October 28, 2019 By David Bisson 3 min read

Last week in security news, NordVPN revealed that one of its servers experienced a breach as a result of vulnerabilities affecting a third-party data center. Researchers also observed several notable events in the malware threat landscape: In addition to spotting a new Spelevo exploit campaign, they detected at least two new remote-access Trojan (RAT) variants as well as an entirely new ransomware family.

Top Story of the Week: NordVPN Clarifies Scale, Other Details of Breach

On Oct. 21, NordVPN explained that a security breach affected one of its servers located in Finland back in March 2018. The VPN provider attributed this incident to a misconfiguration involving the third-party data center that stored the server. NordVPN found evidence that the third party deleted the accounts that caused the vulnerabilities, but did not inform them about the incident.

NordVPN terminated its agreement with the third-party provider and launched an audit into its service. This investigation revealed that the incident affected two other VPN providers and exposed some TLS keys, but did not compromise any user credentials or activity logs.

Source: iStock

Also in Security News

  • Johnson City, Tennessee, Suffers Ransomware Attack: On Oct. 21, an employee for Johnson City, Tennessee, showed the municipality’s IT director a ransom note left by ransomware attackers. The IT director subsequently launched an investigation into what happened and learned that the ransomware had affected approximately half of the city’s 600 workstations.
  • Gustuff Banking Trojan Returns With New Features: Cisco Talos detected a new version of Gustuff that contained hardcoded software packages, thus lowering its static footprint. The variant also arrived with a JavaScript-based scripting engine that allowed its operator to execute scripts while using the malware’s own internal commands.
  • Spelevo Abuses Flash Player Flaw to Deliver Maze Ransomware: A security researcher observed the Spelevo exploit kit abusing a use-after-free vulnerability to target users running older versions of Flash Player. After coming across a vulnerable user, Spelevo leveraged arbitrary code execution to run Maze ransomware on the user’s machine.
  • MedusaLocker Ransomware Starts Making the Rounds: MalwareHunterTeam was the first to spot a sample of the new MedusaLocker ransomware family at the end of September. In its analysis, Bleeping Computer found that it was still unclear how attackers are distributing the threat, how much they’re demanding from victims and whether they’re actually providing a decryptor to victims who pay.
  • Vulnerable Developer Backends Threaten Alexa, Google Home Users: The team at SRLabs found several vulnerabilities that allowed attackers to capitalize on how smart devices like Alexa and Google Home receive and reply to commands. Researchers specifically found that bad actors could induce silence in an app for the purpose of conducting phishing and eavesdropping attacks again device owners.
  • New Variant of Remcos RAT on the Loose: Fortinet picked up on a spam campaign that used spoofing and fake payment advisory emails to open a .ZIP archive. Those who complied exposed themselves to a new variant of Remcos, a RAT family known for its data-grabbing capabilities.

Security Tip of the Week: Strengthen Your Organization’s Email Security

Email is one of the most common ways that ransomware and malware make their way into corporate systems. Security personnel can help strengthen their organization’s email security by conducting phishing simulations that evaluate employees’ awareness of these types of attacks.

Security teams should also consider deploying a layered approach to email security that uses artificial intelligence tools to monitor enterprise communication patterns and spot inconsistencies that could be indicative of a successful business email compromise (BEC) attack.

More from

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

FBI, CISA issue warning for cross Apple-Android texting

3 min read - CISA and the FBI recently released a joint statement that the People's Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat. According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today