Daily NCSC-FI news followup 2020-07-27

Alert (AA20-209A) Potential Legacy Risk from Malware Targeting QNAP NAS Devices

us-cert.cisa.gov/ncas/alerts/aa20-209 CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP.. All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes. The malware, documented in open-source reports, has infected thousands of devices worldwide with a particularly high number of infections in North America and Europe. Further, once a device has been infected, attackers can prevent administrators from successfully running firmware updates. This alert summarizes the findings of CISA and NCSC analysis and provides mitigation advice. Lisäksi

www.zdnet.com/article/cisa-says-62000-qnap-nas-devices-have-been-infected-with-the-qsnatch-malware/#ftag=RSSbaffb68 ja

www.bleepingcomputer.com/news/security/uk-and-us-warn-qnap-owners-to-upgrade-firmware-to-block-malware/. Lisäksi Kyberturvallisuuskeskuksen artikkeli

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/qsnatch-qnap-nas-laitteisiin-suunnattu-haittaohjelma (2019)

Attackers Exploiting High-Severity Network Security Flaw, Cisco Warns

threatpost.com/attackers-exploiting-high-severity-network-security-flaw-cisco-warns/157756/ Attackers are exploiting a high-severity vulnerability in Cisco’s network security software products, which is used by Fortune 500 companies.

Garmin begins to restore Garmin Connect features, services, says customer data not impacted

www.zdnet.com/article/garmin-begins-to-restore-garmin-connect-features-services/ Garmin has started to bring its Garmin Connect software back online after a ransomware attack shelved the system since late Wednesday. The company also said that customer data hasn’t been impacted and that its cyberattack occurred July 23. Lisäksi Garminin lausunto

www.businesswire.com/news/home/20200727005634/en/Garmin%C2%AE-issues-statement-outage. Lisäksi www.is.fi/digitoday/tietoturva/art-2000006583230.html ja

www.bleepingcomputer.com/news/security/garmin-confirms-ransomware-attack-services-coming-back-online/ ja www.bbc.com/news/technology-53553576 ja


Tech unicorn Dave admits to security breach impacting 7.5 million users

www.zdnet.com/article/tech-unicorn-dave-admits-to-security-breach-impacting-7-5-million-users Digital banking app and tech unicorn Dave.com confirmed today a security breach after a hacker published the details of 7, 516, 625 users on a public forum. Lisäksi

www.tivi.fi/uutiset/tv/dcc16173-86da-4097-a617-54f7a9c38a5e – Hakkerit korkkasivat suositun pankkisovelluksen: 7, 5 miljoonan asiakkaan tiedot vietiin. Lisäksi


ProLock ransomware new report reveals the evolution of a threat

nakedsecurity.sophos.com/2020/07/27/prolock-ransomware-new-report-reveals-the-evolution-of-a-threat/ SophosLabs has just published a new report on a ransomware strain known as ProLock, which is interesting not so much for its implementation as for its evolution. Lisäksi Sophoksen raportti


No More Ransom turns 4: Saves $632 million in ransomware payments

www.bleepingcomputer.com/news/security/no-more-ransom-turns-4-saves-632-million-in-ransomware-payments/ The No More Ransom Project celebrates its fourth anniversary today after helping over 4.2 million visitors recover from a ransomware infection and saving an estimated $632 million in ransom payments. No More Ransom was created in 2016 through an alliance between Europol’s European Cybercrime Centre, the National High Tech Crime Unit of the Netherlands’ police, and McAfee to battle ransomware and provide free decryption services and support to victims. Lisäksi


FBI warns cyber actors abusing protocols as new DDoS attack vectors

securityaffairs.co/wordpress/106419/cyber-crime/fbi-warns-ddos-attacks-protocols.html The FBI issued an alert last week warning about the discovery of new network protocols that have been exploited to launch large-scale DDoS attacks. Lisäksi

dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/fbi-private-industry-notification-20200721-002.pdf (FBI:n ilmoitus)

You might be interested in …

Daily NCSC-FI news followup 2021-04-18

Ryuk ransomware operation updates hacking techniques www.bleepingcomputer.com/news/security/ryuk-ransomware-operation-updates-hacking-techniques/ Recent attacks from Ryuk ransomware operators show that the actors have a new preference when it comes to gaining initial access to the victim network. The trend observed in attacks this year reveals a predilection towards targeting hosts with remote desktop connections exposed on the public internet. Discord […]

Read More

Daily NCSC-FI news followup 2019-11-25

Livingston School District in New Jersey Hit With Ransomware www.bleepingcomputer.com/news/security/livingston-school-district-in-new-jersey-hit-with-ransomware/ Students at the Livingston public school district in New Jersey are undoubtedly happy for a two hour delayed opening tomorrow. Unfortunately, this delay is not being caused by snow, but rather by a ransomware attack that the district is still recovering from. Hidden Cam Above […]

Read More

Daily NCSC-FI news followup 2020-04-02

Hackers linked to Iran target WHO staff emails during coronavirus www.reuters.com/article/us-health-coronavirus-cyber-iran-exclusi/exclusive-hackers-linked-to-iran-target-who-staff-emails-during-coronavirus-sources-idUSKBN21K1RC Hackers working in the interests of the Iranian government have attempted to break into the personal email accounts of staff at the World Health Organization during the coronavirus outbreak, four people with knowledge of the matter told Reuters. CORONAVIRUS TROJAN OVERWRITING THE MBR securitynews.sonicwall.com/xmlpost/coronavirus-trojan-overwriting-the-mbr/ […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.