[TheRecord] Zerodium seeking zero-days in ExpressVPN, NordVPN, and Surfshark VPN apps

Exploit broker Zerodium announced its intention today to buy zero-day vulnerabilities in the Windows clients of three major VPN providers—ExpressVPN, NordVPN, and Surfshark.

Founded in 2015, Zerodium is a security company based in Washington, DC, that has built a reputation over the years for buying exploits for zero-day vulnerabilities in various applications and then reselling the exploits to government and law enforcement agencies.

The company runs a bug acquisition program on its site, where security researchers can sell their exploits for prices of up to $2.5 million — based on the type and nature of their vulnerability.

In addition, across the years, the company has also held so-called temporary “bug acquisition drives,” during which they offer to buy zero-day exploits in non-standard software.

Past acquisition drives have targeted routers, cloud services, mobile IM clients, and even something as niche as the Pidgin app — popular with cybercrime organizations.

Latest bug acquisition drive targets Windows VPN clients

The latest of the company’s bug acquisition drives was announced earlier today via a tweet on the company’s official Twitter account.

We’re looking for #0day exploits affecting VPN software for Windows:

– ExpressVPN
– NordVPN
– Surfshark

Exploit types: information disclosure, IP address leak, or remote code execution. Local privilege escalation is out of scope.

Contact us: https://t.co/R6E2CVU9K3

— Zerodium (@Zerodium) October 19, 2021

The three VPN companies mentioned in Zerodium’s tweet are some of today’s biggest providers of cloud-based VPN services.

These companies manage a network of thousands of proxy servers across the globe that reroute their customers’ web traffic in order to disguise their users’ real location.

In order to connect to these networks, users typically have to install a VPN client on their computer or mobile device, with all the three aforementioned companies providing apps for all the major OS platforms today, such as Windows, macOS, Linux, Android, and iOS.

Today, Zerodium said that it was interested in exploits that target only the Windows clients, and namely in exploits that can disclose a VPN user’s personal information, that can reveal the user’s real-world IP address, or exploits that allow remote code execution on the user’s computer.

The reasons behind this bug acquisition drive are easy to guess, as VPN services are often used by cybercriminals to hide their real-world location when connecting to their hacked victims’ networks or their hacking infrastructure.

But today’s announcement has also riled up some privacy-conscious users who use VPN apps to browse the web from oppressive countries, especially since it’s not clear to whom and which countries Zerodium peddles its hacking tech.

Spokespersons for ExpressVPN, NordVPN, and Surfshark did not return a request for comment before this article’s publication, although Zerodium’s announcement today is bound to ruffle some features and ring some internal alarms.

A Zerodium spokesperson did not reply to a request for comment in regards to the prices it is willing to pay to researchers.

The post Zerodium seeking zero-days in ExpressVPN, NordVPN, and Surfshark VPN apps appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ZDNet] Patch now: Attackers are hunting for this critical VMware vCentre flaw

All posts, ZDNet

In the “ransomware era” everyone needs to patch vulnerable systems as quickly as possible. Source: Read More (Latest topics for ZDNet in Security)

Read More

[SANS ISC] ISC Stormcast For Wednesday, November 24th, 2021 https://isc.sans.edu/podcastdetail.html?id=7770, (Wed, Nov 24th)

All posts, Sans-ISC

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Source: Read More (SANS Internet Storm Center, InfoCON: green)

Read More

[NCSC-FI News] Pääkirjoitus: Pankkipalveluiden häiriöihin tulee varautua

Venäjän Ukrainaan kohdistaman hyökkäyssodan seurauksena kyberhyökkäysten riski on kohonnut myös Suomessa Yhtenä niin sanotun hybridisodankäynnin muotona ovat kyberiskut kriittistä infrastruktuuria vastaan. Kriittistä infrastruktuuria ovat esimerkiksi sähkönjakelu, telekommunikaatio ja pankkitoiminnot. Source: Read More (NCSC-FI daily news followup)

Read More