Security News

QNAP warns customers of ongoing attacks targeting QNAP NAS devices and urges them to enhance their security as soon as possible. In these attacks, the threat actors use automated tools to login into Internet-exposed NAS devices using passwords generated on the spot or from lists of previously compromised credentials.

UPDATE. Owners of popular QNAP Systems network attached storage devices are being warned that a malicious cryptocurrency campaign is actively exploiting two critical firmware bugs in systems that have not yet been patched. QNAP fixed the flaws in October 2020; however, researchers at Qihoo 360's Network Security Research Lab report a widening campaign targeting over 100 models used by 4.3 million of the company's NAS devices.

QNAP has addressed a critical security vulnerability in the Surveillance Station app that allows attackers to execute malicious code remotely on network-attached storage devices running the vulnerable software. Surveillance Station is QNAP's network surveillance Video Management System, a software solution that can help users manage and monitor up to 12 IP cameras.

QNAP this week warned users of attacks targeting QNAP NAS devices with a piece of malware named "Dovecat." The cybercriminals behind dovecat, QNAP explains, are installing Bitcoin miners on the compromised NAS devices, without user consent.

QNAP urges customers to secure their network-attached storage devices against an ongoing malware campaign that infects and exploits them to mine bitcoin without their knowledge. QNAP also published a knowledgebase article in November explaining that NAS devices with dovecat and dedpma running processes are compromised and running a Bitcoin miner malware.

QNAP Systems is warning of high-severity flaws that plague its top-selling network attached storage devices. QTS is the operating system for NAS systems, while the QuTS Hero is an operating system that combines the app-based QTS with a 128-bit ZFS file system to provide more storage management.

Network-attached storage maker QNAP today released security updates to address vulnerabilities that could enable attackers to take control of unpatched NAS devices following successful exploitation. The eight vulnerabilities patched today by QNAP affect all QNAP NAS devices running vulnerable software.

Bug bounty hunters have hacked routers, network-attached storage devices and smart TVs at the Zero Day Initiative's Pwn2Own Tokyo 2020 hacking competition. Due to the COVID-19 pandemic, the competition has been turned into a virtual event and Pwn2Own Tokyo is actually coordinated by Trend Micro's ZDI from Toronto, Canada, with participants demonstrating their exploits remotely.

Bug bounty hunters hacked a NETGEAR router and a Western Digital network-attached storage device on the first day of the Zero Day Initiative's Pwn2Own Tokyo 2020 hacking competition. On the first day of the event, the NETGEAR Nighthawk R7800 router was targeted by Team Black Coffee, Team Flashback, and teams from cybersecurity firms Starlabs and Trapa Security.

Network-attached storage device maker QNAP warns customers that some NAS storage devices running vulnerable versions of the QTS operating system are exposed to attacks attempting to exploit the critical Windows ZeroLogon vulnerability. While NAS devices aren't commonly used as a Windows domain controller, some organizations might want to use this feature to allow IT admins to use some NAS models to manage user accounts, authentication, and enforce domain security.