WyzGuys Tech Talk

A quick Saturday digest of cybersecurity news articles from other sources.

AA20-209A: Potential Legacy Risk from Malware Targeting QNAP NAS Devices

Original release date: July 27, 2020

CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP.

All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes. The malware, documented in open-source reports, has infected thousands of devices worldwide with a particularly high number of infections in North America and Europe. Further, once a device has been infected, attackers can prevent administrators from successfully running firmware updates.  More…

Malware is down, but IoT and ransomware attacks are up

Malicious attacks disguised as Microsoft Office files increased 176%, according to SonicWall’s midyear threat report.

US tax service says, “2FA is a must!”

We know it’s an old drum, but we’re not tired of beating it yet: 2FA is your friend.

How to fight tax identity theft

Tax theft is common, so it is important to know how to avoid scammers.  To protect your finances and personal information, it is crucial to have awareness, healthy skepticism, and knowledge of IRS procedures. Learn more about how to better defend yourself against identity theft here.

How IT leaders were unprepared for the security challenges posed by COVID-19

The top three challenges cited in a Tanium survey were identifying new computing devices, overwhelmed IT capacity due to VPN requirements, and increased risks from video conferencing.

GNU GRUB2 Vulnerability

Original release date: July 30, 2020

Free Software Foundation GNU Project’s multiboot boot loader, GNU GRUB2, contains a vulnerability—CVE-2020-10713—that a local attacker could exploit to take control of an affected system.  The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the CERT Coordination Center’s Vulnerability Note VU#174059 for mitigations and to refer to operating system vendors for appropriate patches, when available.

FBI Warns of ‘More Destructive’ DDoS Attacks

In February 2020, U.K. security researchers discovered a vulnerability in free, open source, automation servers in IoT devices that would allow cybercriminals to amplify a Distributed Denial of Service attack by a hundred fold. For the FBI, this was the final straw that led to a new warning about “more destructive” DDoS attacks. In a recent Private Industry Notification, the FBI warned businesses to watch out for larger DDoS… Read more

Chinese Tax Software Provides Network Backdoor

Last month, we covered the curious case of two companies with Chinese operations, local taxes, and a secret digital backdoor. Trustwave called the backdoor GoldenSpy, issuing a warning about the threat. The companies received an uninstaller for the malware. But a few weeks later, Trustwave discovered another backdoor, dubbed GoldenHelper. Now, the FBI is acting on concerns of this Chinese malware…Read more…

MS-ISAC CYBERSECURITY ADVISORY for Android

MS-ISAC ADVISORY NUMBER:  2020-104

DATE(S) ISSUED:  08/04/2020

SUBJECT:  Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

 OVERVIEW:  Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of a privileged process. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

THREAT INTELLIGENCE:  There are currently no reports of these vulnerabilities being exploited in the wild.  Google Advisory

SYSTEMS AFFECTED:

Android OS builds utilizing Security Patch Levels issued prior to August 5, 2020.

FBI Reports Increase in Online Shopping Scams

Original release date: August 5, 2020

The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (I3C) has released an alert on a recent increase in online shopping scams. The scams direct victims to fraudulent websites via ads on social media platforms and popular online search engines’ shopping pages.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and consumers to review the IC3 Alert for indicators of fraud and tips to avoid being victimized, as well as CISA’s tip on Shopping Safely Online.

Former Google engineer gets 18 months for stealing trade secrets

Thinking of leaving your current employer for a new gig?   Watch what you carry out on your flash drive.  Theft of trade secrets can get you jail time.  Uber fired Anthony Levandowski in 2017 after discovering he had stolen secrets from his former employer, Google.  Uber settled a lawsuit from Alphabet (Google) over the misuse of trade secrets, setting back the ride-hailing company’s self-driving project.  Read more →