Security News

Network-attached storage appliance manufacturer QNAP Systems this week published an alert urging users to take the necessary steps to secure their devices against brute-force attacks. This week's alert, the company underlines, has been published after a growing number of users reported that their devices have been targeted in brute-force attacks.

QNAP warns customers of ongoing attacks targeting QNAP NAS devices and urges them to enhance their security as soon as possible. In these attacks, the threat actors use automated tools to login into Internet-exposed NAS devices using passwords generated on the spot or from lists of previously compromised credentials.

UPDATE. Owners of popular QNAP Systems network attached storage devices are being warned that a malicious cryptocurrency campaign is actively exploiting two critical firmware bugs in systems that have not yet been patched. QNAP fixed the flaws in October 2020; however, researchers at Qihoo 360's Network Security Research Lab report a widening campaign targeting over 100 models used by 4.3 million of the company's NAS devices.

Unpatched network-attached storage devices are targeted in ongoing attacks where the attackers try to take them over and install cryptominer malware to mine for cryptocurrency. All NAS devices with QNAP firmware released before August 2020 are currently vulnerable to these attacks.

QNAP has addressed a critical security vulnerability in the Surveillance Station app that allows attackers to execute malicious code remotely on network-attached storage devices running the vulnerable software. Surveillance Station is QNAP's network surveillance Video Management System, a software solution that can help users manage and monitor up to 12 IP cameras.

QNAP this week warned users of attacks targeting QNAP NAS devices with a piece of malware named "Dovecat." The cybercriminals behind dovecat, QNAP explains, are installing Bitcoin miners on the compromised NAS devices, without user consent.

QNAP urges customers to secure their network-attached storage devices against an ongoing malware campaign that infects and exploits them to mine bitcoin without their knowledge. QNAP also published a knowledgebase article in November explaining that NAS devices with dovecat and dedpma running processes are compromised and running a Bitcoin miner malware.

QNAP has released security updates to fix multiple high severity security vulnerabilities impacting network-attached storage devices running the QES, QTS, and QuTS hero operating systems. CVE-2020-2503: Stored cross-site scripting QES vulnerability - enables remote attackers to inject malicious code in File Station.

QNAP Systems is warning of high-severity flaws that plague its top-selling network attached storage devices. QTS is the operating system for NAS systems, while the QuTS Hero is an operating system that combines the app-based QTS with a 128-bit ZFS file system to provide more storage management.

Network-attached storage maker QNAP today released security updates to address vulnerabilities that could enable attackers to take control of unpatched NAS devices following successful exploitation. The eight vulnerabilities patched today by QNAP affect all QNAP NAS devices running vulnerable software.