Daily NCSC-FI news followup 2020-07-27

Alert (AA20-209A) Potential Legacy Risk from Malware Targeting QNAP NAS Devices

us-cert.cisa.gov/ncas/alerts/aa20-209 CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP.. All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes. The malware, documented in open-source reports, has infected thousands of devices worldwide with a particularly high number of infections in North America and Europe. Further, once a device has been infected, attackers can prevent administrators from successfully running firmware updates. This alert summarizes the findings of CISA and NCSC analysis and provides mitigation advice. Lisäksi

www.zdnet.com/article/cisa-says-62000-qnap-nas-devices-have-been-infected-with-the-qsnatch-malware/#ftag=RSSbaffb68 ja

www.bleepingcomputer.com/news/security/uk-and-us-warn-qnap-owners-to-upgrade-firmware-to-block-malware/. Lisäksi Kyberturvallisuuskeskuksen artikkeli

www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/qsnatch-qnap-nas-laitteisiin-suunnattu-haittaohjelma (2019)

Attackers Exploiting High-Severity Network Security Flaw, Cisco Warns

threatpost.com/attackers-exploiting-high-severity-network-security-flaw-cisco-warns/157756/ Attackers are exploiting a high-severity vulnerability in Cisco’s network security software products, which is used by Fortune 500 companies.

Garmin begins to restore Garmin Connect features, services, says customer data not impacted

www.zdnet.com/article/garmin-begins-to-restore-garmin-connect-features-services/ Garmin has started to bring its Garmin Connect software back online after a ransomware attack shelved the system since late Wednesday. The company also said that customer data hasn’t been impacted and that its cyberattack occurred July 23. Lisäksi Garminin lausunto

www.businesswire.com/news/home/20200727005634/en/Garmin%C2%AE-issues-statement-outage. Lisäksi www.is.fi/digitoday/tietoturva/art-2000006583230.html ja

www.bleepingcomputer.com/news/security/garmin-confirms-ransomware-attack-services-coming-back-online/ ja www.bbc.com/news/technology-53553576 ja


Tech unicorn Dave admits to security breach impacting 7.5 million users

www.zdnet.com/article/tech-unicorn-dave-admits-to-security-breach-impacting-7-5-million-users Digital banking app and tech unicorn Dave.com confirmed today a security breach after a hacker published the details of 7, 516, 625 users on a public forum. Lisäksi

www.tivi.fi/uutiset/tv/dcc16173-86da-4097-a617-54f7a9c38a5e – Hakkerit korkkasivat suositun pankkisovelluksen: 7, 5 miljoonan asiakkaan tiedot vietiin. Lisäksi


ProLock ransomware new report reveals the evolution of a threat

nakedsecurity.sophos.com/2020/07/27/prolock-ransomware-new-report-reveals-the-evolution-of-a-threat/ SophosLabs has just published a new report on a ransomware strain known as ProLock, which is interesting not so much for its implementation as for its evolution. Lisäksi Sophoksen raportti


No More Ransom turns 4: Saves $632 million in ransomware payments

www.bleepingcomputer.com/news/security/no-more-ransom-turns-4-saves-632-million-in-ransomware-payments/ The No More Ransom Project celebrates its fourth anniversary today after helping over 4.2 million visitors recover from a ransomware infection and saving an estimated $632 million in ransom payments. No More Ransom was created in 2016 through an alliance between Europol’s European Cybercrime Centre, the National High Tech Crime Unit of the Netherlands’ police, and McAfee to battle ransomware and provide free decryption services and support to victims. Lisäksi


FBI warns cyber actors abusing protocols as new DDoS attack vectors

securityaffairs.co/wordpress/106419/cyber-crime/fbi-warns-ddos-attacks-protocols.html The FBI issued an alert last week warning about the discovery of new network protocols that have been exploited to launch large-scale DDoS attacks. Lisäksi

dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/fbi-private-industry-notification-20200721-002.pdf (FBI:n ilmoitus)

You might be interested in …

Daily NCSC-FI news followup 2020-10-01

Russia’s Fancy Bear Hackers Likely Penetrated a US Federal Agency www.wired.com/story/russias-fancy-bear-hack-us-federal-agency/ New clues indicate that APT28 may be behind a mysterious intrusion that US officials disclosed last week. MAR-10303705-1.v1 Remote Access Trojan: SLOTHFULMEDIA us-cert.cisa.gov/ncas/analysis-reports/ar20-275a The sample is a dropper, which deploys two files when executed. The first is a remote access tool (RAT) named mediaplayer.exe”, […]

Read More

Daily NCSC-FI news followup 2020-02-05

Malware infection attempts appear to be shrinking… possibly because miscreants are less spammy and more focused on specific targets www.theregister.co.uk/2020/02/04/sonicwall_threat_report/ Attempts to infect computers with ransomware and other malware over networks are decreasing, reckons infosec outfit Sonicwall. FBI Warns of DDoS Attack on State Voter Registration Site www.bleepingcomputer.com/news/security/fbi-warns-of-ddos-attack-on-state-voter-registration-site/ The US Federal Bureau of Investigation (FBI) […]

Read More

Daily NCSC-FI news followup 2019-10-26

U.N., UNICEF, Red Cross Under Ongoing Mobile Attack threatpost.com/un-unicef-red-cross-mobile-attack/149556/ A smart mobile-first phishing effort uses valid certificates to sign fake Office 365 pages, and logs keystrokes in real time. An ongoing, mobile-focused phishing campaign is targeting the United Nations and several humanitarian aid organizations, including UNICEF, the Red Cross and UN World Food. The campaign […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.