All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of January 31, 2022. We’ve also included the comments from a few folks here at Tripwire VERT.

Update Force-Pushed to Protect QNAP NAS Devices against DeadBolt Ransomware

QNAP force-pushed a security update to customers’ network access storage (NAS) devices to protect them against DeadBolt ransomware. The threat’s operators claimed that they were using a zero-day vulnerability to hack into QNAP devices and encrypt victims’ files. Using that flaw, the ransomware actors succeeded in encrypting 3,600 devices before QNAP issued its fix, per Bleeping Computer.

Samantha Zeigler | Security Researcher at Tripwire

The QNAP zero-day exploit by DeadBolt has caused an interesting conundrum. The vulnerability was exploited quickly enough to cause thousands of people to be affected by the ransomware. While some users were willing to pay to get their files back, the company itself worked to patch the systems’ vulnerability. The decision to force the patch on all systems, including compromised ones, may have prevented the thousands affected from getting their files back. That said, this forced patch may have saved any more systems from being compromised.

BotenaGo Source Code Leaked to GitHub

Threatpost reported that someone leaked the source code of Botenago to GitHub. Anyone can now use the botnet’s code to try to enslave vulnerable Internet of Things (IoT) devices. In the process, they can also modify Botenago’s code to develop their own threats for the purpose of evading AV detection.

Samantha Zeigler | Security Researcher at Tripwire

The release of this lightweight exploit code to GitHub has allowed for wide availability to malicious actors. BotenaGo is particularly hard to detect and easy (Read more...)