eCh0raix ransomware now targets both QNAP and Synology NAS devices
A newly discovered eCh0raix ransomware variant has added support for encrypting both QNAP and Synology Network-Attached Storage (NAS) devices. While it has targeted both QNAP and Synology devices in the past in separate campaigns, Palo Alto Networks’ Unit 42 security researchers said in a report published yesterday that eCh0raix began bundling functionality to encrypt both NAS families starting with September 2020. This has the potential to affect at least 250,000 Internet-exposed QNAP and Synology NAS devices.
At Least 30,000 internet-exposed exchange servers vulnerable to Proxyshell attacks
These servers could get compromised at any moment considering that threat actors are already scanning the web for vulnerable devices. ProxyShell is the name given to a series of vulnerabilities with CVE-2021 numbers 34473, 34523 and 31207 — that can be chained for unauthenticated remote code execution, allowing an attacker to take complete control of an Exchange server. The flaws were discovered by security consulting firm DEVCORE, and they were first demonstrated at the Pwn2Own hacking competition earlier this year, with technical details discussed at last week’s BlackHat conference.
US Senate sends infrastructure bill to House
The U.S. Senate passed its bipartisan infrastructure bill to the House of Representatives Tuesday after a 69-30 vote. The bill dedicates $1 trillion to infrastructure improvements over the next 10 years, but drew controversy from the crypto community due to a “pay-for” that anticipates raising $28 billion from a broadened crypto tax provision. The provision expands the definition of a “broker,” leading to concerns that the IRS might seek to impose broker information reporting requirements on non-broker entities such as miners.
(Coindesk)
Over $600 million reportedly stolen in cryptocurrency hack
Decentralized cross-chain protocol and network, Poly Network announced yesterday that it had been attacked, with cryptocurrency assets having successfully been transferred into the attackers’ wallets. With a value of at least $611 million, this is the largest decentralized finance hack to date. Researcher Igor Igamberdiev believes the hack was caused due to a cryptography issue, possibly involving reversing the private key. While other crypto networks are cooperating to help track the thieves and block their transactions, there has also been a flood of messages from people offering to help launder the money in exchange for some of it.
Thanks to our episode sponsor, Sotero
Google discontinuing Bluetooth Titan security key
In multi-factor authentication news, Google on Monday announced that it is discontinuing the Bluetooth version of the Titan Security Key and it will only offer devices that have near-field communication (NFC) functionality. The company will now only offer two types of Titan security keys: a USB-A version and a USB-C version. These devices will enable users to authenticate either by plugging in the device to the corresponding USB port, or by simply tapping the security key on the back of their Android or iOS device to sign in using NFC. Bluetooth keys will continue to work and warranties for these devices will be honored. In 2019, Microsoft alerted Google of a potentially serious issue that allowed Bluetooth attacks, and earlier this year researchers showed how Titan and security keys from other vendors could be cloned.
1 million stolen credit cards hit dark web for free
Threat actors have leaked 1 million stolen credit cards for free online as a way to promote a fairly new and increasingly popular cybercriminal site dedicated to…selling payment-card credentials, called AllWorld.Cards. The leaked credit cards include all the important data including the CVV number. It is estimated that between one half and one third of these cards are still active. More than 500 banks were identified as issuers of these cards, with Sutton Banks from Ohio and JP Morgan Chase identified as in the top 5, along with banks from India, Mexico and Brazil.
TikTok named as the most downloaded app of 2020
The Chinese video-sharing platform is the only app not owned by Facebook to make the global top five of downloads, with Facebook’s flagship app as well as WhatsApp, Instagram and Facebook Messenger filling in the other spots. It is thought that TikTok’s dominance owes much to former President Trump, who in 2020 issued an executive order to ban it after declaring it a National Security Risk. This order was later withdrawn by the Biden administration.
(BBC News)
Splunk spots malware targeting Windows Server on AWS to mine Monero
Data analysis firm Splunk says it’s found a resurgence of the Crypto botnet – malware that attacks virtual servers running Windows Server inside Amazon Web Services. Splunk’s Threat Research Team (STRT) posted its analysis of the attack on Monday, suggesting it starts with a probe for Windows Server instances running on AWS, and seeks out those with remote desktop protocol (RDP) enabled. Once found, the attackers use brute forcing of passwords to get in and install cryptomining tools to produce Monero. They are also using Telegram to carry command and control messages.