October 28, 2019 By David Bisson 3 min read

Last week in security news, NordVPN revealed that one of its servers experienced a breach as a result of vulnerabilities affecting a third-party data center. Researchers also observed several notable events in the malware threat landscape: In addition to spotting a new Spelevo exploit campaign, they detected at least two new remote-access Trojan (RAT) variants as well as an entirely new ransomware family.

Top Story of the Week: NordVPN Clarifies Scale, Other Details of Breach

On Oct. 21, NordVPN explained that a security breach affected one of its servers located in Finland back in March 2018. The VPN provider attributed this incident to a misconfiguration involving the third-party data center that stored the server. NordVPN found evidence that the third party deleted the accounts that caused the vulnerabilities, but did not inform them about the incident.

NordVPN terminated its agreement with the third-party provider and launched an audit into its service. This investigation revealed that the incident affected two other VPN providers and exposed some TLS keys, but did not compromise any user credentials or activity logs.

Source: iStock

Also in Security News

  • Johnson City, Tennessee, Suffers Ransomware Attack: On Oct. 21, an employee for Johnson City, Tennessee, showed the municipality’s IT director a ransom note left by ransomware attackers. The IT director subsequently launched an investigation into what happened and learned that the ransomware had affected approximately half of the city’s 600 workstations.
  • Gustuff Banking Trojan Returns With New Features: Cisco Talos detected a new version of Gustuff that contained hardcoded software packages, thus lowering its static footprint. The variant also arrived with a JavaScript-based scripting engine that allowed its operator to execute scripts while using the malware’s own internal commands.
  • Spelevo Abuses Flash Player Flaw to Deliver Maze Ransomware: A security researcher observed the Spelevo exploit kit abusing a use-after-free vulnerability to target users running older versions of Flash Player. After coming across a vulnerable user, Spelevo leveraged arbitrary code execution to run Maze ransomware on the user’s machine.
  • MedusaLocker Ransomware Starts Making the Rounds: MalwareHunterTeam was the first to spot a sample of the new MedusaLocker ransomware family at the end of September. In its analysis, Bleeping Computer found that it was still unclear how attackers are distributing the threat, how much they’re demanding from victims and whether they’re actually providing a decryptor to victims who pay.
  • Vulnerable Developer Backends Threaten Alexa, Google Home Users: The team at SRLabs found several vulnerabilities that allowed attackers to capitalize on how smart devices like Alexa and Google Home receive and reply to commands. Researchers specifically found that bad actors could induce silence in an app for the purpose of conducting phishing and eavesdropping attacks again device owners.
  • New Variant of Remcos RAT on the Loose: Fortinet picked up on a spam campaign that used spoofing and fake payment advisory emails to open a .ZIP archive. Those who complied exposed themselves to a new variant of Remcos, a RAT family known for its data-grabbing capabilities.

Security Tip of the Week: Strengthen Your Organization’s Email Security

Email is one of the most common ways that ransomware and malware make their way into corporate systems. Security personnel can help strengthen their organization’s email security by conducting phishing simulations that evaluate employees’ awareness of these types of attacks.

Security teams should also consider deploying a layered approach to email security that uses artificial intelligence tools to monitor enterprise communication patterns and spot inconsistencies that could be indicative of a successful business email compromise (BEC) attack.

More from

When you shouldn’t patch: Managing your risk factors

4 min read - Look at any article with advice about best practices for cybersecurity, and about third or fourth on that list, you’ll find something about applying patches and updates quickly and regularly. Patching for known vulnerabilities is about as standard as it gets for good cybersecurity hygiene, right up there with using multi-factor authentication and thinking before you click on links in emails from unknown senders.So imagine my surprise when attending Qualys QSC24 in San Diego to hear a number of conference…

The straight and narrow — How to keep ML and AI training on track

3 min read - Artificial intelligence (AI) and machine learning (ML) have entered the enterprise environment.According to the IBM AI in Action 2024 Report, two broad groups are onboarding AI: Leaders and learners. Leaders are seeing quantifiable results, with two-thirds reporting 25% (or greater) boosts to revenue growth. Learners, meanwhile, say they're following an AI roadmap (72%), but just 40% say their C-suite fully understands the value of AI investment.One thing they have in common? Challenges with data security. Despite their success with AI…

Reducing ransomware recovery costs in education

4 min read - 2024 continued the trend of ransomware attacks in the education sector making headlines. The year opened with Freehold Township School District in New Jersey canceling classes due to a ransomware attack. Students at New Mexico Highlands University missed classes for several days while employees experienced disruption of their paychecks after a ransomware attack. The attack on the Alabama Department of Education served as a reminder that all school systems are vulnerable.Ransomware attacks in education decreasingThe year closes with some positive news…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today