered temporary mitigations.
The company recommends limiting SSL VPN and SSH access to trusted sources only, or disabling internet access to these services until the firmware is updated. Authentication bypass vulnerabilities are a serious threat because they can allow unauthorized access without needing credentials. SonicWall's warning indicates the exploitation of this vulnerability is likely to happen quickly if firewalls remain unpatched.
Cybersecurity experts say that firewall vulnerabilities should be prioritized in patch management practices as they are often a gateway for larger attacks. And that's our show for today. You can find links in the show notes at technewsday. com or ca. Take your pick. You can reach me with comments, questions, or tips at editorial at technewsday. ca. We've got a great weekend show for you. Our weekend panel is back with a look at 2025. I think you'll enjoy it.
I'm your host, Jim Love. Thanks for listening.