In brief NordVPN has hit the go-live button for the first of its colocated servers.
The move means the VPN provider can take tighter control over the service as it now only rents space for its own custom servers, rather than renting someone else's server in a data centre. The difference being that NordVPN gets to control all the hardware and settings.
This dates back to October 2019, when NordVPN was embarrassed by hackers who managed to get into a rented server that was being used to host the VPN service. One of the company's planned security improvements was to move to colocated facilities.
The first of the colocated setups has gone live in Finland, with data centres in other parts of the world planned.
With Patch Tuesday looming, there's a fresh round of Cisco bug fixes
Admins will want to take some time to review the latest security rollout from Cisco.
There are no critical fixes, but there are a trio of patches for high-risk issues: a DLL hijacking flaw in WebEx Teams client, an authorization bypass in the Identity Services Engine, and remote code execution in the Video Surveillance 8000 series cameras.
There are also 11 more fixes for bugs considered to be medium risk but worth patching as sometimes these exploits can be chained together to perform more severe attacks.
Also, keep in mind that 13 October is Patch Tuesday so there is going to be a lot of updating to do all week.
Fitbit watches in malware scare
It might not be the attack that brings down a Fortune 500 company, but a vulnerability in the Fitbit app could still result in users exposing a lot more information than they would want.
Kev Breen of Immersive Labs discovered how a quirk in the developer portal for Fitbit's Gallery app service allowed an attacker to create an app, such as a watch face, and generate a fitbit.com URL for download. While the malicious app wouldn't actually be on the service, the fitbit.com URL could be used to trick users into downloading it from other sites.
So what would a malicious app on the Fitbit be able to do?
"Essentially, it could send device type, location, and user information including gender, age, height, heart rate and weight. It could also access calendar information," said Breen.
"While this doesn't include PII profile data, the calendar invites could expose additional information such as names and locations."
And here we see in its natural habitat the rare Golang RAT
BitDefender has found something you don't see every day: a remote-access trojan – a fancy term for malware that opens a backdoor on your computer – written in the Go language that targets Oracle servers.
The software nasty specifically targets servers running Oracle WebLogic by exploiting CVE-2019-2725. Once inside, it does what RAT attacks do: gives the attacker a backdoor they can use to harvest files from the server.
"Oracle WebLogic servers are not normally exposed to the online world, but not everyone is careful," noted BitDefender.
"When CVE-2019-2725 came out, a rough estimate was that attackers could compromise tens of thousands of unsecured WebLogic servers."
So why Go? Well, one of the advantages could be versatility. While the malware mainly targets Linux on x86 for now, BitDefender said that the Go code can easily be ported to get the RAT running on other setups if need be.
Kaspersky dissects 'MontysThree' attack
The team over at Kaspersky has dug into a rather unusual targeted attack being wielded against Cyrillic-localized Windows machines.
Dubbed MontysThree, the attack is noteworthy for a couple of reasons. First, it is apparently targeted at stealing data from industrial sector companies, rather than, say, the government or tech sector.
Second, it features a rather rare use of steganography to move its payloads. The second stage of the intrusion, where the malware dials back home to its command-and-control server, encodes the communication within the pixels of a bitmap file. ®