ExpressVPN patches Windows bug that exposed remote desktop traffic
ExpressVPN announced both the vulnerability and the fix in a blog post earlier this week. According to that post, an independent researcher going by Adam-X sent in a tip on April 25 to claim a reward from ExpressVPN's bug bounty program. Adam-X noticed that some internal debug code which left traffic on TCP port 3389 unprotected had mistakenly shipped to customers. ExpressVPN released the patch about five days later in version 12.101.0.45 for Windows.
As ExpressVPN points out in its announcement of the patch, it's unlikely that the vulnerability was actually exploited. Any hypothetical hacker would not only have to be aware of the flaw, but would then have to trick their target into sending a web request over RDP or other traffic that uses port 3389. Even if all the dominos fell, the hacker could only see their target's real IP address, not any of the actual data they transmitted.
Even if the danger was small, it's nice to see ExpressVPN responding proactively to flaws in its product — bug bounties are great, but a security product should protect its users with as many safeguards as possible. In addition to closing this vulnerability, they're also adding automated tests that check for debug code accidentally left in production builds. This, plus a successful independent privacy audit earlier in 2025, gives the strong impression of a provider that's on top of things. If you buy something through a link in this article, we may earn commission.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
6 hours ago
- Yahoo
Chris Martin's Ex Gwyneth Paltrow Is Astronomer's ‘Temporary Spokesperson' Amid Coldplay Scandal
Astronomer has enlisted the help of Gwyneth Paltrow for a new promotional video in the wake of the Coldplay cheating scandal. The new video, posted by Astronomer via its official X page on Friday, July 25 features Paltrow as the company's 'Temporary Spokesperson.' Paltrow, who is the ex-wife of Coldplay frontman , introduced her role for the company while speaking to the camera. 'Hi, I'm Gwyneth Paltrow. I've been hired on a very temporary basis to speak on behalf of the 300+ employees at Astronomer,' Paltrow, 52, said. 'Astronomer has gotten a lot of questions over the last few days and they wanted me to answer the most common ones.' Ex-Astronomer CEO Andy Byron and Kristin Cabot Show PDA in Newly Resurfaced Video From Coldplay Concert The footage then cuts to the first 'question,' which reads, 'OMG what the actual F?' Paltrow does not directly answer this question or address the viral scandal, which saw the company's CEO Andy Byron and Chief People Officer Kristin Cabot step down after they were captured on a Kiss Cam getting cozy despite both reportedly being married to other people. Instead, Paltrow responds with information about Astronomer's business. 'Yes, Astronomer is the best place to run a patchy airflow, unifying the experience of running data ML and AI pipelines at scale. We've been thrilled so many people have a newfound interest in date workflow automation,' she said, before moving on to the next 'question.' The words 'How is your social team holding…' began to be written on screen before abruptly being cut off and switching back to Paltrow. 'Yes! There is still room available at our Beyond Analytics Event in September. We will now be returning to what we do best: Delivering game-changing results for our customers,' Paltrow said, before concluding, 'Thank you for your interest in Astromoner.' Astronomer executives Cabot and Byron made headlines when they attended Coldplay's concert at Gillette Stadium in Foxboro, Massachusetts, on July 16. During the performance, Martin introduced the Kiss Cam and turned it on to the crowd, focusing on Cabot and Byron embracing while watching the show. New Astronomer CEO Releases Statement After Coldplay Kiss Cam Scandal As soon as they realized they were being blasted on the big screen, the pair was immediately evasive. Cabot attempted to shield her face while Byron tried to dodge the cameras by ducking down out of shot. 'Whoa, look at these two. All right, come on. You're OK,' Martin, 48, said. 'Either they're having an affair or they're just very shy. I'm not quite sure what to do.' He added, 'Holy s***.I hope we didn't do something bad.' In the wake of the scandal, Astronomer confirmed that both Byron and Cabot have tendered their resignations from the company. Solve the daily Crossword
The Verge
13 hours ago
- The Verge
The Fujifilm X-E5 proves familiar isn't always a bad thing
The X-E5 is Fujifilm's tiny powerhouse. It's part of a line of cameras that has often been described as similar to the X100, except with an interchangeable lens. But the X-E line has evolved this year and is taking on a new shape. It used to be seen as a budget option, but at $1,699, that can no longer be said. Despite the fact that I've used almost every Fuji out there, this was my first time playing around with any of the X-E line of cameras. The X-E5 is a gorgeous, petite, and classy-looking camera with sharp lines throughout the body, and with buttons and an occasional concave edge for some extra flair and a distinctive look. It is ever-so-slightly shorter and thicker than the X100VI, but weighs about the same when paired with one of Fujifilm's pancake lenses. It is hard to keep your eyes and hands off of it. Over the last few weeks using the camera, I've had a lot of people asking me about it. Two even assumed it might be a Leica. The camera build feels incredibly solid. The dials and the buttons are very clicky; even the side door just feels right. The hinges on the flip screen are sturdy, and it can flip all the way around for some vlogging, too. All those little details matter and make the camera feel premium, but unfortunately this camera is not weather sealed (something you'd also expect for this price). The big new feature for the X-E is the dedicated film simulation dial. We've seen other Fujis adding these, but this was my first