Security News

Taiwanese network-attached storage devices maker QNAP on Thursday warned its customers of a fresh wave of DeadBolt ransomware attacks. "QNAP urges all NAS users to check and update QTS to the latest version as soon as possible, and avoid exposing their NAS to the internet," QNAP said in an advisory.

Publishing giant Nikkei disclosed that the group's headquarters in Singapore was hit by a ransomware attack almost one week ago, on May 13, 2022. "The affected server likely contained customer data, and Nikkei is currently in the process of determining the nature and scope of the attack," Nikkei added.

Taiwan-based network-attached storage maker QNAP warned customers on Thursday to secure their devices against attacks pushing DeadBolt ransomware payloads."According to the investigation by the QNAP Product Security Incident Response Team, the attack targeted NAS devices using QTS 4.3.6 and QTS 4.4.1, and the affected models were mainly TS-x51 series and TS-x53 series," the NAS maker said.

While higher education is typically not thought of as a targeted industry for ransomware attacks, a trend may be forming. As the most extreme example of a school being affected by ransomware, Lincoln College was forced to close its doors for good after 157 years of operation on May 13.

CISA issues advisory on top-10 attack vectors, finds hackers exploiting poor cyber practices. Cybersecurity and Infrastructure Security Agency has released a news advisory stating that cyber criminals have been taking advantage of users' "Poor security configurations, weak controls and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim's system." Additionally, the agency as part of the statement reviews the 10 most prevalent ways hackers breach networks and the methods companies can use to help mitigate the risk faced by potential attacks.

In a joint advisory issued today, CISA and the Multi-State Information Sharing and Analysis Center warned admins of active attacks targeting a critical F5 BIG-IP network security vulnerability. "CISA encourages users and administrators to review the joint advisory for detection methods and mitigations, which include updating F5 BIG-IP software, or, if unable to immediately update, applying temporary workarounds," the cybersecurity agency added.

Most advanced persistent threat groups use known vulnerabilities in their attacks against organizations, suggesting the need to prioritize faster patching rather than chasing zero-day flaws as a more effective security strategy, new research has found. One belief the research debunked is that all APTs are highly sophisticated and prefer attacking zero-day flaws rather than ones that have already been patched.

Microsoft warned of brute-forcing attacks targeting Internet-exposed and poorly secured Microsoft SQL Server database servers using weak passwords. Similar attacks against MSSQL servers were reported in March when they were targeted to deploy Gh0stCringe remote access trojans.

"Cyber actors routinely exploit poor security configurations, weak controls, and other poor cyber hygiene practices to gain initial access or as part of other tactics to compromise a victim's system," the joint advisory reads. Attackers also have a few favorite techniques they regularly use to gain initial access to their victims' networks, including the exploitation of Internet exposed applications, leveraging external-facing remote services, phishing, abusing orgs' trust in their partners, and using stolen credentials.

Security researchers at the NCC Group have developed a tool to carry out a Bluetooth Low Energy relay attack that bypasses all existing protections to authenticate on target devices. BLE technology is used in a wide spectrum of products, from electronics like laptops, mobile phones, smart locks, and building access control systems to cars like Tesla Model 3 and Model Y. Pushing out fixes for this security problem is complicated, and even if the response is immediate and coordinated, it would still take a long time for the updates to trickle to impacted products.