Arthur T Knackerbracket has found the following story:
Anyone running Chrome will want to update and restart their browser in order to make sure they have the latest build, as usual. Google has patched a bunch of flaws including a use-after-free() vulnerability (CVE-2019-13720) that was being actively exploited in the wild against victims. Make sure you're running version 78.0.3904.87 or higher for Windows, Mac, and Linux to be safe.
More technical details are here: essentially, a malicious JavaScript file on a webpage can exploit the vulnerability to potentially gain arbitrary code execution and install spyware and other horrible stuff on the computer. Kaspersky reckons the flaw was abused in an attempt to infect Chrome-using visitors of a Korean-language news website, in a campaign dubbed Operation WizardOpium.
We hope you've all patched your Windows systems for the BlueKeep RDP flaw, which can be exploited to achieve remote-code execution on vulnerable machines. It appears Monero-mining malware is spreading among un-patched boxes via the security flaw. Microsoft patched the bug way back in May.
Marcus Hutchins, with help from Kevin Beaumont, has detailed the spread of the BlueKeep-exploiting nasty here for Kryptos Logic.
All the more reason to ensure you're patched.
Related Stories
Beginning around June 1, A wave of eCh0raix/QNAPCrypt ransomware attacks has been observed targeting QNAP NAS devices. Vectors employed to compromise the devices are exploiting known vulnerabilities and brute-force attacks on weak passwords.
QNAP already addressed the vulnerabilities issues in the following QTS versions:
- QTS 4.4.2.1270 build 20200410 and later
- QTS 4.4.1.1261 build 20200330 and later
- QTS 4.3.6.1263 build 20200330 and later
- QTS 4.3.4.1282 build 20200408 and later
- QTS 4.3.3.1252 build 20200409 and later
- QTS 4.2.6 build 20200421 and later
--- QNAP Advisory: Multiple Vulnerabilities in File Station. (June 5, 2020)
As would be expected, "QNAP strongly recommends updating your QTS to the latest available version for your NAS model."
The ransomware is attributed to the financially motivated Russian cybercrime group 'FullofDeep', the attackers are demanding $500 in bitcoin to decrypt files, which are encrypted with AES CFB.
(Score: 2) by JoeMerchant on Tuesday November 05 2019, @06:43PM (6 children)
Once, in 2006. Power supply died in 2007, after which I discovered that they put a proprietary format on the internal hard drives, meaning I had to transfer them to another functional QNAP to even have a hope of recovering the data.
Would not surprise me at all if their "web enabled" features developed over the last 13 years are more focused on driving sales than they are at delivering actual reliable features and value to the customers.
🌻🌻 [google.com]
(Score: 2) by Mojibake Tengu on Tuesday November 05 2019, @07:16PM (1 child)
I don't believe to magical proprietary format on the internal hard drives, most probably a ZFS zpool with possibly gbde or Geli encryption under it.
Respect Authorities. Know your social status. Woke responsibly.
(Score: 2) by JoeMerchant on Tuesday November 05 2019, @07:42PM
Whatever it was, in 2006, none of the standard formats in Ubuntu or Cent would recognize the drive - and there was nothing in the documentation mentioning this "feature".
External drives connected to the server, predictably, were fine.
🌻🌻 [google.com]
(Score: 2) by EvilSS on Tuesday November 05 2019, @07:25PM (3 children)
(Score: 2) by JoeMerchant on Tuesday November 05 2019, @07:40PM (2 children)
QNAP was the backup... not an issue anymore, I run two USB external drives in RAID 0.
🌻🌻 [google.com]
(Score: 2) by NickM on Tuesday November 05 2019, @08:44PM (1 child)
I a master of typographic, grammatical and miscellaneous errors !
(Score: 2) by JoeMerchant on Tuesday November 05 2019, @08:54PM
I'm sure I said that wrong - Hey Google explain RAID levels.
Yep, meant RAID 1 - which is so illogical to me, wouldn't 2 make more sense for mirrored disks, or 0 for no striping?
Anyway, in the ensuing 13 years of 24-7 service I've had 2 of those rotating drives fail, never both at the same time, and did capacity upgrades to 2TB each, which seems like more data than my brain needs repeated access to, in the local network at least. Next replacement is probably going to be a SSD, but I just can't justify messing with something that works.
🌻🌻 [google.com]
(Score: 3, Informative) by EvilSS on Tuesday November 05 2019, @07:23PM (1 child)
Yet another reason to NOT expose RDP directly to the internet. There are plenty of solutions to allow remote access without having to put the RDP service directly on the internet, including solutions from MS themselves. But that takes a little more effort and who has time for that I guess.
(Score: 0) by Anonymous Coward on Tuesday November 05 2019, @08:23PM
What assurance, given the track record, have we that the supplied "patch" KB_whatever_number_ does not open several doors, invite spyware and surveillance friends, etc? MS are no longer trusted. Goog, the same. In fact 99% of US tech companies - not trusted. Distrust goes up to pure 100% for software supplied from other large world powers...
(Score: 1, Insightful) by Anonymous Coward on Tuesday November 05 2019, @08:09PM
chrome is malware.