Security News

The company also announced an update to its IronWolf and IronWolf Pro Network Attached Storage drive lines, aimed at home and small office environments, with new 18TB capacity HDD and new SATA SSD models. "Our upgrades to the IronWolf and IronWolf Pro family of NAS products will provide small and medium businesses with the robust data management infrastructure they need as they plan for the future."

In a joint alert this week, the United States and the United Kingdom warned that a piece of malware has infected over 62,000 QNAP network-attached storage devices. "Due to these data breach concerns, QNAP devices that had been infected may still be vulnerable to reinfection after removing the malware," the company said.

There are approximately 62,000 malware-infested QNAP NAS devices located across the globe spilling all the secrets they contain to unknown cyber actors, the US CISA and the UK NCSC have warned. Dubbed QSnatch, the sophisticated malware targets QTS, the Linux-based OS powering QNAP's NAS devices, and is able to log passwords, scrape credentials, set up an SSH backdoor and a webshell, exfiltrate files and, most importantly, assure its persistence by preventing users from installing updates that may remove it and by preventing the QNAP Malware Remover app from running.

Called QSnatch, the data-stealing malware is said to have compromised 62,000 devices since reports emerged last October, with a high degree of infection in Western Europe and North America. "All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes," the US Cybersecurity and Infrastructure Security Agency and the UK's National Cyber Security Centre said in the alert.

Called QSnatch, the data-stealing malware is said to have compromised 62,000 devices since reports emerged last October, with a high degree of infection in Western Europe and North America. "All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes," the US Cybersecurity and Infrastructure Security Agency and the UK's National Cyber Security Centre said in the alert.

QNAP network-attached storage boxes are right now infected with the data-stealing QSnatch malware, the US and UK governments warned today. A joint statement from America's Cybersecurity and Infrastructure Security Agency and Britain's National Cyber Security Centre said the software nasty, first spotted in October, has hijacked tens of thousands as of mid-June, 2020, with "a particularly high number of infections in North America and Europe." It is estimated 7,600 hijacked QNAP boxes were in America, and 3,900 in the UK. The situation is particularly messy because Taiwan-based QNAP has not, to the best of our knowledge, disclosed exactly how the malware breaks into vulnerable boxes, advising simply that owners should ensure the latest firmware is installed to prevent future infection.

QNAP network-attached storage boxes are right now infected with the data-stealing QSnatch malware, the US and UK governments warned today. A joint statement from America's Cybersecurity and Infrastructure Security Agency and Britain's National Cyber Security Centre said the software nasty, first spotted in October, has hijacked tens of thousands as of mid-June, 2020, with "a particularly high number of infections in North America and Europe." It is estimated 7,600 hijacked QNAP boxes were in America, and 3,900 in the UK. The situation is particularly messy because Taiwan-based QNAP has not, to the best of our knowledge, disclosed exactly how the malware breaks into vulnerable boxes, advising simply that owners should ensure the latest firmware is installed to prevent future infection.

Three vulnerabilities identified in QNAP Photo Station last year could be chained to achieve pre-authentication remote code execution on affected QNAP network-attached storage devices. QNAP Photo Station is a photo album application that is present on the majority of QNAP NAS systems, allowing users to easily organize photos and videos on those devices, as well as to share them with others over the Internet.

A wide variety of Zyxel and LILIN IoT devices are being conscripted into several botnets, researchers have warned. Users are advised to implement the provided firmware updates to plug the security holes exploited by the botmasters or, if they can't, to stop using the devices altogether or to put them behind network firewalls.

A new version of the infamous Mirai botnet is exploiting a recently uncovered critical vulnerability in network-attached storage devices in an attempt to remotely infect and control vulnerable machines. Called "Mukashi," the new variant of the malware employs brute-force attacks using different combinations of default credentials to log into Zyxel NAS, UTM, ATP, and VPN firewall products to take control of the devices and add them to a network of infected bots that can be used to carry out Distributed Denial of Service attacks.