HomePodcastCyber Security HeadlinesCyber Security Headlines – August 11, 2021

Cyber Security Headlines – August 11, 2021

eCh0raix ransomware now targets both QNAP and Synology NAS devices

A newly discovered eCh0raix ransomware variant has added support for encrypting both QNAP and Synology Network-Attached Storage (NAS) devices. While it has targeted both QNAP and Synology devices in the past in separate campaigns, Palo Alto Networks’ Unit 42 security researchers said in a report published yesterday that eCh0raix began bundling functionality to encrypt both NAS families starting with September 2020. This has the potential to affect at least 250,000 Internet-exposed QNAP and Synology NAS devices.

(Bleeping Computer)

At Least 30,000 internet-exposed exchange servers vulnerable to Proxyshell attacks

These servers could get compromised at any moment considering that threat actors are already scanning the web for vulnerable devices. ProxyShell is the name given to a series of vulnerabilities with CVE-2021 numbers 34473, 34523 and 31207 — that can be chained for unauthenticated remote code execution, allowing an attacker to take complete control of an Exchange server. The flaws were discovered by security consulting firm DEVCORE, and they were first demonstrated at the Pwn2Own hacking competition earlier this year, with technical details discussed at last week’s BlackHat conference.

(Security Week)

US Senate sends infrastructure bill to House

The U.S. Senate passed its bipartisan infrastructure bill to the House of Representatives Tuesday after a 69-30 vote. The bill dedicates $1 trillion to infrastructure improvements over the next 10 years, but drew controversy from the crypto community due to a “pay-for” that anticipates raising $28 billion from a broadened crypto tax provision. The provision expands the definition of a “broker,” leading to concerns that the IRS might seek to impose broker information reporting requirements on non-broker entities such as miners.

(Coindesk)

Over $600 million reportedly stolen in cryptocurrency hack

Decentralized cross-chain protocol and network, Poly Network announced yesterday that it had been attacked, with cryptocurrency assets having successfully been transferred into the attackers’ wallets. With a value of at least $611 million, this is the largest decentralized finance hack to date. Researcher Igor Igamberdiev believes the hack was caused due to a cryptography issue, possibly involving reversing the private key. While other crypto networks are cooperating to help track the thieves and block their transactions, there has also been a flood of messages from people offering to help launder the money in exchange for some of it.

(Bleeping Computer)

Thanks to our episode sponsor, Sotero

It’s a new CISO security brief that helps you cut through all the vendor noise and zero in on the best data security solution for your requirements. It includes info on data security technology advances, tips to help you meet your security requirements, and new rapid development capabilities so your development team can implement security features much, much faster. To get the brief, just go to soterosoft.com and click the link at the top of the page.

Google discontinuing Bluetooth Titan security key

In multi-factor authentication news, Google on Monday announced that it is discontinuing the Bluetooth version of the Titan Security Key and it will only offer devices that have near-field communication (NFC) functionality. The company will now only offer two types of Titan security keys: a USB-A version and a USB-C version. These devices will enable users to authenticate either by plugging in the device to the corresponding USB port, or by simply tapping the security key on the back of their Android or iOS device to sign in using NFC. Bluetooth keys will continue to work and warranties for these devices will be honored. In 2019, Microsoft alerted Google of a potentially serious issue that allowed Bluetooth attacks, and earlier this year researchers showed how Titan and security keys from other vendors could be cloned.

(Security Week)

1 million stolen credit cards hit dark web for free

Threat actors have leaked 1 million stolen credit cards for free online as a way to promote a fairly new and increasingly popular cybercriminal site dedicated to…selling payment-card credentials, called AllWorld.Cards. The leaked credit cards include all the important data including the CVV number. It is estimated that between one half and one third of these cards are still active. More than 500 banks were identified as issuers of these cards, with Sutton Banks from Ohio and JP Morgan Chase identified as in the top 5, along with banks from India, Mexico and Brazil.

(Threatpost)

TikTok named as the most downloaded app of 2020

The Chinese video-sharing platform is the only app not owned by Facebook to make the global top five of downloads, with Facebook’s flagship app as well as WhatsApp, Instagram and Facebook Messenger filling in the other spots. It is thought that TikTok’s dominance owes much to former President Trump, who in 2020 issued an executive order to ban it after declaring it a National Security Risk. This order was later withdrawn by the Biden administration. 

(BBC News

Splunk spots malware targeting Windows Server on AWS to mine Monero

Data analysis firm Splunk says it’s found a resurgence of the Crypto botnet – malware that attacks virtual servers running Windows Server inside Amazon Web Services. Splunk’s Threat Research Team (STRT) posted its analysis of the attack on Monday, suggesting it starts with a probe for Windows Server instances running on AWS, and seeks out those with remote desktop protocol (RDP) enabled. Once found, the attackers use brute forcing of passwords to get in and install cryptomining tools to produce Monero. They are also using Telegram to carry command and control messages.

(The Register)


RELATED ARTICLES

Most Popular