Free VPN Leaks Customer Data in Another Data Breach: 360 Million Users Affected
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
SuperVPN, a free to download VPN service, has once again exposed sensitive information of its unsuspecting users, reveals a new research report by vpnMentor. The massive data leak of 360,308,817 users was related to the non-password protected database associated with the free VPN service provider.
The publicly available data contained email addresses, device, geolocation information, original IP address, users’ web activities, UUID numbers and transaction details. When accessed by a threat actor, it exposes the unsuspecting victim to major security threats including identity theft, phishing scams, and denial of service (DoS) attack.
The report further revealed that two apps with the name ‘’SuperVPN’’ were found officially on both Apple App store and Google Play store and had millions of downloads worldwide. These two apps with quite similar logos were registered under different developer’s names but its links to China was observed. In addition to notes in Mandarin, the database was seen to have references to companies, Changsha Leyou Baichuan Network Technology Co., and Qingdao Leyou Hudong Network Technology Co.
Neither company responded to queries regarding ownership or location, which further raised questions about security and transparency; issues generally associated with free VPNs.
This is not the first time that SuperVPN has been associated with customer data leak. Since 2020, the company has come under the radar of cybersecurity researchers and journalists regarding security vulnerabilities in its apps.
Despite these concerns, a rise in free VPN usage has been noticed due to increasing online privacy and security concerns. Thus, before choosing a free VPN, it is important that users thoroughly investigate and research the VPN that best fulfills their requirements while keeping them safe online.
Barracuda Urges Customers to Replace the Vulnerable ESG Appliances
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
Data protection and enterprise security company, Barracuda Networks urged customers affected by the zero-day vulnerability to immediately replace ESG hardware and virtual appliances.
In its June 1 advisory , Barracuda disclosed that the vulnerability was found in a module which initially scans incoming email attachments. Upon discovery, immediate security patches were issued, along with the deployment of a script to contain and counter the unauthorized access attacks.
However, in a sudden move, the company issued a replacement advisory. Reasons behind the announcement was not disclosed, it can be assumed that the malware’s effect on the now patched vulnerable devices is at a much deeper level.
‘’The pivot from patch to total replacement of affected devices is fairly stunning and implies the malware the threat actors deployed somehow achieves persistence at a low enough level that even wiping the device wouldn’t eradicate attacker access,’’ noted Rapid7 in its investigation of exploited physical ESG devices.
According to the company’s latest report, the flaw (CVE-2023-2868) which was present in its ESG versions 5.1.3.001-9.2.0.006 was being exploited as early as October 2022. This flaw allowed threat actors to access a subset of ESG appliances.
Different modules of the malware were found during investigation. Dubbed, Seaspy, Saltwater and Seaside, the trojans have the capability to create persistence (backdoor access), upload or download files, establish a reverse shell, and run commands.
‘’Evidence of data exfiltration was identified on a subset of impacted appliances,’’ noted the advisory.
The company is yet to confirm the actual number of affected customers as it is still continuing with the investigation. Meanwhile, to mitigate risks, Barracuda has announced full replacement of affected devices and urged customers to investigate their network environment and rotate ESG device credentials.
