Security News

QNAP today announced two vulnerabilities affecting QTS, the operating system powering its network-attached storage devices, that could allow running arbitrary commands. The network-attached storage device vendor does not provide too many details about the two issues but says that recent QTS releases include the necessary patches.

Storage solutions provider QNAP this week published an advisory to warn customers that certain versions of QTS, the operating system for its network-attached storage devices, are affected by the Zerologon vulnerability. "If exploited, this elevation of privilege vulnerability allows remote attackers to bypass security measures via a compromised QTS device on the network. The NAS may be exposed to this vulnerability if users have configured the device as a domain controller in Control Panel > Network & File Services > Win/Mac/NFS > Microsoft Networking," the company explains.

Network-attached storage device maker QNAP warns customers that some NAS storage devices running vulnerable versions of the QTS operating system are exposed to attacks attempting to exploit the critical Windows ZeroLogon vulnerability. While NAS devices aren't commonly used as a Windows domain controller, some organizations might want to use this feature to allow IT admins to use some NAS models to manage user accounts, authentication, and enforce domain security.

QNAP has addressed two critical security vulnerabilities in the Helpdesk app that could enable potential attackers to take over unpatched QNAP network-attached storage devices. Helpdesk is the built-in app that comes with QNAP's NAS devices and allows admins to submit help requests to the QNAP support team over the Internet.

Recent attacks targeting QNAP Network Attached Storage devices were attempting to exploit a vulnerability that was addressed in July 2017, 360 Netlab security researchers say. Analysis of the QNAP NAS vulnerability revealed that it resides in the CGI program /httpd/cgi-bin/authLogout.

In a joint alert this week, the United States and the United Kingdom warned that a piece of malware has infected over 62,000 QNAP network-attached storage devices. "Due to these data breach concerns, QNAP devices that had been infected may still be vulnerable to reinfection after removing the malware," the company said.

There are approximately 62,000 malware-infested QNAP NAS devices located across the globe spilling all the secrets they contain to unknown cyber actors, the US CISA and the UK NCSC have warned. Dubbed QSnatch, the sophisticated malware targets QTS, the Linux-based OS powering QNAP's NAS devices, and is able to log passwords, scrape credentials, set up an SSH backdoor and a webshell, exfiltrate files and, most importantly, assure its persistence by preventing users from installing updates that may remove it and by preventing the QNAP Malware Remover app from running.

Called QSnatch, the data-stealing malware is said to have compromised 62,000 devices since reports emerged last October, with a high degree of infection in Western Europe and North America. "All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes," the US Cybersecurity and Infrastructure Security Agency and the UK's National Cyber Security Centre said in the alert.

Called QSnatch, the data-stealing malware is said to have compromised 62,000 devices since reports emerged last October, with a high degree of infection in Western Europe and North America. "All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes," the US Cybersecurity and Infrastructure Security Agency and the UK's National Cyber Security Centre said in the alert.

QNAP network-attached storage boxes are right now infected with the data-stealing QSnatch malware, the US and UK governments warned today. A joint statement from America's Cybersecurity and Infrastructure Security Agency and Britain's National Cyber Security Centre said the software nasty, first spotted in October, has hijacked tens of thousands as of mid-June, 2020, with "a particularly high number of infections in North America and Europe." It is estimated 7,600 hijacked QNAP boxes were in America, and 3,900 in the UK. The situation is particularly messy because Taiwan-based QNAP has not, to the best of our knowledge, disclosed exactly how the malware breaks into vulnerable boxes, advising simply that owners should ensure the latest firmware is installed to prevent future infection.