Cybersecurity Weekly: NordVPN, Remote website server hack and Samsung fingerprint bypass

Each week, Wipfli’s cybersecurity professionals review the latest breaches, vulnerabilities, patches and updates.

Breaches

• NordVPN has acknowledged that one of its data centers was breached in March 2018. The attacker accessed a server at a data center in Finland through an unsecured remote management system. In a blog post about the incident, NordVPN writes, “The attacker gained access to the server by exploiting an insecure remote management system left by the datacenter provider while we were unaware that such a system existed.”
• An Elasticsearch database belonging to the Autoclerk reservations management system was left unprotected on the Internet. The database contains data related to more than 100,000 bookings. The compromised information includes unencrypted login credentials and travel arrangements. Among the affected booking entities are government contractors responsible for arranging travel for government and military personnel.
• Adobe secured a database with 7.5 million records belonging to Adobe Creative Cloud users. The cache was not protected in any way, allowing anyone access to client information if they knew how to find it. Although the details included are not highly sensitive, they could be used to launch better-crafted phishing campaigns against customers whose data was exposed. 

Vulnerabilities

• A newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely, tracked as CVE-2019-11043, affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the wild and could be exploited easily as a proof-of-concept (PoC) exploit for the flaw has already been released publicly. 
• Vulnerabilities in Avast Antivirus, AVG Antivirus, and Avira Antivirus could allow an attacker to load a malicious DLL file in an effort to bypass defenses and escalate privileges. This vulnerability is being tracked as CVE-2019-17093 and impacts all versions of Avast Antivirus and AVG Antivirus. 
• US-CERT Vulnerability Summary for the week of October 21, 2019. 

Patches & Updates

• Samsung is rolling out a fix for a flaw that allows the ultrasonic fingerprint recognition feature to be bypassed on the Galaxy S10 and the Note10 phones when a third-party screen protector is used on the devices. Users should look for an update notification called “Biometric Update.” 
• Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. 
• Google has released Chrome version 78.0.3904.70 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.