Browsing the web poses several risks by exposing all your data, which can be reflected on every website you visit. For this reason, many users resort to private browsing to keep their identity hidden, which is a real incentive to prevent companies or other users from detecting your trail in cyberspace. However, it is not as efficient as it seems because, if you use a VPN, your data may still be at risk.
Many times we think that if we want to experience much safer Internet browsing, we have resorted to resources that allow us to circulate through the Internet without identifying our location or any movement we make on online pages, such as making purchases, downloading a program, or enter other types of sensitive data that, in theory, are not recorded. This can be achieved through sophisticated tools, such as Google Chrome’s incognito mode.
However, one of the most used methods is the use of a VPN (Virtual Private Network), or virtual private network, whose function is to connect from your public network to a more protected line that encrypts all your credentials and keeps everything safe. browsing history. In principle, you should not worry, but a report has recently come to light certifying the vulnerability of Ivanti Connect Secure (ICS), a software and security company attacked by a team of cybercriminals who inject malware codes into your PC.
Security flaws in Ivanti VPNs
A group of hackers have introduced two malware codes that seriously affect your privacy. These security flaws are known as zero-day vulnerabilities, where criminals take advantage of the weakness of software programs to introduce a high-severity virus or malware that severely affects a computer system.
This is what has happened to the cybersecurity company Ivanti, where two vulnerabilities tracked as CVE-2023-46805 and CVE-2024-21887 of severity 8.2 and 9.1, respectively, have caused chaos across the implantation of the KrustyLoader malware, whose objective is to download the Silver file remotely on the servers, acting as a malicious open source cross-platform framework, to infect any computer that uses a VPN.
In this way, a large amount of malware is installed using exploits in order to collect all the sensitive information of users who browse these networks, as well as passwords or other types of personal data that seriously harm their privacy.
A possible solution, half
Apparently, these types of zero-day vulnerabilities are very complicated to solve, since they are not identified with complete brilliance and there is no security update to mitigate them. Despite this, Ivanti has shared that they will try to put an end to this mishap as soon as possible and, for the moment, has already implemented a temporary solution through a xml file.
Be that as it may, as a result of the seriousness of the problem, it is best to stay away for a while until the corresponding security measures are imposed, so it is not advisable to browse through this type of VPN, at least for now. .
