Security News

Researchers have detailed a Virtual Private Network (VPN) bypass technique dubbed TunnelVision that allows threat actors to snoop on victim's network traffic by just being on the same local...

"TunnelVision's effect is independent of the underlying VPN protocol because it reconfigures the operating system network stack the VPN relies on." Anyone who is able to operate a DHCP server on the same network as someone using a VPN, and get that VPN client's machine to use that DHCP server, can decloak their traffic because of a particular feature in the configuration protocol: option 121, which allows administrators to add classless static routes to client routing tables.

A new attack dubbed "TunnelVision" can route traffic outside a VPN's encryption tunnel, allowing attackers to snoop on unencrypted traffic while maintaining the appearance of a secure VPN connection. The attackers set up a rogue DHCP server that alters the routing tables so that all VPN traffic is sent straight to the local network or a malicious gateway, never entering the encrypted VPN tunnel.

A series of attacks against Microsoft Active Directory domains could allow miscreants to spoof DNS records, compromise Active Directory and steal all the secrets it stores, according to Akamai security researchers. While the current report doesn't provide technical details or proof-of-concept exploits, Akamai has promised, in the near future, to publish code that implements these attacks called DDSpoof - short for DHCP DNS Spoof.

Google Compute Engine virtual machines can be hijacked and made to hand over root shell access via a cunning DHCP attack, according to security researcher Imre Rad. Though the weakness remains unpatched, there are some mitigating factors that diminish the potential risk. A successful attack involves overloading a victim's VM with DHCP traffic so that it ends up using a rogue attacker-controlled metadata server, which can be on the same network or on the other side of the internet.

Meanwhile, Adobe gives Flash the month off. SAP emits fixes, though Patch Tuesday Summer is now firmly upon us, and depending on where you are, the weather could be just about anything from...

The vulnerability in Windows 10 and Windows Server 2019 gives attackers an entry point for further exploitation when combined with other vulnerabilities.

DHCP client has trio of remote-code exec vulns, plus SAP, Adobe issue updates Patch Tuesday It's the second Tuesday of the month, and you know what that means: a fresh dump of security fixes from...

Microsoft has fixed nearly 50 vulnerabilities with its Patch Tuesday updates for January 2019, including some critical flaws affecting Edge, Hyper-V and DHCP. None of the vulnerabilities patched...

Proof-of-concept fits in a Tweet and can take down all of RH's best bits Red Hat has announced a critical vulnerability in its DHCP client and while it doesn't have a brand name it does have a...