Security News > 2020 > July

QNAP network-attached storage boxes are right now infected with the data-stealing QSnatch malware, the US and UK governments warned today. A joint statement from America's Cybersecurity and Infrastructure Security Agency and Britain's National Cyber Security Centre said the software nasty, first spotted in October, has hijacked tens of thousands as of mid-June, 2020, with "a particularly high number of infections in North America and Europe." It is estimated 7,600 hijacked QNAP boxes were in America, and 3,900 in the UK. The situation is particularly messy because Taiwan-based QNAP has not, to the best of our knowledge, disclosed exactly how the malware breaks into vulnerable boxes, advising simply that owners should ensure the latest firmware is installed to prevent future infection.

Microsoft has revamped its Windows Insider Preview bug bounty program with higher rewards and an improved portal for bounty hunters to report flaws, in an effort to help sniff out more vulnerabilities on its platform. The Microsoft Windows Insider Preview bounty program is part of the Microsoft Windows Bounty Program, launched in 2017, which encompasses flaws in all features of the Windows Insider Preview in addition to focus areas in Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge.

Computer networks of the smartwatch and electronics firm Garmin were coming back online Monday, the company said, after an outage widely believed to have been due to a ransomware attack. "We are happy to report that many of the systems and services affected by the recent outage, including Garmin Connect, are returning to operation," Garmin said in an online post.

SophosLabs has just published a new report on a ransomware strain known as ProLock, which is interesting not so much for its implementation as for its evolution. Most ransomware scrambles the whole file, so monitoring access to the start of each file is an efficient way of spotting some, but not all, unauthorised changes.

Cisco is warning that a high-severity flaw in its network security software is being actively exploited - allowing remote, unauthenticated attackers to access sensitive data. "The Cisco Product Security Incident Response Team is aware of the existence of public exploit code and active exploitation of the vulnerability that is described in this advisory," according to Cisco.

The creators of the Mooltipass hardware password manager have unveiled the Mooltipass Mini BLE, a Bluetooth-enabled version of the device that includes many new and useful features. Back in 2016, SecurityWeek reviewed the second generation of the Mooltipass open source hardware password manager, the Mooltipass Mini.

We have not yet seen any as overt bills as this that directly go to saying encryption out loud. One of these more recent related bills that we're seeing is the EARN IT act.

Digital banking service Dave announced over the weekend that user data was compromised in a third-party security incident. The newly disclosed data breach, Dave says, was the result of a security incident at Git analytics tool Waydev, a former service provider for Dave.

In Japan, a cyberstalker located his victim by enhancing the reflections in her eye, and using that information to establish a location. Reminds me of the image enhancement scene in Blade Runner....

While some might be quick to moan about the youth of today, PwC suggests that the findings indicate a wider cultural issue around how companies structure workplace cybersecurity training, compounded with the many issues that employees currently face while working from home. Nearly 70% of CISOs and CIOs surveyed by PwC said they had increased security training as a result of COVID-19; yet only 30% of employees said their employer offered training on the dos and don'ts of protecting company assets and data.