Security News

QNAP network-attached storage boxes are right now infected with the data-stealing QSnatch malware, the US and UK governments warned today. A joint statement from America's Cybersecurity and Infrastructure Security Agency and Britain's National Cyber Security Centre said the software nasty, first spotted in October, has hijacked tens of thousands as of mid-June, 2020, with "a particularly high number of infections in North America and Europe." It is estimated 7,600 hijacked QNAP boxes were in America, and 3,900 in the UK. The situation is particularly messy because Taiwan-based QNAP has not, to the best of our knowledge, disclosed exactly how the malware breaks into vulnerable boxes, advising simply that owners should ensure the latest firmware is installed to prevent future infection.

QNAP network-attached storage boxes are right now infected with the data-stealing QSnatch malware, the US and UK governments warned today. A joint statement from America's Cybersecurity and Infrastructure Security Agency and Britain's National Cyber Security Centre said the software nasty, first spotted in October, has hijacked tens of thousands as of mid-June, 2020, with "a particularly high number of infections in North America and Europe." It is estimated 7,600 hijacked QNAP boxes were in America, and 3,900 in the UK. The situation is particularly messy because Taiwan-based QNAP has not, to the best of our knowledge, disclosed exactly how the malware breaks into vulnerable boxes, advising simply that owners should ensure the latest firmware is installed to prevent future infection.

The backdoor first debuted as a proprietary OilRig weapon in 2017 and has gone through several updates since then, the firm noted, adding that timestamps indicate that OilRig added the steganography trick to RDAT's profile as far back as 2018. "To send emails from the compromised host, the payload uses the email associated with the account logged into the compromised host, as it uses the WinHTTP library to make requests to the API , which automatically attempts to log onto Exchange using the default credentials," according to the report.

Security researchers have discovered backdoors impacting a total of 29 Fiber-To-The-Home Optical Line Terminal devices from Chinese vendor C-Data. Security researchers Pierre Kim and Alexandre Torres discovered that the FD1104B and FD1108SN OLTs are impacted by several vulnerabilities, including a telnet server accessible from both the WAN and the FTTH LAN interfaces.

An amended version of America's controversial proposed EARN IT Act has been unanimously approved by the Senate Judiciary Committee - a key step in its journey to becoming law. Concerns over the law being used to force tech companies to introduce encryption backdoors led to an amendment [PDF], put forward by Senator Patrick Leahy, that stated online platforms won't face civil or criminal liability if they are unable to break end-to-end encryption in their own services.

Trojans, backdoors and droppers, oh my: These are the top three malware types being analyzed by threat intelligence teams, according to statistics out on Thursday. According to anonymized statistics from requests to the Kaspersky Threat Intelligence Portal, almost three quarters of the analyzed malicious files fell into those three categories.

Almost three quarters of all requests for analysis to Kaspersky's Threat Intelligence Portal were for trojans, backdoors, and droppers. Organizations and individuals must grapple with a variety of cyberthreats and malware from phishing attacks to ransomware to viruses to trojans and more.

GeoVision, a Taiwanese manufacturer of video surveillance systems and IP cameras, recently patched three of the four critical flaws impacting its card and fingerprint scanners that could've potentially allowed attackers to intercept network traffic and stage man-in-the-middle attacks. The first issue concerns a previously undocumented root password that permits an attacker backdoor access to a device by simply using the default password and remotely log in to the vulnerable device.

A trio of Republican senators on Tuesday proposed legislation that requires service providers and device makers in America to help the Feds bypass encryption when presented with a court-issued warrant. The law bill [PDF] is dubbed the Lawful Access to Encrypted Data Act, which uncharacteristically cannot be condensed into a pandering acronym.

More than a dozen U.S. officials have sent a letter to California-based networking and cybersecurity solutions provider Juniper Networks to ask the company about the results of the investigation launched in 2015 following the discovery of a backdoor in its products. Dual EC DRBG was known to contain a backdoor introduced by the NSA, which led some to speculate that the NSA may have planted the unauthorized code in Juniper products, while others said it could have been the work of a foreign government.