CyberSecurityBoard
Sponsor Register Login

ExpressVPN bug has been leaking some DNS requests for years

ExpressVPN has removed the split tunneling feature from the latest version of its software after finding that a bug exposed the domains users were visiting to configured DNS servers.
The bug was introduced in ExpressVPN Windows versions 12.23.1 - 12.72.0, published between May 19, 2022, and Feb. 7, 2024, and only affected those using the split tunneling feature.
The split tunneling feature allows users to selectively route some internet traffic in and out of the VPN tunnel, providing flexibility to those needing both local access and secure remote access simultaneously.
A bug in this feature caused DNS requests of users not to be directed to ExpressVPN's infrastructure, as they should, but to the user's internet service provider.
Usually, all DNS requests are done through ExpressVPN's logless DNS server to prevent ISPs and other organizations from tracking the domains a user visits.
This bug caused some DNS queries to be sent to the DNS server configured on the computer, usually a server at the user's ISP, allowing the server to track a user's browsing habits.
Having a DNS request leak like the one disclosed by ExpressVPN means that Windows users with active split tunneling potentially expose their browsing history to third parties, breaking a core promise of VPN products.
The issue was discovered and reported to the vendor by CNET's Attila Tomaschek and only occurs when the split tunneling mode is active.
Users of ExpressVPN versions 12.23.1 to 12.72.0 on Windows should upgrade their client to the latest version, 12.73.0.
The latest version removes the split tunneling feature.
ExpressVPN says they will re-introduce it in a future release when the bug is fixed.
If upgrading is impossible, disabling split tunneling should be enough to prevent the DNS request leaks, as the bug couldn't be replicated in any other mode.
If you absolutely need to use split tunneling, ExpressVPN recommends downloading and using version 10, which isn't impacted by the bug.
OpenAI rolls out imperfect fix for ChatGPT data leak flaw.
Fortra warns of new critical GoAnywhere MFT auth bypass, patch now.
Brave to end 'Strict' fingerprinting protection as it breaks websites.
AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Sun, 11 Feb 2024 17:35:07 +0000


Cyber News related to ExpressVPN bug has been leaking some DNS requests for years

How to Prevent DNS Attacks: DNS Security Best Practices - To protect against attack, best practices must be applied to protect the DNS protocol, the server on which the DNS protocol runs, and all access to the DNS processes. Implementing these best practices will not only protect DNS but also network ...
6 months ago Esecurityplanet.com
ExpressVPN bug has been leaking some DNS requests for years - ExpressVPN has removed the split tunneling feature from the latest version of its software after finding that a bug exposed the domains users were visiting to configured DNS servers. The bug was introduced in ExpressVPN Windows versions 12.23.1 - ...
4 months ago Bleepingcomputer.com
KeyTrap attack: Internet access disrupted with one DNS packet - A serious vulnerability named KeyTrap in the Domain Name System Security Extensions feature could be exploited to deny internet access to applications for an extended period. Tracked as CVE-2023-50387, KeyTrap is a design issue in DNSSEC and impacts ...
4 months ago Bleepingcomputer.com
DNS Tunneling Abuse Expands to Tracking & Scanning Victims - Attackers are taking malicious manipulation of DNS traffic to the next level, abusing DNS tunneling to scan a victim's network infrastructure as well as track victims' online behavior. Researchers from Palo Alto Networks' Unit 42 have identified ...
1 month ago Darkreading.com
Understanding DNS Zones: A Comprehensive Guide - DNS stands for Domain Name System, and it is one of the most important components of the Internet. It is a network of servers that coordinates the registration, updating and resolution of domain names, so that users can easily access websites and ...
1 year ago Heimdalsecurity.com
Hackers use DNS tunneling for network scanning, tracking victims - Threat actors are using Domain Name System tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities. DNS tunneling is the encoding of data or commands that are sent ...
1 month ago Bleepingcomputer.com
Attacks abuse Microsoft DHCP to spoof DNS records The Register - A series of attacks against Microsoft Active Directory domains could allow miscreants to spoof DNS records, compromise Active Directory and steal all the secrets it stores, according to Akamai security researchers. We're told the attacks - which are ...
7 months ago Go.theregister.com
47 Years Later: Serious Security – How Deliberate Typos Might Improve DNS Security - The Domain Name System (DNS) is an internet infrastructure that has been around since the early 80s and still plays an integral part in how websites and online services are accessed. Although it has been in use for almost 47 years, security issues of ...
1 year ago Nakedsecurity.sophos.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
7 months ago Esecurityplanet.com
DNSSEC vulnerability puts big chunk of the internet at risk The Register - A 20-plus-year-old security vulnerability in the design of DNSSEC could allow a single DNS packet to exhaust the processing capacity of any server offering the system for domain-name resolution, effectively disabling the machine. Yes, a single DNS ...
4 months ago Go.theregister.com
Microsoft tests Windows 11 encrypted DNS server auto-discovery - Microsoft is testing support for the Discovery of Network-designated Resolvers internet standard, which enables automated client-side discovery of encrypted DNS servers on local area networks. Without DNR support, users must manually enter the info ...
7 months ago Bleepingcomputer.com
'KeyTrap' DNS Bug Threatens Widespread Internet Outages - Although it's been sitting there since 2000, researchers were just recently able to suss out a fundamental design flaw in a Domain Name System security extension, which under certain circumstances could be exploited to take down wide expanses of the ...
4 months ago Darkreading.com
SANS Internet Storm Center - A DNS suffix is a configuration of the Windows DNS client to have it append suffixes when doing domain lookups. If a DNS suffix local is configured, then Windows' DNS client will not only do a DNS lookup for example.com, but also for example.com. ...
1 month ago Isc.sans.edu
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
3 months ago Cisa.gov
Researchers Uncovered an Active Directory DNS spoofing exploit - In the intricate web of our interconnected world, the Domain Name System stands as a linchpin, directing users to their online destinations. Even this vital system is not impervious to the dark art of malicious manipulation. In a recent revelation by ...
6 months ago Gbhackers.com
Cybersecurity Firm Hacks Itself, Finds DNS Flaw Leak AWS Credentials - Intruder.io, a London, England-based cybersecurity firm, conducted a self-hack using a DNS rebinding attack, enabling them to extract low-privileged AWS credentials. Cybersecurity firm Intruder has published blog posts explaining how they got hacked ...
7 months ago Hackread.com
CVE-2024-29018 - Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP ...
3 months ago
Marriott Leads the Way to Protect Children Online - Read how Marriott has rapidly deployed Cisco DNS-layer security across nearly 5,000 properties to advance human rights. For over 96 years, Marriott International, the world's largest hospitality company, has been Putting People First. Grounded in its ...
3 months ago Umbrella.cisco.com
The 20 Most Essential Crypto Bug Bounty Programs - Working with cryptocurrency has become more and more popular in the last few years, but it’s not without risks. It’s important for sites that conduct digital payments and transfers to have security measures in place to help keep your data safe ...
1 year ago Hackread.com
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
3 months ago Cisa.gov
CVE-2024-25728 - ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration (e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers), which may allow ...
4 months ago
Password-stealing "vulnerability" reported in KeyPass - It's been a newsworthy few weeks for password managers - those handy utilities that help you come up with a different password for every website you use, and then to keep track of them all. At the end of 2022, it was the turn of LastPass to be all ...
1 year ago Nakedsecurity.sophos.com
Signal rolls out usernames that let you hide your phone number - End-to-end encrypted messaging app Signal finally allows users to pick custom usernames to connect with others while protecting their phone number privacy. This is part of a beta rollout that follows a public test phase in a staging environment ...
4 months ago Bleepingcomputer.com
How To Deploy HYAS Protect - HYAS Protect is an intelligent, cloud-based protective DNS solution that proactively detects and blocks communication with command and control infrastructure used in malware attacks. HYAS Protect also blocks communication with a host of other ...
1 month ago Securityboulevard.com
6 Best Anonymous VPNs for 2024 - VPNs are primarily used to secure online traffic and help users remain anonymous to avoid targeted ads, hide their location or ensure the security and privacy of their personal data. Though many VPN providers may advertise having a no-logs policy, ...
5 months ago Techrepublic.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)