An operating system running on firewalls sold by Juniper Networks contains unauthorized code that could be exploited to decrypt traffic sent through virtual private networks. An âunauthorized codeâ was discovered in the operating system for Juniper NetScreen firewalls. The company admitted the presence of the âunauthorized codeâ that could allow an attacker to decrypt VPN traffic. [âunauthorized codeâ] âcould allow […]
Security experts at the VPN provider Perfect Privacy discovered a new vulnerability dubbed Port Fail that could be exploited to de-anonymize VPN users. Security experts at the VPN provider Perfect Privacy discovered a new vulnerability dubbed Port Fail which affect all VPN (Virtual Private Network) protocols and operating systems. An attacker can exploit the Port Fail flaw […]
Now that it is known a critical flaw in the Diffie-Hellman key-exchange protocol was exploited by the NSA to break the internet encryption, how to stop it? Recently a group of researchers has revealed how the NSA has cracked HTTPS, SSH, and VPNs rely on the Diffie-Hellman encryption by exploiting a wrong implementation of the cryptographic algorithm. The […]
Experts at Volexity discovered a hacking campaign targeting the CISCO WebVPN VPN product, attackers aim to steal corporate login credentials. A virtual private network (VPN) allows to extend a private network across a public connection, they are mainly used to protect users’ privacy and improve security for data in transit. Virtual Private Networks are commonly used many companies and organizations […]
A new collection of documents leaked by Snowden and disclosed by the Der Spiegel reveals the difficulties of Intelligence agencies to de-anonymize Tor users A new collection of NSA documents crawled by the Edward Snowden was leaked online during the weekend, the German news agency Der Spiegel has published online a dump of PDF files […]
Experts at IBM discovered a new variant of Citadel banking malware which includes different remote management tools to maintain persistence on victims’ PC. Researchers at IBM discovered a new variant of the Citadel banking malware which includes a new interesting feature that allows attackers to maintain persistence in the victim’s machine through remote management tools. Citadel is directly […]
Security researcher Robert Graham published the results of recent global scan searching for Heartbleed vulnerable systems. 300k systems are still vulnerable Heartbleed flaw is a bug disclosed more than a month ago, which affected OpenSSL library with serious repercussion on most common encryption services we daily use. Encrypted communications, mobile platforms, VPN and Tor networks are just a […]
Security researcher Adam Langley of Google explained the real efficiency of revocation checking in response to OpenSSL heartbeat bug. The Heartbleed bug is a source of great concern for IT industry, every day we discover that the flaw in the OpenSSL library has had a significant impact on Servers, on the mobile industry and on the anonymity […]
Security experts at Mandiant uncovered attackers exploiting the Heartbleed vulnerability to circumvent Multi-factor Authentication on VPNs. We have practically read everything about HeartBleed bug which affects OpenSSL library, we have seen the effects on servers, on mobile devices and also on Tor anonymity, Â now lets focus on the possibility to exploit it to hijack VPN […]
Sucuri firm detected a large DDOS attack that leveraged thousands of unsuspecting WordPress websites as indirect amplification vectors. The security community is threatened by a new botnet composed at least 162,000 WordPress-powered websites abused to run DDoS attacks. The technique of attack allows to flood a target with requests sent by WordPress servers that received a […]