Security News

Get your internet-exposed, network-attached storage devices off the internet now, Taiwanese manufacturer QNAP warns: Ransomware and brute-force attacks are widely targeting all network devices. "The most vulnerable victims will be those devices exposed to the Internet without any protection," QNAP said on Friday, urging all QNAP NAS users to follow security-setting instructions that the Taiwanese NAS maker included in its alert.

QNAP has warned customers today to secure Internet-exposed network-attached storage devices immediately from ongoing ransomware and brute-force attacks. "QNAP urges all QNAP NAS users to follow the security setting instructions below to ensure the security of QNAP networking devices," the Taiwanese NAS maker said in a press release issued today.

Driven by the acceleration of digital transformation and cloud migration during the pandemic, the analysis of the world's top 1 million sites over the last 18 months shows that in many ways, the internet is becoming more secure. Despite the adoption of stronger encryption protocols, many companies continue to use legacy RSA encryption algorithms to generate keys, which in conjunction with TLS certificates, act as machine identities that authorize secure connections between physical, virtual and IoT devices, APIs, applications and clusters.

The Apache Software Foundation has released fixes to contain an actively exploited zero-day vulnerability affecting the widely-used Apache Log4j Java-based logging library that could be weaponized to execute malicious code and allow a complete takeover of vulnerable systems. Log4j is used as a logging package in a variety of different popular software by a number of manufacturers, including Amazon, Apple iCloud, Cisco, Cloudflare, ElasticSearch, Red Hat, Steam, Tesla, Twitter, and video games such as Minecraft.

Researchers at Spectral discovered a security flaw in Kafdrop, a popular open-source UI and management interface for Apache Kafka clusters that has been downloaded more than 20 million times. Companies affected range from major global players to smaller organizations in healthcare, insurance, media, and IoT - basically anyone using Kafdrop with Apache Kafka, an open-source distributed event streaming platform, for high-performance data pipelines, streaming analytics, data integration, and mission-critical applications.

Russia's internet watchdog, 'Roskomnadzor', has announced the ban of six more VPN products, bringing the total number to more than a dozen, shows a notification to companies in the country. The latest services added to the list of banned VPN services are Betternet, Lantern, X-VPN, Cloudflare WARP, Tachyon VPN, PrivateTunnel.

A new regulation coming in the form of an amendment in the Telecommunications Act of Germany could radically change the relationship between consumers and internet service providers. According to the draft, users will be able to test their internet speeds and, if there's a too large deviation between their real-world results and what their ISPs promised, they will be eligible for a bill discount.

According to the draft, users will be able to test their internet speeds and, if there's a too large deviation between their real-world results and what their ISPs promised, they will be eligible for a bill discount. The discount amount will be comparable to the deviation between the contractually agreed Internet speeds and the actual ones.

The Magniber ransomware gang is now using two Internet Explorer vulnerabilities and malicious advertisements to infect users and encrypt their devices. The Magniber gang is known for its use of vulnerabilities to breach systems and deploy their ransomware.

The United States has signed up for The Paris Call for Trust and Security in Cyberspace - an international effort to ensure the internet remains free and open, and an agreement to put critical infrastructure off limits to electronic attack by sovereign states and other actors. The Paris Call was issued by French president Emmanuel Macron in 2018, as part of that year's Internet Governance Forum held at UNESCO and alongside the Paris Peace Forum.