October 28, 2019 By David Bisson 3 min read

Last week in security news, NordVPN revealed that one of its servers experienced a breach as a result of vulnerabilities affecting a third-party data center. Researchers also observed several notable events in the malware threat landscape: In addition to spotting a new Spelevo exploit campaign, they detected at least two new remote-access Trojan (RAT) variants as well as an entirely new ransomware family.

Top Story of the Week: NordVPN Clarifies Scale, Other Details of Breach

On Oct. 21, NordVPN explained that a security breach affected one of its servers located in Finland back in March 2018. The VPN provider attributed this incident to a misconfiguration involving the third-party data center that stored the server. NordVPN found evidence that the third party deleted the accounts that caused the vulnerabilities, but did not inform them about the incident.

NordVPN terminated its agreement with the third-party provider and launched an audit into its service. This investigation revealed that the incident affected two other VPN providers and exposed some TLS keys, but did not compromise any user credentials or activity logs.

Source: iStock

Also in Security News

  • Johnson City, Tennessee, Suffers Ransomware Attack: On Oct. 21, an employee for Johnson City, Tennessee, showed the municipality’s IT director a ransom note left by ransomware attackers. The IT director subsequently launched an investigation into what happened and learned that the ransomware had affected approximately half of the city’s 600 workstations.
  • Gustuff Banking Trojan Returns With New Features: Cisco Talos detected a new version of Gustuff that contained hardcoded software packages, thus lowering its static footprint. The variant also arrived with a JavaScript-based scripting engine that allowed its operator to execute scripts while using the malware’s own internal commands.
  • Spelevo Abuses Flash Player Flaw to Deliver Maze Ransomware: A security researcher observed the Spelevo exploit kit abusing a use-after-free vulnerability to target users running older versions of Flash Player. After coming across a vulnerable user, Spelevo leveraged arbitrary code execution to run Maze ransomware on the user’s machine.
  • MedusaLocker Ransomware Starts Making the Rounds: MalwareHunterTeam was the first to spot a sample of the new MedusaLocker ransomware family at the end of September. In its analysis, Bleeping Computer found that it was still unclear how attackers are distributing the threat, how much they’re demanding from victims and whether they’re actually providing a decryptor to victims who pay.
  • Vulnerable Developer Backends Threaten Alexa, Google Home Users: The team at SRLabs found several vulnerabilities that allowed attackers to capitalize on how smart devices like Alexa and Google Home receive and reply to commands. Researchers specifically found that bad actors could induce silence in an app for the purpose of conducting phishing and eavesdropping attacks again device owners.
  • New Variant of Remcos RAT on the Loose: Fortinet picked up on a spam campaign that used spoofing and fake payment advisory emails to open a .ZIP archive. Those who complied exposed themselves to a new variant of Remcos, a RAT family known for its data-grabbing capabilities.

Security Tip of the Week: Strengthen Your Organization’s Email Security

Email is one of the most common ways that ransomware and malware make their way into corporate systems. Security personnel can help strengthen their organization’s email security by conducting phishing simulations that evaluate employees’ awareness of these types of attacks.

Security teams should also consider deploying a layered approach to email security that uses artificial intelligence tools to monitor enterprise communication patterns and spot inconsistencies that could be indicative of a successful business email compromise (BEC) attack.

More from

How I got started: Incident responder

3 min read - As a cybersecurity incident responder, life can go from chill to chaos in seconds. What is it about being an incident responder that makes people want to step up for this crucial cybersecurity role?With our How I Got Started series, we learn from experts in their field and find out how they got started and what advice they have for anyone looking to get into the field.In this Q&A, we spoke with IBM’s own Dave Bales, co-lead X-Force Incident Command…

Zero-day exploits underscore rising risks for internet-facing interfaces

3 min read - Recent reports confirm the active exploitation of a critical zero-day vulnerability targeting Palo Alto Networks’ Next-Generation Firewalls (NGFW) management interfaces. While Palo Alto’s swift advisories and mitigation guidance offer a starting point for remediation, the broader implications of such vulnerabilities demand attention from organizations globally.The surge in attacks on internet-facing management interfaces highlights an evolving threat landscape and necessitates rethinking how organizations secure critical assets.Who is exploiting the NGFW zero-day?As of now, little is known about the actors behind the…

How TikTok is reframing cybersecurity efforts

4 min read - You might think of TikTok as the place to go to find out new recipes and laugh at silly videos. And as a cybersecurity professional, TikTok’s potential data security issues are also likely to come to mind. However, in recent years, TikTok has worked to promote cybersecurity through its channels and programs. To highlight its efforts, TikTok celebrated Cybersecurity Month by promoting its cybersecurity focus and sharing cybersecurity TikTok creators.Global Bug Bounty program with HackerOneDuring Cybersecurity Month, the social media…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today