Voicemod

Voicemod

Real-time voice changer that works with any application and comes equipped with an extensive collection of voices and ambient effects

FULL VERSION + CRACK
Logic Pro X

Logic Pro X

A fully-featured recoding studio that provides a complete set of tools for musicians who need to write, record, edit and mix music

FULL VERSION + CRACK
Flvto Youtube Downloader

Flvto Youtube Downloader

With this simple and intuitive application, you can swiftly download all your favorite online videos to your computer, in just a couple of moves

FULL VERSION + CRACK
Internet Download Manager (IDM)

Internet Download Manager (IDM)

Push your Internet connection to the limits and cleverly organize or synchronize download processes with this powerful application

FULL VERSION + CRACK
Soni Typing Tutor

Soni Typing Tutor

Improve your typing speed with the help of this approachable application that provides you with a host of exercises as well as tests

FULL VERSION + CRACK

IT News

Jun 21
Many telehealth initiatives tap into wireless networking supplied by service providers that may start offering services such as Citizen's Band and 5G to support remote medical care.
Jun 21
Many large companies have taken steps to embrace blockchain, but Facebook's plans for a cryptocurrency and digital wallet has prompted government oversight committees to call for hearings and may have banks taking another look at the...
Jun 21
Most organizations have at least two team chat apps, according to survey results from Mio, a situation that could lead to communication silos and problems for IT.
Jun 21
While Facebook's Libra coin has the potential to disrupt traditional commercial banking by removing the middleman between buyers, sellers and money transfers, it also comes with significant risks.
Jun 20
Cisco and IBM are working todevelop a hybrid-cloud architecture that meld Cisco's data-center, networking and analytics platforms with IBM's cloud offerings.
Jun 20
An add-on being offered by Google for its Chrome browser will allow users to report suspicious or unsafe websites.
Jun 20
Vulnerabilities to Cisco's SD-WAN and DNA Center software top a list of nearly 30 security advisories issued by the company.

Categories

Gov't warns on VPN security bug in Cisco, Palo Alto, F5, Pulse software

The Department of Homeland Security has issued a warning that some VPN packages from Cisco, Palo Alto, F5 and Pusle may improperly secure tokens and cookies, allowing nefarious actors an opening to invade and take control over an end user's system. 

The DHS's Cybersecurity and Infrastructure Security Agency (CISA) warning comes on the heels of a notice from Carnegie Mellon's CERT that multiple VPN applications store the authentication and/or session cookies insecurely in memory and/or log files.

"If an attacker has persistent access to a VPN user's endpoint or exfiltrates the cookie using other methods, they can replay the session and bypass other authentication methods," CERT wrote. "An attacker would then have access to the same applications that the user does through their VPN session."

According to the CERT warning, the following products and versions store the cookie insecurely in log files:

The following products and versions store the cookie insecurely in memory:

CERT says that Palo Alto Networks GlobalProtect version 4.1.1 patches this vulnerability.

In the CERT warning F5 stated it has been aware of the insecure memory storage since 2013 and has not yet been patched. More information can be found here. F5 also stated it has been aware of the insecure log storage since 2017 and fixed it in version 12.1.3 and 13.1.0 and onwards. More information can be found here.

CERT said it is unaware of any patches at the time of publishing for Cisco AnyConnect and Pulse Secure Connect Secure.

CERT credited the National Defense ISAC Remote Access Working Group for reporting the vulnerability.

This story, "Gov't warns on VPN security bug in Cisco, Palo Alto, F5, Pulse software" was originally published by Network World.