Daily NCSC-FI news followup 2020-07-27

Alert (AA20-209A) Potential Legacy Risk from Malware Targeting QNAP NAS Devices

us-cert.cisa.gov/ncas/alerts/aa20-209 CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP.. All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes. The malware, documented in open-source reports, has infected thousands of devices worldwide with a particularly high number of infections in North America and Europe. Further, once a device has been infected, attackers can prevent administrators from successfully running firmware updates. This alert summarizes the findings of CISA and NCSC analysis and provides mitigation advice. Lisäksi

www.zdnet.com/article/cisa-says-62000-qnap-nas-devices-have-been-infected-with-the-qsnatch-malware/#ftag=RSSbaffb68 ja

www.bleepingcomputer.com/news/security/uk-and-us-warn-qnap-owners-to-upgrade-firmware-to-block-malware/. Lisäksi Kyberturvallisuuskeskuksen artikkeli

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/qsnatch-qnap-nas-laitteisiin-suunnattu-haittaohjelma (2019)

Attackers Exploiting High-Severity Network Security Flaw, Cisco Warns

threatpost.com/attackers-exploiting-high-severity-network-security-flaw-cisco-warns/157756/ Attackers are exploiting a high-severity vulnerability in Cisco’s network security software products, which is used by Fortune 500 companies.

Garmin begins to restore Garmin Connect features, services, says customer data not impacted

www.zdnet.com/article/garmin-begins-to-restore-garmin-connect-features-services/ Garmin has started to bring its Garmin Connect software back online after a ransomware attack shelved the system since late Wednesday. The company also said that customer data hasn’t been impacted and that its cyberattack occurred July 23. Lisäksi Garminin lausunto

www.businesswire.com/news/home/20200727005634/en/Garmin%C2%AE-issues-statement-outage. Lisäksi www.is.fi/digitoday/tietoturva/art-2000006583230.html ja

www.bleepingcomputer.com/news/security/garmin-confirms-ransomware-attack-services-coming-back-online/ ja www.bbc.com/news/technology-53553576 ja

www.theverge.com/2020/7/27/21339910/garmin-back-online-recovery-ransomeware?mid=1#cid=1702965

Tech unicorn Dave admits to security breach impacting 7.5 million users

www.zdnet.com/article/tech-unicorn-dave-admits-to-security-breach-impacting-7-5-million-users Digital banking app and tech unicorn Dave.com confirmed today a security breach after a hacker published the details of 7, 516, 625 users on a public forum. Lisäksi

www.tivi.fi/uutiset/tv/dcc16173-86da-4097-a617-54f7a9c38a5e – Hakkerit korkkasivat suositun pankkisovelluksen: 7, 5 miljoonan asiakkaan tiedot vietiin. Lisäksi

www.zdnet.com/article/hackers-stole-github-and-gitlab-oauth-tokens-from-git-analytics-firm-waydev/

ProLock ransomware new report reveals the evolution of a threat

nakedsecurity.sophos.com/2020/07/27/prolock-ransomware-new-report-reveals-the-evolution-of-a-threat/ SophosLabs has just published a new report on a ransomware strain known as ProLock, which is interesting not so much for its implementation as for its evolution. Lisäksi Sophoksen raportti

news.sophos.com/en-us/2020/07/27/prolock-ransomware-gives-you-the-first-8-kilobytes-of-decryption-for-free/

No More Ransom turns 4: Saves $632 million in ransomware payments

www.bleepingcomputer.com/news/security/no-more-ransom-turns-4-saves-632-million-in-ransomware-payments/ The No More Ransom Project celebrates its fourth anniversary today after helping over 4.2 million visitors recover from a ransomware infection and saving an estimated $632 million in ransom payments. No More Ransom was created in 2016 through an alliance between Europol’s European Cybercrime Centre, the National High Tech Crime Unit of the Netherlands’ police, and McAfee to battle ransomware and provide free decryption services and support to victims. Lisäksi

www.zdnet.com/article/ransomware-these-free-decryption-tools-have-now-saved-victims-over-600m

FBI warns cyber actors abusing protocols as new DDoS attack vectors

securityaffairs.co/wordpress/106419/cyber-crime/fbi-warns-ddos-attacks-protocols.html The FBI issued an alert last week warning about the discovery of new network protocols that have been exploited to launch large-scale DDoS attacks. Lisäksi

dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/fbi-private-industry-notification-20200721-002.pdf (FBI:n ilmoitus)