Security News

QNAP Systems has fixed a critical vulnerability affecting QNAP network-attached storage devices, which could be exploited by remote attackers to inject malicious code into a vulnerable system.Luckily for QNAP NAS owners, there's no mention of it being exploited by attackers or an exploit being publicly available.

Taiwanese company QNAP has released updates to remediate a critical security flaw affecting its network-attached storage devices that could lead to arbitrary code injection. Tracked as CVE-2022-27596, the vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring scale.

This cloud storage with NAS support costs less than you think We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. In a special deal for TechRepublic readers, you can currently get 1TB of storage for $38.99 on a two-year subscription.

Thousands of QNAP NAS devices hit by DeadBolt ransomwareQNAP Systems has provided more information about the latest DeadBolt ransomware campaign targeting users of its network-attached storage devices and the vulnerability the attackers are exploiting. 5 Kali Linux books you should read this yearKali Linux is a Linux distribution designed for digital forensics, penetration testing, security research, and reverse engineering.

QNAP Systems has provided more information about the latest DeadBolt ransomware campaign targeting users of its network-attached storage devices and the vulnerability the attackers are exploiting. "QNAP's security team determined that the source of the DeadBolt malware attack is via The Onion Routing, an anonymous connection," the company shared.

Networking equipment maker Zyxel has released patches for a critical security flaw impacting its network-attached storage devices. Tracked as CVE-2022-34747, the issue relates to a "Format string vulnerability" affecting NAS326, NAS540, and NAS542 models.

Networking device maker Zyxel is warning customers today of a new critical remote code execution vulnerability impacting three models of its Networked Attached Storage products. "A format string vulnerability was found in a specific binary of Zyxel NAS products that could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet," explains the advisory.

A few days ago - and smack in the middle of the weekend preceding Labor Day - Taiwan-based QNAP Systems has warned about the latest round of DeadBolt ransomware attacks targeting users of its QNAP network-attached storage devices. "QNAP detected a new DeadBolt ransomware campaign on the morning of September 3rd, 2022. The campaign appears to target QNAP NAS devices running Photo Station with internet exposure," the company said in a security advisory.

QNAP Systems is warning about Checkmate, a new piece of ransomware targeting users of its network-attached storage appliances. "Preliminary investigation indicates that Checkmate attacks via SMB services exposed to the internet, and employs a dictionary attack to break accounts with weak passwords," the company says.

Network-attached storage vendor QNAP warned customers to secure their devices against attacks using Checkmate ransomware to encrypt data. QNAP says the attacks are focused on Internet-exposed QNAP devices with the SMB service enabled and accounts with weak passwords that can easily be cracked in brute-force attacks.