• A new VPN security vulnerability could affect as many as 800,000 internet-accessible SonicWall VPN appliances. 
  • According to researchers, the bug can allow a denial of service cyberattack and crash services, creating widespread damage. 
  • SonicWall VPN users should install the recently released SonicWall patches to eliminate their risk of attackers gaining access. 
  • For more information, contact the Identity Theft Resource Center toll-free at 888.400.5530 or live-chat with an advisor on the company website. 

A virtual private network (VPN) is a tool used by many businesses and consumers and is more important now than ever with so many people working from home. It is a digital tool that helps keep hackers, identity thieves, spammers and even advertisers from seeing someone’s online activity. According to ZDNet, a recently discovered VPN security vulnerability could affect as many as 800,000 internet-accessible SonicWall VPN appliances. 

What Happened 

Infosecurity Magazine says researchers found a vulnerability in the SonicWall’s Network Security Appliance (NSA). An NSA is used as a firewall and VPN portal to filter, control and allow employees to access internal and private networks.  

How It Can Impact You 

Researchers claim the bug can allow a denial of service attack and crash services, creating widespread damage. SonicWall says the CVSS risk score of the VPN vulnerability is 9.4 out of 10, and the bug can be remotely executed without requiring the attacker to have the credentials needed to access the VPN. VPN systems continue to be targeted by attackers looking to take advantage of the large number of remote workers who rely on them.  

What You Need to Do 

SonicWall says, right now, they are not aware of an exploited bug or if the VPN security vulnerability has impacted any customers. However, SonicWall recently released patches for the vulnerability. Customers affected should patch their VPNs to eliminate the risk of attackers gaining access. Employees should check with their IT administrators to ensure the proper steps are taken to keep them and their remote worker peers safe.  

A VPN is a great way for people to stay safe online. It protects all sensitive activities conducted online. However, it is essential to keep VPN software up-to-date by applying security patches and software updates as quickly as possible.  

Need More Help?

Anyone who wants to learn more can call the Identity Theft Resource Center (ITRC) toll-free at 888.400.5530 to speak with an expert advisor. They can also live-chat with an advisor on the company website. For on-the-go assistance, consumers are encouraged to check out the free ID Theft Help App from ITRC. 

Read more of our latest articles below

Identity Theft Resource Center® Reports 30 Percent Decrease in Data Breaches so Far in 2020

Election Scams Begin to Surface with the General Election Less than One Month Away

Recent Insider Attacks Stress the Importance of Smart Business Practices

People are spending more time on their phones, tablets and computers now than ever, making the importance of cyber-hygiene tips as paramount as they’ve ever been. The Identity Theft Resource Center (ITRC) wants to highlight some of the best practices and steps that users can take to improve their online security.

We recommend everyone make these cyber-hygiene tips part of their regular routine to greatly reduce their risk of identity theft or other cybersecurity compromises.

1. Use a secure connection and a VPN to connect to the internet

A virtual private network (VPN) is a digital tool that keeps outsiders, such as hackers, identity thieves, spammers and even advertisers from seeing online activity. Users should also be wary of public Wi-Fi. While public Wi-Fi may be convenient, it can have many privacy and security risks that could leave someone vulnerable to digital snoops. If connecting to public Wi-Fi, be sure to use a VPN.

2. Get educated about the terms of service and other policies

It is important to understand what the terms of service and other policies say because, once you check the box, you may have agreed to have your information stored and sold, automatic renewals, location-based monitoring and more.

3. Make sure anti-virus software is running on all devices

It is very important to have anti-virus software running on every device because it is designed to prevent, detect and remove software viruses and other malicious software. It will protect your devices from potential attacks.

4. Set up all online accounts (email, financial, shopping, etc.) with two-factor or multi-factor authentication

Two-factor authentication (2FA) or multi-factor authentication (MFA) adds an extra layer of protection to your accounts; it requires at least two separate verification steps to log into an account. Relying on a minimum of two methods of login credentials before accessing accounts will make it harder for a hacker to gain access.

5. Use secure payment methods when shopping online

One easy cyber-hygiene step is to only shop on trusted websites and use trusted payment methods. Consumers should not use payment portals or shop on websites with which they are not familiar.

Always use a payment instrument that has a dispute resolution process – like a credit card or PayPal – if you have to shop on an unfamiliar site.

6. Use unique passphrases for passwords and do not reuse passwords

The best practice these days is to use a nine to ten-character passphrase instead of an eight-character password. A passphrase is easier to remember and harder for hackers to crack.

Also, users should employ unique passphrases; if they use the same one, hackers can gain access to multiple accounts through tactics like credential stuffing.

7. Never open a link from an unknown source

Do not click on links or download attachments via email or text – unless you are expecting something from someone or a business you know. If it is spam, it could insert malware on your device.

Also, never enter personally identifiable information (PII) or payment information on websites and web forms that are not secure or have not been fully vetted. It could be a portal to steal personal information.

8. Make sure devices are password protected

If devices are not password protected, it is just that much easier for a hacker to share or steal personal information. Without a layer of protection or authentication to access the device, all the information saved on it becomes fair game. Use a PIN code, biometric or pattern recognition to lock your devices and set the same protection for apps that have access to sensitive information like banking or credit cards.

9. Log out of accounts when done

This is another bad habit that makes it much easier for someone to share or steal your information. Always log out of accounts when done so no one can get easy access to them.

While there is nothing that can be done to eliminate identity theft, account takeovers and other malicious intent, these cyber-hygiene tips will help keep consumers safe, as well as reduce the number of cybercrime victims.

For anyone who believes they have been a victim of identity theft or has questions about cyber-hygiene tips, they can call the ITRC toll-free at 888.400.5530 to speak with an expert advisor. They can also live-chat through the website or the free ID Theft Help app.

Read more of our related articles below

The Unconventional 2020 Data Breach Trends Continue

School District Data Breaches Continue to be a Playground for Hackers

Is This an Amazon Brushing Scam?