Security News > 2024 > March > QNAP warns of critical auth bypass flaw in its NAS devices
QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices.
NAS devices often store large amounts of valuable data for businesses and individuals, including sensitive personal information, intellectual property, and critical business data.
For all these reasons, NAS devices are often targeted for data theft and extortion.
Some ransomware operations previously known for targeting QNAP devices are DeadBolt, Checkmate, and Qlocker.
These groups have launched numerous attack waves against NAS users, sometimes leveraging zero-day exploits to breach fully patched devices.
JetBrains warns of new TeamCity auth bypass vulnerability.
News URL
Related news
- Exploit available for new critical TeamCity auth bypass bug, patch now (source)
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)
- Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (source)
- A critical vulnerability in Delinea Secret Server allows auth bypass, admin access (source)