EKFiddle v.0.8.2 - A Framework Based On The Fiddler Web Debugger To Study Exploit Kits, Malvertising And Malicious Traffic In General

A framework based on the Fiddler web debugger to study Exploit Kits, malvertising and malicious traffic in general. Installation Download and install the latest version of Fiddler https://www.telerik.com/fiddler Special instructions for Linux and Mac here:...

Security Bulletin: IBM b-type Network/Storage switches are affected by Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN (openssl ,redhat,openVPN) vulnerabilities.

Summary IBM b-type Network/Storage switches has addressed the following vulnerabilities CVE-2016-2183, CVE-2016-6329. Vulnerability Details Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the...

4Nonimizer - A Tool For Anonymizing The Public IP Used To Browsing Internet, Managing The Connection To TOR Network And To Different VPNs Providers

It is a bash script for anonymizing the public IP used to browsing Internet, managing the connection to TOR network and to different top VPN providers OpenVPN, whether free or paid. By default, it includes several pre-configured VPN connections to different peers .ovpn files and download the...

ProtonVPN, NordVPN Flaws Open Door to Privilege Escalation

UPDATE A pair of vulnerabilities in the ProtonVPN and NordVPN VPN clients have been uncovered, which allow attackers to execute code as an administrator on targeted Microsoft Windows machines. In both cases CVE-2018-3952 NordVPN and CVE-2018-4010 ProntonVPN, the clients have the same design,...

Vulnerability Spotlight: CVE-2018-3952 / CVE-2018-4010 - Multi-provider VPN Client Privilege Escalation Vulnerabilities

Discovered by Paul Rascagneres. Overview Cisco Talos has discovered two similar vulnerabilities in the ProtonVPN and NordVPN VPN clients. The vulnerabilities allow attackers to execute code as an administrator on Microsoft Windows operating systems from a standard user. The vulnerabilities were...

NordVPN VPN client connect privilege escalation vulnerability

Summary An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. A specially crafted configuration file can cause a privilege escalation, resulting in the execution of arbitrary commands with system privileges. Tested Versions NordVPN 6.14.28.0 Product...

ProtonVPN VPN client connect privilege escalation vulnerability

Summary An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system’s privileges. Tested Versions...

MGASA-2018-0329 Updated openvpn packages fix security vulnerability

Updated openvpn packages fix security vulnerability: Fix potential double-free in Interactive Service could lead to denial of service CVE-2018-9336...

Updated openvpn packages fix security vulnerability

Updated openvpn packages fix security vulnerability: Fix potential double-free in Interactive Service could lead to denial of service CVE-2018-9336...

openSUSE Security Update : openvpn (openSUSE-2018-705)

This update for openvpn fixes the following issues : - CVE-2018-9336: Fix potential double-free in Interactive Service could lead to denial of service bsc1090839. This update was imported from the SUSE:SLE-15:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Security update for openvpn (moderate)

This update for openvpn fixes the following issues: - CVE-2018-9336: Fix potential double-free in Interactive Service could lead to denial of service bsc1090839. This update was imported from the SUSE:SLE-15:Update update project...

SUSE-SU-2018:1888-1 Security update for openvpn

This update for openvpn fixes the following issues: - CVE-2018-9336: Fix potential double-free in Interactive Service could lead to denial of service bsc1090839...

Oracle Linux 7 : python (ELSA-2018-2123)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-2123 advisory. 2.7.5-69.0.1 - Add Oracle Linux distribution in platform.py orabug 20812544 2.7.5-70 - Remove 3DS cipher to mitigate CVE-2016-2183 sweet32. Resolves: rhbz158454...

Moderate: Red Hat Security Advisory: python security update

An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Firewall and Privatizing Proxy: macOS Fortress

macOS-Fortress is a Firewall, Blackhole, and Privatizing Proxy for Trackers, Attackers, Malware, Adware, and Spammers. It is Kernel-level, OS-level, and client-level security for macOS. Built to address a steady stream of attacks visible on snort and server logs, as well as blocks ads, malicious...

Security Bulletin: OpenSSL and OpenVPN vulnerabilities affect IBM Rational Team Concert (CVE-2016-2183, CVE-2016-6329)

Summary OpenSSL and OpenVPN vulnerabilities affect IBM Rational Team Concert. OpenSSL and OpenVPN are used by Rational BuildForge Agent shipped with IBM Rational Team Concert. Vulnerability Details CVEID: CVE-2016-2183 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...

The vulnerability of the ProtonVPN Service software, a VPN service for accessing ProtonVPN, allows a perpetrator to execute arbitrary code with SYSTEM privileges.

The vulnerability of the ProtonVPN service is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands with SYSTEM privileges using a single OpenVPN command line...

The vulnerability of the nordvpn-service software’s VPN service allows a perpetrator to execute arbitrary code with SYSTEM privileges.

The vulnerability of the nordvpn-service software’s VPN service is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands with SYSTEM privileges using a single OpenVPN command...

CVE-2018-11479

The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processe...

CVE-2018-11479

The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \.\pipe\WindscribeService named pipe endpoint that allows the Windscribe VPN process to connect and execute an OpenVPN process or other processe...