Security News

Zyxel patches critical vulnerability in NAS devices (CVE-2023-27992)
2023-06-20 09:52

Zyxel has released firmware patches for a critical vulnerability in some of its consumer network attached storage devices. CVE-2023-27992 is an OS command injection flaw that could be triggered remotely by an unauthenticated attacker, via a specially crafted HTTP request.

Western Digital boots outdated NAS devices off of My Cloud
2023-06-16 16:03

Western Digital is warning owners of My Cloud series devices that can no longer connect to cloud services starting on June 15, 2023, if the devices are not upgraded to the latest firmware, version 5.26.202. "Devices on firmware below 5.26.202 will not be able to connect to Western Digital cloud services starting June 15, 2023, and users will not be able to access data on their device through mycloud.com and the My Cloud OS 5 mobile app until they update the device to the latest firmware," explains a Western Digital support bulletin.

Zyxel patches vulnerability in NAS devices (CVE-2023-27988)
2023-05-31 11:47

Zyxel has patched a high-severity authenticated command injection vulnerability in some of its network attached storage devices aimed at home users. The vulnerability was discovered in the devices' web management interface.

RTM Locker's First Linux Ransomware Strain Targeting NAS and ESXi Hosts
2023-04-27 10:15

The threat actors behind RTM Locker have developed a ransomware strain that's capable of targeting Linux machines, marking the group's first foray into the open source operating system. "Its locker ransomware infects Linux, NAS, and ESXi hosts and appears to be inspired by Babuk ransomware's leaked source code," Uptycs said in a new report published Wednesday.

QNAP warns customers to patch Linux Sudo flaw in NAS devices
2023-03-29 18:15

Taiwanese hardware vendor QNAP warns customers to secure their Linux-powered network-attached storage devices against a high-severity Sudo privilege escalation vulnerability. The vulnerability also affects the QTS, QuTS hero, QuTScloud, and QVP NAS operating systems, as QNAP revealed in a security advisory published on Wednesday.

CISA Warns of Active Attacks Exploiting Fortra MFT, TerraMaster NAS, and Intel Driver Flaws
2023-02-11 05:45

The U.S. Cybersecurity and Infrastructure Security Agency on Friday added three flaws to its Known Exploited Vulnerabilities catalog, citing evidence of active abuse in the wild. Details about the flaw were disclosed by Ethiopian cyber security research firm Octagon Networks in March 2022.

Critical QNAP NAS vulnerability fixed, update your device ASAP! (CVE-2022-27596)
2023-01-31 09:55

QNAP Systems has fixed a critical vulnerability affecting QNAP network-attached storage devices, which could be exploited by remote attackers to inject malicious code into a vulnerable system.Luckily for QNAP NAS owners, there's no mention of it being exploited by attackers or an exploit being publicly available.

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates
2023-01-31 04:06

Taiwanese company QNAP has released updates to remediate a critical security flaw affecting its network-attached storage devices that could lead to arbitrary code injection. Tracked as CVE-2022-27596, the vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring scale.

This cloud storage with NAS support costs less than you think
2022-09-30 19:47

This cloud storage with NAS support costs less than you think We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. In a special deal for TechRepublic readers, you can currently get 1TB of storage for $38.99 on a two-year subscription.

Week in review: Uber hacked, QNAP NAS devices under attack, 5 Kali Linux books to read this year
2022-09-18 08:00

Thousands of QNAP NAS devices hit by DeadBolt ransomwareQNAP Systems has provided more information about the latest DeadBolt ransomware campaign targeting users of its network-attached storage devices and the vulnerability the attackers are exploiting. 5 Kali Linux books you should read this yearKali Linux is a Linux distribution designed for digital forensics, penetration testing, security research, and reverse engineering.