High-Severity Bug in Kaspersky VPN Client Opens Door to PC Takeover – DARKReading

npressfetimg-1273.png

A high-severity local privilege-escalation (LPE) vulnerability in Kaspersky’s VPN Secure Connection for Microsoft Windows has been discovered, which would allow an attacker to gain administrative privileges and take full control over a victim’s computer.

Tracked as CVE-2022-27535, the bug carries a high-severity CVSS score of 7.8 out of 10, according to an advisory out today from Synopsys, which discovered the issue. It exists in the Support Tools part of the application and allows a regular user to use the “Delete service data and reports” function to remove a privileged folder.

While remote code execution (RCE) bugs tend to hog the patching spotlight, LPE flaws deserve recognition as they’re often linchpins within a wider attack flow. After cybercriminals gain initial access to a target via RCE or social engineering, LPEs are generally used by attackers to boost their privileges from a normal user profile to SYSTEM – i.e., the highest privilege level in the Windows environment.

With these kinds of local admin privileges, an attacker can then gain further access to the network, and ultimately a company’s crown jewels.

“A fully compromised computer would allow an attacker access to websites, credentials, files, and other sensitive information that could be useful by itself, or useful in moving laterally inside a corporate network,” Jonathan Knudsen, head of global research at Synopsys Cybersecurity Research Center, tells Dark Reading.

Kaspersky’s VPN Secure Connection offers remote workers a supposedly secure way to tie back to a corporate network and resources, and Knudsen notes that the bug discovery points out an important truism: “All software has vulnerabilities, even security software. The key to releasing better, more secure software is using a development process where security is part of every phase.”

He adds that Synopsys hasn’t seen any exploitation of the bug, but “most likely attackers will take note of it as a possible technique.” Users should upgrade to version 21.7.7.393 or later to patch their systems.

Source: https://www.darkreading.com/endpoint/high-severity-bug-kaspersky-vpn-client-pc-takeover

VPN

npressfetimg-1255.png
VPN

What is a VPN? Can it really protect my online privacy and security? – Fox News

Privacy has never been in such short supply.  There’s one technology I’ve found essential to fighting back against big tech’s prying and spying routine.   A VPN, or virtual private network, can be a very good idea for you to secure your internet connection, and it can be an effective way for you to protect your online privacy and security.

CLICK TO G…….

Read More
npressfetimg-1182.png
VPN

How to Pick a VPN for Torrenting – How-To Geek

Favebrush/Shutterstock.com

When you pick a VPN for torrenting, you need to look out for a few key security features, like a kill switch and transparent no-log policy. Also, avoid United States-based VPN providers and servers.

If you’re going to torrent, you’re going to need a VPN to protect yourself while doing so. How do you pick a good VPN for torrenting, though, is there something …….

Read More
npressfetimg-1109.png
VPN

The best Thailand VPN in 2023 – TechRadar

Thailand isn’t just beautiful beaches, breath-taking jungles, playful monkeys and yummy Pad Thai. Something that tourists often forget is that authorities are infamous for their strong grip on the internet. That’s where the best Thailand VPN apps can come handy.

Following the 2006 military coup d’état, online censorship and surveillance have been growing year by year. Now beyond solely …….

Read More
Powered by WordPress | WP Magazine by WP Mag Plus