Security News > 2024 > March > QNAP warns of critical auth bypass flaw in its NAS devices
2024-03-08 20:03
QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices.
NAS devices often store large amounts of valuable data for businesses and individuals, including sensitive personal information, intellectual property, and critical business data.
For all these reasons, NAS devices are often targeted for data theft and extortion.
Some ransomware operations previously known for targeting QNAP devices are DeadBolt, Checkmate, and Qlocker.
These groups have launched numerous attack waves against NAS users, sometimes leveraging zero-day exploits to breach fully patched devices.
JetBrains warns of new TeamCity auth bypass vulnerability.
News URL
Related news
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- QNAP fixes NAS backup software zero-day exploited at Pwn2Own (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- D-Link won’t fix critical flaw affecting 60,000 older NAS devices (source)
- Critical bug in EoL D-Link NAS devices now exploited in attacks (source)