-
How your digital footprint can impact your life
With the rise of social media and online platforms, every click and keystroke contributes to our digital footprint. This collection of online actions, such as social media updates, online purchases, a...
-
TunnelVision: ExpressVPN’s statement and assessment of the technique
You may be hearing reports of a new vulnerability called TunnelVision that can allow an attacker to bypass VPN protection under certain circumstances. We’d like to take a moment to explain the repor...
-
Why we’d never install a Trusted Root CA on your device
Editor’s note: This post is written by Brian S., a pen test manager on ExpressVPN's cybersecurity team. Recent media articles have reported on the risky practice by other VPN providers of installing...
-
Code integrity primer: GitHub commit signature verification via YubiKey
Editor’s note: This post is part of our series for cybersecurity professionals and hobbyists, written by Shawn T., a threat hunter on ExpressVPN’s cybersecurity team. At ExpressVPN, we continuous...
-
Log4Shell’s long-tail impact on your security
Much of the press has focused on the impact of the Log4j vulnerability on services hosted across the internet. The damage there cannot be ignored, and it has been touted as one of the worst vulnerabil...
-
Cybersecurity lessons: A PATH vulnerability in Windows
Editor’s note: This post is part of our series for cybersecurity professionals and hobbyists, written by ExpressVPN's cybersecurity team. In one of our regular security audits of ExpressVPN applica...
-
Cybersecurity lessons: Safer private keys with Shamir’s Secret Sharing
Editor’s note: This post is part of our series for cybersecurity professionals and hobbyists, written by Tim T., a penetration tester on ExpressVPN’s cybersecurity team. Since their emergence, di...
-
Cybersecurity lessons: Privilege escalation via file read/write
Editor’s note: This post is part of our series for cybersecurity professionals and hobbyists, written by Usman K., a penetration tester on ExpressVPN’s cybersecurity team. Protecting users’ pri...
-
Cybersecurity lessons: Risk of email takeover via a 4th-party provider
Editor’s note: This post is part of our series for cybersecurity professionals and hobbyists, written by Harsh S., a penetration tester on ExpressVPN’s cybersecurity team. Companies are increasing...
-
Cybersecurity lessons: Flaw in Zendesk file-upload feature
Editor’s note: This post is part of our series for cybersecurity professionals and hobbyists, written by Aaron E., head of cybersecurity at ExpressVPN. Late last year we received a bug report via ...
