PS5 details: Is there a risk that hackers will exploit them?
inet infosec

PS5 details: Is there a risk that hackers will exploit them?

Sony's game developer and creator, Mark Cerny, gave some details about the new PS5 console. In one...
Read More
infosec

Cisco warns of vulnerabilities in 9000 series routers

Cisco has released 31 security tips this week, but has focused users on "critical" patches for ...
Read More
infosec

HP: Adds the Sure Sense malware blocker to its new devices

HP announced a series of updates and new features for PCs, as well as the official HP release ...
Read More
infosec

Covering vacancies in hacker security

Incidents of online attacks are increasing day by day. Previously no such attention was paid. After the incident with the ...
Read More
infosec

Oracle: New Critical Patch Update fixes 297 vulnerabilities

Oracle releases a collection of patches for multiple critical security vulnerabilities. The update contains 297 new security fixes ...
Read More
Latest Posts

Security gaps in top-of-the-range VPN services

Serious vulnerabilities were found in two of the most popular VPN services on the market. Cisco Talos security investigators unleashed 2 vulnerabilities in the ProtonVPN and NordVPN services, through which a hacker can hijack the victim's system.

vpn flaws nordvpn protonvpn

CVE-2018-10169 code vulnerability made it possible to run code with administrator rights without the user knowing it. Patches have already been released for this vulnerability.

Vulnerability was also caused by 2 applications (ProtonVPN and NordVPN) thanks to the similar design of their applications. The interface of both applications is executed with the user's permissions. This includes the application settings like the desired server.

According to the vulnerability description, when the user started the connection process with the default server, "the attacker could, by replacing the VPN profile, execute (and run each time the connection was made) a code on the victim's system.

By executing code at this point, it is possible to tap critical information, hijack the victim's system and more.

This specific vulnerability existed in the client and the 2 companies. OR NordVPN informed her program in August, while her ProtonVPN released the corresponding patch in early September.

Both companies have made statements about the safety of their services, pointing out that all users have now refreshed their applications in the latest releases. They also stressed that there was no evidence to suggest that there was even a exploitation of the vulnerability, because exploiting it would have to pre-empt the system in a different way.

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *