The Department of Homeland Security has issued a warning that VPN packages from several enterprises including Cisco, Palo Alto, F5 and Pulse may improperly store authentication tokens and session cookies on user computers. Thus, attackers can exploit this vulnerability to take control of an affected system.

The vulnerability note written by Carnegie Mellon University’s Madison Oliver says that “If an attacker has persistent access to a VPN user’s endpoint or exfiltrates the cookie using other methods, they can replay the session and bypass other authentication methods. An attacker would then have access to the same applications that the user does through their VPN session.”

According to the CERT warning, the following products and versions store the cookie insecurely in log files:

The following products and versions store the cookie insecurely in log files:
– Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0 (CVE-2019-1573)
– Pulse Secure Connect Secure prior to 8.1R14, 8.2, 8.3R6, and 9.0R2

The following products and versions store the cookie insecurely in memory:
– Palo Alto Networks GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS0 (CVE-2019-1573)
– Pulse Secure Connect Secure prior to 8.1R14, 8.2, 8.3R6, and 9.0R2
– Cisco AnyConnect 4.7.x and prior

Palo Alto Networks has confirmed its GlobalProtect app was vulnerable and has issued a patch, TechCrunch notes. Cisco and Pulse Secure have not, and F5 is advising users to use a one-time password or two-factor authentication instead of password-based authentication.

Security Tips:

If you want to use the internet privately and securely with a VPN, you can consider ExpressVPN which is #1 trusted leader in VPN industry. This VPN is based in the British Virgin Island and it keeps no logs of your online activities. It offers a large network of 3,000+ VPN servers in 160 VPN server locations in 94 countries, with unlimited bandwidth and unlimited server switches. ExpressVPN has all the advanced features you’d expect from the top VPN, including Split tunneling, Kill switch, DNS/IPv6 leak protection, 256-bit AES encryption and more. Torrenting is allowed on all ExpressVPN servers, and it usually has a handful of servers that work with Netflix. ExpressVPN is offering a huge discount now. Starting with just $6.67 a month, one can save 49% and get an extra 3 months free to enjoy unlimited VPN access and 100% safe browsing experience. 

Published by Tony Shepherd on April 29, 2019 3:18 am and last modified on April 28, 2019 4:35 am.

What is SugarSync? Why you need SugarSync? We believe people should have access to enjoy and share their digital world anywhere, anytime. That’s why they created SugarSync – an innovative solution that allows people to protect, share and access digital files on a variety of devices – personal computers, mobile phones and more. In other word, SugarSync is a cloud service that enables its users to browse, access, back up, and sync online through all their devices. And SugarSync’s mission is to help make peoples digital life more simple & they also glad to have the great deals to all users who can experience the free trial first before they upgrade to a paid plan. Simplify Your Life and Sync Outside the Box – Get Your free SugarSync 30-Day Trial By Clicking On The Button Below!

Published by Tony Shepherd on April 28, 2019 6:52 am and last modified on April 28, 2019 9:23 am.

Cyber attacks continue to increase on a global level. Unlocator, a big name in Smart DNS, released a virtual private network in order to allow you unblock streaming, bypassing censorship, and make you stay protected while using a public Wi-Fi. So, how does it work? Is it fast? Does Unlocator store logs? Is it worth the money? In this review, you are going to learn everything about Unlocator’s VPN. Whether you’re traveling or at home, using Unlocator allows you to access your remote desktop and home network with minimal risk. Check out the review below and get an additional layer of protection for yourself.

Read the rest of this post »

Published by Tony Shepherd on April 26, 2019 1:09 pm and last modified on June 11, 2024 9:27 am.

*Disclosure: We are a professional site and we are independently owned and opinions here expressed are our own. This post contains affiliate links and we will be compensated if you make a purchase after clicking on our links.

Users across campus have been asking for password management tools for a while. Now, good news for university students with educational Email addresses!

Lastpass is pleased to offer a six months free of its premium service to people with a valid email address from an education institution. LastPass is a password manager that works as a browser extension and/or mobile device app to store University and personal passwords in a secure and encrypted environment. With LastPass, you will only need to remember one password – your master password, then you can safely login to websites, access your multiple accounts and shop online. The password manager can generate new, complex passwords for every account of yours with letters, numbers and characters. And the Premium version can make you enjoy such features as one-to-many sharing, emergency access, advanced multi-factor options, priority tech support, compatible applications and 1 GB encrypted file storage.
Read the rest of this post »

Published by Tony Shepherd on April 25, 2019 2:20 am and last modified on July 9, 2019 9:49 am.

If you are using a Mac, you may have come across a program called MacKeeper, which claims to be a cleaning utility that helps optimize your Apple, clean up junk files and even remove malware and phishing scams for you. But most of us know that Mac OS has built-in protection from malware and the vast majority of malware out there is in the form of Windows executables which will not run on the Mac. So, is it necessary to get MacKeeper on a Mac? Does it really help enhance your Mac performance by cleaning junk files, removing unwanted ads, and providing other system optimization-related functionality? How much does the service cost? In this MacKeeper Review, you are going to learn everything about this Mac security solution, including its pricing, features, usability and more, so you will know if it’s worth your money or not.

Read the rest of this post »

Published by Tony Shepherd on April 23, 2019 9:34 am and last modified on March 16, 2020 7:46 am.

Hello everybody, as you know, Easter is fast approaching. To get the maximum savings, Ivacy VPN provider can offer all their users will a special deal by applying a promo code, you can get 25% discount by getting the code on our website till April 30, 2019 and enable your purchase is on best value, it is a limited offer.

Utilize this opportunity to make your purchase up for a boost in buying on the occasion of Easter.
All our readers will need to do is, use the promo code by clicking on “Get this deal now” button below before you check out.
However, do note that the coupon will be deleted after 30th April, 2019, so you need to be quick!

Published by Tony Shepherd on April 22, 2019 3:06 am

MacKeeper Limited Easter Promo 2019 is Available Now!

We have a good News to tell our readers that MacKeeper has launched Easter promotions right now. Starting from today Easter dedicated price page and banners are available for you. Price page includes a mini game which allows all our readers to win discounts up to 40%. This special deal is limited time offered only. Due to the promotion ends on 28th of Apr, we suggest you take it before it is expired.

Right afterwards Easter assets will be available at MacKeeper links’ section. Don’t hesitate contacting our online support to get an individual help, additional creatives and exclusive offers. BTW, Mackeeper is trusted by 15,367,439 users. They have been using MacKeeper for a few years, and it’s been a model of what it does to keep their Mac running smoothly, to find problems (downloaded by my kids), and to fix them. That is why they don’t hesitate to recommend it to any other users. This is great!

Published by Tony Shepherd on April 19, 2019 11:02 am and last modified on April 19, 2019 11:08 am.

In this digital world, backing up critical data, systems and applications becomes an unmissable insurance policy that every Internet user needs in the event of a disaster. Acronis True Image 2020 is one of the best backup tool in the market that not only ensures your data is backed up, but also provides ransomware protection, active disk cloning, backup statistics, activity logs and more. Is the software safe to use? Is it easy to set up and manage? How does it work? What kind of backup technique is used? In this Acronis True Image 2020 review, you are going to learn everything about this online backup tool, from its price, features, speed, to privacy, security and more.
Read the rest of this post »

Published by Tony Shepherd on April 18, 2019 2:08 am and last modified on January 23, 2020 8:22 am.

Kaspersky Lab now are promoting their popular Kaspersky Lab Global Products such as Kaspersky Total Security (Award Winning Software For All The Family), Kaspersky Internet Security (Comprehensive Online Security For All), Kaspersky Small Office Security (From 5 To 50 Devices Incredible Package Of Products For Business) or Kaspersky Anti Virus (Highly Popular Online Safety With Special Features).

SPECIAL INDIA Program Offer

35% OFF KASPERSKY PRODUCTS FOR INDIAN REGION
These special offers are available now in the platform.
Available From: 15th APR (TO) 30th APR

Visitors who use the coupon code from our website will be able to get a 35% discount off, this is a limited time offer! So hurry up to get it when it is still working. Please click on the button below to get the valid coupon code.

Published by Tony Shepherd on April 17, 2019 6:28 am and last modified on April 17, 2019 6:28 am.

Microsoft’s Internet Explorer is in trouble again!

Security researcher John Page has discovered a new security flaw in Internet Explorer that allows hackers to steal Windows users’ data. Anyone who has Internet Explorer installed on their system is vulnerable to this exploit, whether they’re currently using the IE browser or have even opened it before. The researcher explained that the browser is vulnerable to XML External Entity attack if a user opens something malicious. MHT file locally, allowing hackers to remotely access the computer and exfiltrate local files. Simply put, you don’t even have to run the browser for this to be a problem and simply opening the wrong attachment or message could be enough for triggering the vulnerability.

Read the rest of this post »

Published by Tony Shepherd on April 17, 2019 2:14 am and last modified on April 16, 2019 2:19 am.