[SecurityWeek] Zerodium Buying Zero-Day Exploits Targeting VPN Software

Exploit acquisition company Zerodium on Tuesday announced that it’s looking to buy zero-day exploits targeting popular VPN software.

Specifically, the company wants to acquire exploits that work against the Windows versions of the ExpressVPN, NordVPN and Surfshark applications. These VPN services have millions of users.

read more

Source: Read More (SecurityWeek RSS Feed)

You might be interested in …

[SecurityWeek] 16 Vulnerabilities Found in Firmware of HP Enterprise Devices

All posts, Security Week

Firmware security company Binarly has discovered more than a dozen potentially serious vulnerabilities affecting UEFI firmware present on devices from HP and possibly other vendors. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[SANS ISC] TLS 1.3 and SSL – the current state of affairs, (Tue, Sep 28th)

All posts, Sans-ISC

It has been over 3 years since the specification for TLS 1.3 was published[1], and although the protocol has some minor drawbacks, it is undoubtedly the most secure TLS version so far. One would therefore hope that the adoption of TLS 1.3 and its use on web servers around the globe would steadily increase over […]

Read More

[TheRecord] SEC fines three companies over hacked employee email accounts

The US Securities and Exchange Commission has fined three brokerage firms on Monday for neglecting to secure employee accounts, incidents that led to the exposure of their customers’ data. Cetera Advisor Networks LLC, Cetera Investment Services LLC, Cetera Financial Specialists LLC, Cetera Advisors LLC, and Cetera Investment Advisers LLC (collectively, the Cetera entities); Cambridge Investment Research Inc. […]

Read More