October 28, 2019 By David Bisson 3 min read

Last week in security news, NordVPN revealed that one of its servers experienced a breach as a result of vulnerabilities affecting a third-party data center. Researchers also observed several notable events in the malware threat landscape: In addition to spotting a new Spelevo exploit campaign, they detected at least two new remote-access Trojan (RAT) variants as well as an entirely new ransomware family.

Top Story of the Week: NordVPN Clarifies Scale, Other Details of Breach

On Oct. 21, NordVPN explained that a security breach affected one of its servers located in Finland back in March 2018. The VPN provider attributed this incident to a misconfiguration involving the third-party data center that stored the server. NordVPN found evidence that the third party deleted the accounts that caused the vulnerabilities, but did not inform them about the incident.

NordVPN terminated its agreement with the third-party provider and launched an audit into its service. This investigation revealed that the incident affected two other VPN providers and exposed some TLS keys, but did not compromise any user credentials or activity logs.

Source: iStock

Also in Security News

  • Johnson City, Tennessee, Suffers Ransomware Attack: On Oct. 21, an employee for Johnson City, Tennessee, showed the municipality’s IT director a ransom note left by ransomware attackers. The IT director subsequently launched an investigation into what happened and learned that the ransomware had affected approximately half of the city’s 600 workstations.
  • Gustuff Banking Trojan Returns With New Features: Cisco Talos detected a new version of Gustuff that contained hardcoded software packages, thus lowering its static footprint. The variant also arrived with a JavaScript-based scripting engine that allowed its operator to execute scripts while using the malware’s own internal commands.
  • Spelevo Abuses Flash Player Flaw to Deliver Maze Ransomware: A security researcher observed the Spelevo exploit kit abusing a use-after-free vulnerability to target users running older versions of Flash Player. After coming across a vulnerable user, Spelevo leveraged arbitrary code execution to run Maze ransomware on the user’s machine.
  • MedusaLocker Ransomware Starts Making the Rounds: MalwareHunterTeam was the first to spot a sample of the new MedusaLocker ransomware family at the end of September. In its analysis, Bleeping Computer found that it was still unclear how attackers are distributing the threat, how much they’re demanding from victims and whether they’re actually providing a decryptor to victims who pay.
  • Vulnerable Developer Backends Threaten Alexa, Google Home Users: The team at SRLabs found several vulnerabilities that allowed attackers to capitalize on how smart devices like Alexa and Google Home receive and reply to commands. Researchers specifically found that bad actors could induce silence in an app for the purpose of conducting phishing and eavesdropping attacks again device owners.
  • New Variant of Remcos RAT on the Loose: Fortinet picked up on a spam campaign that used spoofing and fake payment advisory emails to open a .ZIP archive. Those who complied exposed themselves to a new variant of Remcos, a RAT family known for its data-grabbing capabilities.

Security Tip of the Week: Strengthen Your Organization’s Email Security

Email is one of the most common ways that ransomware and malware make their way into corporate systems. Security personnel can help strengthen their organization’s email security by conducting phishing simulations that evaluate employees’ awareness of these types of attacks.

Security teams should also consider deploying a layered approach to email security that uses artificial intelligence tools to monitor enterprise communication patterns and spot inconsistencies that could be indicative of a successful business email compromise (BEC) attack.

More from

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today