Vulnerabilities in two VPNs opened door to fake, malicious updates

May 6, 2020

Hackers can exploit critical vulnerabilities in PrivateVPN and Betternet – since fixed – to push out fake updates and plant malicious programs or steal data.

Attackers can intercept a VPN’s “communications and force the apps to download a fake update,” researchers from VPNPro who discovered the flaws wrote in a blog post.​ “The app may automatically apply the fake update, or send the user a notification to update the app.”

After testing 20 VPNs, the researchers reported their findings to Betternet and PrivateVPN – and both rolled out patches, on April 14 and March 26, respectively.

The post Vulnerabilities in two VPNs opened door to fake, malicious updates appeared first on SC Media.

Original Source
Tags: , , ,

You may have missed

image

CVE Alert: CVE-2023-31280

December 22, 2024
image

[FUNKSEC] – Ransomware Victim: visualsystemas[.]com[.]ar

December 22, 2024
image

[FUNKSEC] – Ransomware Victim: casarom[.]com[.]ar

December 22, 2024
image

[FUNKSEC] – Ransomware Victim: gtsportcarrental[.]com

December 22, 2024
image

CVE Alert: CVE-2023-31279

December 22, 2024