Security News

Network-attached storage specialist QNAP has disclosed and released fixes for two new vulnerabilities, one of them a zero-day discovered in early November. Unit 42's assessment, on the other hand, was the polar opposite: "These remote code execution vulnerabilities affecting IoT devices exhibit a combination of low attack complexity and critical impact, making them an irresistible target for threat actors. As a result, protecting IoT devices against such threats is an urgent task."

A security flaw has been disclosed in Kyocera’s Device Manager product that could be exploited by bad actors to carry out malicious activities on affected systems. "This vulnerability allows...

A Mirai-based botnet named 'InfectedSlurs' is exploiting a remote code execution vulnerability in QNAP VioStor NVR devices to hijack and make them part of its DDoS swarm. The second zero-day vulnerability in the botnet's attacks is CVE-2023-47565, a high-severity OS command injection impacting QNAP VioStor NVR models running QVR firmware 4.x. QNAP published an advisory on December 7, 2023, explaining that the previously unknown issue was fixed in QVR firmware 5.x and later, which is available to all actively supported models.

QNAP has released security updates to address two critical security flaws impacting its operating system that could result in arbitrary code execution. Tracked as CVE-2023-23368 (CVSS score: 9.8),...

QNAP Systems published security advisories for two critical command injection vulnerabilities that impact multiple versions of the QTS operating system and applications on its network-attached storage devices. It is a command injection vulnerability that a remote attacker can exploit to execute commands via a network.

QNAP took down a malicious server used in widespread brute-force attacks targeting Internet-exposed NAS devices with weak passwords. The Taiwanese hardware vendor detected the attacks on the evening of October 14 and, with assistance from Digital Ocean, took down the command-and-control server within two days.

Passbolt: Open-source password manager for security-conscious organizationsIn this Help Net Security interview, Kevin Muller, CEO at Passbolt, delves into the critical concerns linked to password usage, outlines how the Passbolt password manager guarantees the utmost level of security for businesses, highlights its features in the competitive landscape, sheds light on how Passbolt meets the distinct requirements of teams and organizations, and more. Rorschach ransomware deployed by misusing a security toolAn unbranded ransomware strain that recently hit a US-based company is being deployed by attackers who are misusing a tool included in a commercial security product, Check Point researchers have found.

Two vulnerabilities affecting various QNAP operating systems have been uncovered by Sternum.These vulnerabilities enable authenticated remote users to access secret values, requiring owners to take immediate action by updating their operating system(s).

Taiwanese hardware vendor QNAP warns customers to secure their Linux-powered network-attached storage devices against a high-severity Sudo privilege escalation vulnerability. The vulnerability also affects the QTS, QuTS hero, QuTScloud, and QVP NAS operating systems, as QNAP revealed in a security advisory published on Wednesday.

QNAP Systems, the Taiwanese manufacturer of popular NAS and other on-premise storage, smart networking and video devices, has launched a bug bounty program. QNAP's NAS devices, in particular, have been getting hit in the last few years by information-stealing malware, bitcoin-mining malware, and ransomware, usually delivered by exploiting vulnerabilities.