In order to connect to these networks, users typically have to install a VPN client on their computer or mobile device, with all the three aforementioned companies providing apps for all the major OS platforms today, such as Windows, macOS, Linux, Android, and iOS. These companies manage a network of thousands of proxy servers across the globe that reroute their customers’ web traffic in order to disguise their users’ real location. The three VPN companies mentioned in Zerodium’s tweet are some of today’s biggest providers of cloud-based VPN services. Local privilege escalation is out of scope. We're looking for #0day exploits affecting VPN software for Windows:Įxploit types: information disclosure, IP address leak, or remote code execution. The latest of the company’s bug acquisition drives was announced earlier today via a tweet on the company’s official Twitter account. Latest bug acquisition drive targets Windows VPN clients Past acquisition drives have targeted routers, cloud services, mobile IM clients, and even something as niche as the Pidgin app - popular with cybercrime organizations. In addition, across the years, the company has also held so-called temporary “bug acquisition drives,” during which they offer to buy zero-day exploits in non-standard software. The company runs a bug acquisition program on its site, where security researchers can sell their exploits for prices of up to $2.5 million - based on the type and nature of their vulnerability. Zerodium seeking zero-days in ExpressVPN, NordVPN, and Surfshark VPN appsĮxploit broker Zerodium announced its intention today to buy zero-day vulnerabilities in the Windows clients of three major VPN providers-ExpressVPN, NordVPN, and Surfshark.įounded in 2015, Zerodium is a security company based in Washington, DC, that has built a reputation over the years for buying exploits for zero-day vulnerabilities in various applications and then reselling the exploits to government and law enforcement agencies.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |