#CitizenLabResearch

Port Shadow Attack Allows VPN Traffic Interception, Redirection

by

July 18, 2024 at 09:03AM Researchers from several universities have identified a vulnerability, named Port Shadow (CVE-2021-3773), that allows threat actors to exploit VPNs to launch man-in-the-middle attacks, intercepting and redirecting traffic. This affects OpenVPN, WireGuard, and OpenConnect on Linux or FreeBSD. Mitigation involves specific firewall rules, and end users are advised to connect to … Read more

Flaws in Chinese keyboard apps leave 750 million users open to snooping, researchers claim

by

April 26, 2024 at 01:46AM Many Chinese keyboard apps, including those from major handset manufacturers, have been found to be leaking keystrokes, leaving potentially three quarters of a billion people at risk. These apps use input method editor (IME) software, such as the Pinyin scheme, which uploads keystrokes to the cloud for processing. Vulnerabilities have … Read more