Vulnerabilities in two VPNs opened door to fake, malicious updates

May 6, 2020

Hackers can exploit critical vulnerabilities in PrivateVPN and Betternet – since fixed – to push out fake updates and plant malicious programs or steal data.

Attackers can intercept a VPN’s “communications and force the apps to download a fake update,” researchers from VPNPro who discovered the flaws wrote in a blog post.​ “The app may automatically apply the fake update, or send the user a notification to update the app.”

After testing 20 VPNs, the researchers reported their findings to Betternet and PrivateVPN – and both rolled out patches, on April 14 and March 26, respectively.

The post Vulnerabilities in two VPNs opened door to fake, malicious updates appeared first on SC Media.

Original Source
Tags: , , ,

You may have missed

CISA Logo

CISA: Cisco Releases Security Advisories for Cisco Integrated Management Controller

April 19, 2024
alerts

Cryptographic Vulnerability in PuTTY

April 19, 2024
Basta

Black Basta Ransomware Victim: fluenthome[.]com

April 19, 2024
Basta

Black Basta Ransomware Victim: macphie[.]com

April 19, 2024
Basta

Black Basta Ransomware Victim: columbiapipe[.]com

April 19, 2024