Content

Vulnerabilities in two VPNs opened door to fake, malicious updates

Hackers can exploit critical vulnerabilities in PrivateVPN and Betternet – since fixed – to push out fake updates and plant malicious programs or steal data.

Attackers can intercept a VPN’s “communications and force the apps to download a fake update,” researchers from VPNPro who discovered the flaws wrote in a blog post.​ “The app may automatically apply the fake update, or send the user a notification to update the app.”

The researchers told SC Media they "were very surprised because these are VPNs – important cybersecurity tools that are meant to keep users safe – with a lot of users "trusting these tools to provide them with more security and privacy, not less."

After testing 20 VPNs, the researchers reported their findings to Betternet and PrivateVPN – and both rolled out patches, on April 14 and March 26, respectively. There's "no evidence that these vulnerabilities were exploited," the researchers told SC.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.