A New Ransomware Targeting Linux-based NAS Devices

Linux-based NAS devices made by QNAP Systems are under a new ransomware attack, allowing bad actors to hold user's data hostage for ransom.

According to The Hacker News, the new ransomware family was independently discovered by researchers at two separate security firms, Intezer and Anomali, and targets poorly protected or vulnerable QNAP NAS servers either by brute forcing weak SSH credentials or exploiting known vulnerabilities.

The ransomware implementations are named "QNAPCrypt" by Intezer and "eCh0raix" by Anomali. Written in the Go programming language, the ransomware encrypts files with targeted extensions using AES encryption and appends an .encrypt extension to each.

For some unknown reason, the ransomware is being merciful to NAS devices located in Belarus, Ukraine, or Russia. "The ransomware terminates the file encryption process and exits without doing any harm to the files," reported The Hacker News.

WebCam Security Issues for Zoom Users

Zoom, which is considered a market leader in Gartner's Magic Quadrant for Meeting Solutions, is a popular solution for businesses to conduct online meetings. But the service is caught in an endless loop of privacy invasion and security vulnerabilities.

Security expert Jonathan Leitschuh recently reported that "a vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 750,000 companies around the world that use Zoom to conduct day-to-day business."

Removing Zoom wouldn't fix the problem, because the 'localhost' web server running on the machine will re-install the Zoom client without user permission.

Additionally, if you've ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will re-install the Zoom client, without requiring any user interaction on your behalf besides visiting a webpage. This re-install 'feature' continues to work to this day, said Leitschuh.

According to The Hacker News, any website you're visiting in your web browser can turn on your device camera without your permission.

Zoom has released some updates to fix the issues, but those who use Zoom for business meetings should be aware of looming problems.

OpenSSH Fixes Side Channel Attacks

There is a rise in memory side-channel vulnerabilities like RAMBleed, Spectre, and Meltdown. OpenSSH is often at the center of attacks where a bad actor "exploits memory read vulnerabilities to steal secret SSH private keys from the restricted memory regions of the system," according to The Hacker News.

The root cause of this issue is the fact that the OpenSSH agent stores a copy of the SSH keys in the memory (RAM of CPU), eliminating the need for entering a passphrase to log into the server via SSH. Since these keys are stored in either RAM or CPU in plaintext, they are susceptible to attacks.

The OpenSSH community is now fixing this issue through an update. OpenSSH will now encrypt private keys before storing them in the system memory.

"Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely," said Damien Miller of the OpenBSD project on a mailing list.