Security News

QNAP starts bug bounty program with rewards up to $20,000
2023-02-27 13:36

QNAP Systems, the Taiwanese manufacturer of popular NAS and other on-premise storage, smart networking and video devices, has launched a bug bounty program. QNAP's NAS devices, in particular, have been getting hit in the last few years by information-stealing malware, bitcoin-mining malware, and ransomware, usually delivered by exploiting vulnerabilities.

Over 29,000 QNAP devices vulnerable to code injection attacks
2023-01-31 23:14

Remote threat actors can exploit this SQL injection vulnerability to inject malicious code in attacks targeting Internet-exposed and unpatched QNAP devices. While QNAP hasn't tagged this flaw as being actively exploited in the wild, customers are advised to update to the latest available software version as soon as possible since NAS devices have a long history of being targeted in ransomware attacks.

Over 29,000 QNAP devices unpatched against new critical flaw
2023-01-31 23:14

Tens of thousands of QNAP network-attached storage devices exposed online are waiting to be patched against a critical security flaw addressed by the Taiwanese company on Monday. Remote threat actors can exploit this SQL injection vulnerability to inject malicious code in attacks targeting Internet-exposed and unpatched QNAP devices.

Critical QNAP NAS vulnerability fixed, update your device ASAP! (CVE-2022-27596)
2023-01-31 09:55

QNAP Systems has fixed a critical vulnerability affecting QNAP network-attached storage devices, which could be exploited by remote attackers to inject malicious code into a vulnerable system.Luckily for QNAP NAS owners, there's no mention of it being exploited by attackers or an exploit being publicly available.

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates
2023-01-31 04:06

Taiwanese company QNAP has released updates to remediate a critical security flaw affecting its network-attached storage devices that could lead to arbitrary code injection. Tracked as CVE-2022-27596, the vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring scale.

QNAP fixes critical bug letting hackers inject malicious code
2023-01-30 17:25

QNAP is warning customers to install QTS and QuTS firmware updates that fix a critical security vulnerability allowing remote attackers to inject malicious code on QNAP NAS devices. "A vulnerability has been reported to affect QNAP devices running QTS 5.0.1 and QuTS hero h5.0.1. If exploited, this vulnerability allows remote attackers to inject malicious code,' warns the QNAP security advisory."

Week in review: Uber hacked, QNAP NAS devices under attack, 5 Kali Linux books to read this year
2022-09-18 08:00

Thousands of QNAP NAS devices hit by DeadBolt ransomwareQNAP Systems has provided more information about the latest DeadBolt ransomware campaign targeting users of its network-attached storage devices and the vulnerability the attackers are exploiting. 5 Kali Linux books you should read this yearKali Linux is a Linux distribution designed for digital forensics, penetration testing, security research, and reverse engineering.

Thousands of QNAP NAS devices hit by DeadBolt ransomware (CVE-2022-27593)
2022-09-12 11:27

QNAP Systems has provided more information about the latest DeadBolt ransomware campaign targeting users of its network-attached storage devices and the vulnerability the attackers are exploiting. "QNAP's security team determined that the source of the DeadBolt malware attack is via The Onion Routing, an anonymous connection," the company shared.

DEADBOLT ransomware rears its head again, attacks QNAP devices
2022-09-07 18:57

Most contemporary ransomware attacks involve two groups of criminals: a core gang who create the malware and handle the extortion payments, and "Members" of a loose-knit clan of "Affiliates" who actively break into networks to carry out the attacks. Regular readers of Naked Security will know that some victims, notably home users and small business, end up getting blackmailed via their NAS, or networked attached storage devices.

DeadBolt is hitting QNAP NAS devices via zero-day bug, what to do?
2022-09-06 11:11

A few days ago - and smack in the middle of the weekend preceding Labor Day - Taiwan-based QNAP Systems has warned about the latest round of DeadBolt ransomware attacks targeting users of its QNAP network-attached storage devices. "QNAP detected a new DeadBolt ransomware campaign on the morning of September 3rd, 2022. The campaign appears to target QNAP NAS devices running Photo Station with internet exposure," the company said in a security advisory.