Security News > 2020 > July

Cybersecurity researchers on Thursday revealed security issues in the Android app developed by Chinese drone-maker Da Jiang Innovations that comes with an auto-update mechanism that bypasses Google Play Store and could be used to install malicious applications and transmit sensitive personal information to DJI's servers. "Given the wide permissions required by DJI GO 4 - contacts, microphone, camera, location, storage, change network connectivity - the DJI or Weibo Chinese servers have almost full control over the user's phone."

Cybersecurity researchers on Thursday revealed security issues in the Android app developed by Chinese drone-maker Da Jiang Innovations that comes with an auto-update mechanism that bypasses Google Play Store and could be used to install malicious applications and transmit sensitive personal information to DJI's servers. "Given the wide permissions required by DJI GO 4 - contacts, microphone, camera, location, storage, change network connectivity - the DJI or Weibo Chinese servers have almost full control over the user's phone."

Called QSnatch, the data-stealing malware is said to have compromised 62,000 devices since reports emerged last October, with a high degree of infection in Western Europe and North America. "All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes," the US Cybersecurity and Infrastructure Security Agency and the UK's National Cyber Security Centre said in the alert.

Called QSnatch, the data-stealing malware is said to have compromised 62,000 devices since reports emerged last October, with a high degree of infection in Western Europe and North America. "All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes," the US Cybersecurity and Infrastructure Security Agency and the UK's National Cyber Security Centre said in the alert.

Cloudflare announced the release of Cloudflare Workers Unbound, offering a serverless platform for developers with unparalleled flexibility, performance, security, ease of use, and pricing. "Cloudflare Workers Unbound is the most compelling serverless platform available," said Matthew Prince, co-founder and CEO of Cloudflare.

Dragos announced that through a partnership with Fortinet it has released an initial integration of the Dragos Platform with FortiSIEM, giving cyber defenders at industrial organizations a unified view of threats and events across the converged enterprise IT and industrial OT environment. Threats detected on OT networks via the Dragos Platform can now be visualized in FortiSIEM. The integration between Dragos and Fortinet is certified for release and provides complete visibility of IT and OT threats to simplify the response workflows for defenders.

The adoption of mobile and cloud, and the coronavirus pandemic forcing people to work from home, shows you can no longer rely on computer security based on a simple network perimeter. There is no silver bullet in achieving a zero-trust architecture.

This story is about the victims of a particularly aggressive business ID theft ring that's spent years targeting small businesses across the country and is now pivoting toward using that access for pandemic assistance loans and unemployment benefits. In 2019, Dun & Bradstreet saw more than a 100 percent increase in business identity theft.

BDO USA launched Athenagy, a proprietary business intelligence platform for legal professionals. Designed to integrate with a highly secure, customized Relativity®One environment, Athenagy helps legal professionals not just manage the business of e-discovery, but optimize it.

QNAP network-attached storage boxes are right now infected with the data-stealing QSnatch malware, the US and UK governments warned today. A joint statement from America's Cybersecurity and Infrastructure Security Agency and Britain's National Cyber Security Centre said the software nasty, first spotted in October, has hijacked tens of thousands as of mid-June, 2020, with "a particularly high number of infections in North America and Europe." It is estimated 7,600 hijacked QNAP boxes were in America, and 3,900 in the UK. The situation is particularly messy because Taiwan-based QNAP has not, to the best of our knowledge, disclosed exactly how the malware breaks into vulnerable boxes, advising simply that owners should ensure the latest firmware is installed to prevent future infection.