News aggregator Flipboard became a victim of data leakage, this information confirmed in the company.…
“The attacker gained access to the server — which had been active for about a month — by exploiting an insecure remote management system left by the data center provider”, — reported in NordVPN.
Was compromised server with the remote control system left by the lessor of the Data center. NordVPN did not know about the existence of this system, they assured the company.
“No user activity logs were stored on the server itself; none of our applications sent user credentials for authentication, so logins and passwords could not be intercepted. On the same note, the only possible way to abuse the website traffic was by performing a personalized and complicated man-in-the-middle attack to intercept a single connection that tried to access NordVPN”, — said VPN-service representatives.
NordVPN said it learned about the hacking “a few months ago,” but a company spokesman said it hadn’t been publicly reported until today because they wanted to be “100% sure that every component in the infrastructure is safe.”
Read also: Information security researcher publishes PoC exploit for critical vulnerability in Android
An anonymous cybersecurity specialist warned that NordVPN is ignoring a broader issue that is possible access by attackers to other company systems.
“Your car has just been hijacked and you argue which buttons he criminal pressed on the radio? ”They spent millions on ads, but apparently nothing on effective defensive security”, — noted anonymous TechCrunch respondent.
NordVPN was recently recommended by TechRadar and PCMag. CNET described it as its “favorite” VPN provider.
Qehu - General Info Qehu is a destructive software functioning as typical ransomware. Michael Gillespie,…
Qepi Virus - Details Qepi is a destructive software functioning as typical ransomware. Michael Gillespie,…
Wifebaabuy.live is a domain that tries to trick you into clik to its browser notifications…
Relativeads.net is a domain that tries to force you into clik to its browser notifications…
Vamtoacm.com is a domain that tries to force you into clik to its browser notifications…
Clicks2apk.com is a site that tries to force you into subscribing to its browser notifications…
View Comments
"An anonymous cybersecurity specialist" - sounds legit, especially when the market is extremely cutthroat. The point is that no data was leaked and no users were affected, so I think the whole case is a bit exaggerated. Afaik, NordVPN followed this up with an appealing security plan they're gonna be undertaking, interested to see how it goes