time using it. I rarely shift between film simulations since I have a few of my own, which I stick to 99 percent of the time. But the dial does make saving these sims easier, and encouraged me to experiment with different looks a lot more than before. When it comes to video, you get 6.2k up to 30fps and 1080p up to 240fps. The X-E5 can also film in F-Log and F-Log 2 color spaces, so there is plenty of latitude for post-processing, which will match well with other Fujifilm cameras. And there's HLG HDR too. The rolling shutter isn't the greatest, although it's far from bad. But the X-E5 shouldn't be your primary video camera for two big reasons: the video mode takes a toll on this battery, and I've had it overheat after 13 minutes of continuous filming. As stated earlier, this Fuji is equipped with the same sensor we've seen for a few years now. It is a 40MP BSI CMOS 5 sensor and it is capable of making some great images. It has been my favorite Fuji sensor since the CMOS III. The photos are sharp, with plenty of detail, and the noise levels are well managed. Anything above 2000 ISO will slowly start to break down and look mushy and soft. This is where the 7-stop IBIS comes in and helps you to keep that shutter open for a bit longer, therefore lowering your ISO too. I brought this camera with me on a trip to Mexico along with a handful of lenses. The X-E5 proved to be a brilliant travel camera. I loved having the option to stick to my pancake 27mm for an ultra-compact setup or bring the all-rounder 16-55mm zoom lens for some versatility on a long day out. But despite how much I loved my time with the X-E5, all of the recent Fujifilm cameras are becoming too similar to each other when it comes to performance. Some of those cameras excel in some way, but the X-E5 doesn't have anything unique going for it. It is a classic jack of all trades. And that's not a bad thing. But once you start looking at the prices, you might have some second thoughts. When the X-E4 came out it was $850 and was seen as a hidden gem in the lineup. At $1,700, it starts to become a harder sell. However, if you do pick this one, be assured you're picking a brilliant and gorgeous camera. It might no longer be a hidden gem, but it's still a gem. Posts from this author will be added to your daily email digest and your homepage feed. See All by Vjeran Pavic Posts from this topic will be added to your daily email digest and your homepage feed. See All Camera Reviews Posts from this topic will be added to your daily email digest and your homepage feed. See All Cameras Posts from this topic will be added to your daily email digest and your homepage feed. See All Gadgets Posts from this topic will be added to your daily email digest and your homepage feed. See All Reviews Posts from this topic will be added to your daily email digest and your homepage feed. See All Tech
Forbes
20 hours ago
- Forbes
New FBI Warning — Windows And Linux Users Must Apply 2FA Now
FBI warns of Interlock threat - enable 2FA now. There are some weeks that I almost feel like I have joined the Federal Bureau of Investigation, given the number of alerts that I am exposed to. Within just the last few days, I have shared a warning to 10 million Android users to disconnect their devices, another for all smartphone users as phantom hacker attacks continue, and now comes the FBI recommendation for Windows and Linux users to urgently enable two-factor authentication to complete the cyber-trilogy. Here's everything you need to know when it comes to mitigating the Interlock ransomware threat. FBI And CISA Issue Joint Interlock Ransomware Warning A relatively new ransomware threat is, according to the Cybersecurity and Infrastructure Security Agency, on the rise and targeting both businesses and critical infrastructure providers with double-extortion attacks. A July 22 joint cybersecurity advisory, issued alongside the FBI under alert code aa25-203a, was prompted by ongoing FBI investigations that have identified both indicators of compromise and the tactics, techniques and procedures used by the attackers. 'The FBI is aware of Interlock ransomware encryptors designed for both Windows and Linux operating systems,' the alert confirmed. Although I would heartily recommend reading the full alert for all the technical details, the attacks can be summed up as employing drive-by-downloads and ClickFix social engineering to gain initial access. Once the system has been breached, the attackers then deployed credential stealers and keyloggers to obtain account credentials and execute the necessary lateral movement and privilege escalation required to deploy the ransomware and exfiltrate data. This article, however, is less about the how or why (they are after money, duh!) and more concerned with mitigation. Luckily, the FBI has some excellent and detailed advice about how to prevent such attacks, so let's take a look at what you need to do. Mitigating The Interlock Ransomware Threat — The FBI Recommendations Mitigating the Interlock threat Prevention is always better than cure, and that is no truer than when applied to the world of cybersecurity. Mitigating a threat is the priority for every security team, nobody wants to be dealing with the fallout of failings to do. The FBI is aware of this, which is why the cybersecurity alert features a large, red bullet point mitigation table at the top of the advisory. It's also why it's the focus of this article. While the 'actions for organizations to take today' list is, of course, extremely valuable, it is not the complete litigation picture. For that you need to dig deeper into the alert itself. Personally, I would move number four up to number one as well - especially the employing 2FA across accounts advice, as this is crucial in preventing the lateral movement and privilege escalation that enables a successful ransomware attack. But anyhoo, let's explore the full FBI mitigation advice in our own bullet point list, shall we? And, as the FBI notes, implement a recovery plan!
