Library Management Software May Be Open to Ransomware Attacks

When it comes to software, schools are either on top of it or a little behind. The reason being is mostly the budgets they have to deal with, one piece of software that is often ignored by schools, which tend to have to work on the “if it isn’t broken we don’t need to replace it” policy, is the Library management software. If people are using any of Follett’s old library management software, they may want to change that approach and update soon as it’s been revealed that the software may be open to ransomware attacks.

The vulnerability was discovered by Cisco’s Talos group and found that users could remotely install backdoors and ransomware code to the JBoss web server element of the library management system, leaving users with either a large bill or no access to their libraries information.

Follett has not sat idly by with them already releasing a patching system to fix the flaws that expose the system and it even picks up any unofficial files which may have been snuck on to compromise the servers. Working with the Talos group, Follett is seeking to inform customers about the security risk and how to address the issue, potentially removing the threat and damage it could do before someone manages to make any money off of your local schools’ library.

Hacker Who Created Fake Game Listing On Steam Says More Vulnerabilities Will Be Found

Earlier this week Ruby Nealon became famous on the internet for managing to get a game onto Valve’s steam store without anyone at Valve even knowing about it. The Watch paint dry game raised concerns about the system Valve has in place when it comes to Steams content, with him saying that more vulnerabilities will be found on the platform.

Nealon states that it was an HTML-based attack that let him post the game without anyone at Valve approving or even seeing the game before it went live. With this exploit noted and fixed, Nealon went on to point out a way of inserting scripts into pages, potentially taking details from a Valve administrator who wanted to check out their games page. This second exploit was then fixed, although Nealon doesn’t seem too impressed with Steam’s website.

In discussions with ArsTechnica, Nealon told them that “it looks like their website hasn’t been updated for years” and even went on to say that “Compared to even other smaller Web startups, they’re really lacking. This stuff was like the lowest of the lowest hanging fruit.”.

Nealon wasn’t just upset with the website, though, saying that he won’t be hacking Steam’s platform anymore due to a lack of recognition from Valve on the matter. Nealon wrote on his site saying that the exploit he used for posting the “watching paint dry” game he had tried to contact Valve for months about, but it was only fixed when he publicly demonstrated its viability.

Nealon isn’t happy with Valve’s lack of a bug bounty system, a program where users are rewarded for alerting the company about bugs and issues in their software, something that even apps like Uber have started in recent weeks. In his “won’t be finding bugs anymore for Valve because there are plenty of companies that appreciate the time and effort put in by security researchers” and even went on to explain how the entire process had made him feel like “Valve were exploiting me”.

Steam isn’t a service that’s immune to hacks either, last year it was hacked and allowed people to bypass the two-factor authentication required to log into an account from a new machine. They’ve even accidentally exposed users details before, no external help required for that blunder.

Personally, I feel like anyone who puts time and effort into finding a problem and then revealing it to a company should be rewarded, not brushed under a matt and ignored until it becomes an issue the public are aware of.

Synology NAS OS Vulnerable to CryptoLocker [updated]

The operating system run on Synology’s NAS devices, called DiskStation Manager (DSM), is reportedly vulnerable to a CryptoLocker hack. This particular version has been dubbed SynoLocker and is holding the infected NAS devices for ransom.

The nature of how the systems get infected is still unclear, but when infected, the malware encrypts parts of the data until you pay 0.6 Bitcoins (about £208 at current rate). Decryption is promised upon payment, but there is no guarantee it will happen and that you won’t be infected again.

The company believes it to be limited to devices still running non-updated versions of DSM 4.3, they are however still investigating if the vulnerability also could infect the newer version 5.0, just in case.

While a press release is being prepared, Synology gave this emergency statement:

You may have heard by now that DSM is undergoing a CryptoLocker hack called SynoLocker – as of yesterday (08/03/14). It’s a BitCoin Mining hack that encrypts portions of data, and ransoms the decryption key for .6 BitCoin ($350). So far, it looks like the matter is localized to non-updated versions of DSM 4.3, but we are actively working on, and researching the issue to see if it also effects DSM 5.0 as well.

In the interim, we are asking people to take the following precautions:
A. Close all open ports for external access as soon as possible, and/or unplug your Disk/RackStation from your router
B. Update DSM to the latest version
C. Backup your data as soon as possible
D. Synology will provide further information as soon as it is available.

If your NAS has been infected:
A. Do not trust/ignore any email from unauthorized/non-genuine Synology email. Synology email always has the “synology.com” address suffix.
B. Do a hard shutdown of your Disk/RackStation to prevent any further issues. This entails a long-press of your unit’s power button, until a long beep has been heard. The unit will shut itself down safely from that point.
C. Contact Synology Support as soon as possible at, http://www.synology.com/en-global/support/knowledge_base

[UPDATE 16:50 GMT]

Since we originally posted this, we’ve recieved an official statement from Synology via email. The problem is more limited then first thought and only affects a few software version. As also initial suggested, those with up-to-date system can feel safe from this threat.

Synology are fully dedicated to investigating this issue and possible solutions. Based on their current observations, this issue only affects Synology NAS servers running some older versions of DSM (DSM 4.3-3810 or earlier), by exploiting a security vulnerability that was fixed and patched in December, 2013. At present, we have not observed this vulnerability in DSM 5.0.

For NAS servers running DSM 4.3-3810 or earlier, and if users encounter any of the below symptoms, synology recommends they shut down their system and contact the technical support team.

  • When attempting to log in to DSM, a screen appears informing users that data has been encrypted and a fee is required to unlock data.
  • A process called “synosync” is running in Resource Monitor.
  • DSM 4.3-3810 or earlier is installed, but the system says the latest version is installed at Control Panel > DSM Update.

For users who have not encountered any of the symptoms stated above, we highly recommend downloading and installing DSM 5.0, or any version below:

  • For DSM 4.3, please install DSM 4.3-3827 or later
  • For DSM 4.1 or DSM 4.2, please install DSM 4.2-3243 or later
  • For DSM 4.0, please install DSM 4.0-2259 or later

It is easy to update the Disk Station Manager OS by going to Control Panel and then navigating to the DSM Update. Users can also manually download and install the latest version from Synology’s Download Center. If you notice any strange behaviour or suspect your Synology NAS has been affected by the above issue, you’re also encouraged to contact Synology at security@synology.com where a dedicated team will look into each case.

Thank you TechPowerUp for providing us with this information

Image courtesy of Synology