To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.
Visit to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. So if your virtual card number gets compromised, your real card number wont! New Privacy customers will get $5 to spend on your first purchase! Visit /sharedsecurity to sign up and take back control of your online payments. #Kaspersky password manager fixes flaw that for android#Ī recently patched security vulnerability in the Kaspersky VPN application for Android resulted in DNS queries being exposed even after the user connected to a virtual server.Privacy is a tool that masks your bank account information by generating virtual card numbers. The flaw was discovered in Kaspersky VPN version 1.4.0.216 and is believed to affect previous iterations of the Android software.Īccording to Dhiraj Mishra, the security researcher who discovered the bug, the application would send DNS queries outside the established VPN tunnel. #Kaspersky password manager fixes flaw that android# The privacy issue could be triggered when connecting to any random virtual server, and basically allowed a DNS service to log the domain names of the sites visited by users. Kaspersky VPN has more than 1 million downloads in Google Play. “I believe this leaks the traces of an end user who wants to remain anonymous on the internet,” the researcher notes in a blog post. The vulnerability was reported to Kaspersky via the anti-virus maker’s bug bounty program on HackerOne on April 21. A fix was already released for the flaw, but no reward was issued for the finding, the security researcher says.Īs per Kaspersky’s public bug bounty program’s rules, rewards are handed out for flaws that result in leaked sensitive data, but only user passwords, payment data, and authentication tokens are considered within the scope of the program. Password managers are a vital line of defense in the battle for internet security which makes it all the more painful when they shit the bed. Thus, it becomes clear that the researcher’s discovery of a bug that results in leaked DNS addresses doesn’t fall within the bug bounty program’s scope. The Kaspersky Password Manager (KPM), a free tool used to generate and manage online passwords, has long been a popular alternative to the likes of LastPass or 1Password. On the other hand, however, Kaspersky does note in the application’s description in Google Play, that its VPN software can keep users anonymous while they browse the Internet. Responding to a SecurityWeek inquiry, Kaspersky Lab confirmed the flaw and recognized Dhiraj’s contribution to improving the app’s security: “This vulnerability was responsibly reported by the researcher, and was fixed in June.” “Because your location and your IP address aren't revealed through the VPN service, it's easier for you to access websites and content in other regions – without being traced,” Kaspersky VPN’s description reads. Kaspersky also confirmed that the researcher did not receive a bug bounty reward for the discovery. “The Kaspersky Secure Connection app is currently out of the scope of the company’s Bug Bounty Program, so we could not reward Dhirai under the current rules. We highly appreciate his work, and in the future the program may include new products,” Kaspersky said. #Kaspersky password manager fixes flaw that android#.#Kaspersky password manager fixes flaw that for android#.
0 kommentar(er)
