VPNs are supposed to help maintain your privacy while online, but it seems that at least some of them have some security issues. The problems are so big, in fact, that a branch of GCHQ, which is the British spy agency, issued alerts about them.
The National Cyber Security Centre (NCSC), a unit of GCHQ, has discovered security bugs in a series of VPNs that are being exploited in the wild. The VPNs being exploited include Pulse Secure, GlobalProtect, and FortiClient VPN.
According to the warning, the vulnerabilities allowed attackers to get their hands on VPN login credentials. The information could then be used to change VPN configuration settings or gain access to the phone.
What to do
The NCSC is advising users of these VPN products to investigate their logs for evidence of compromise. It goes on to say that in order to best mitigate these vulnerabilities, users have to update their apps and to reset authentication credentials associated with affected VPNs and accounts connecting through them. Pulse Secure, Palo Alto, and Fortinet have all released patches for the vulnerabilities so there’s no excuse in waiting around here. Always run the updates when available!