Security News

A few days ago - and smack in the middle of the weekend preceding Labor Day - Taiwan-based QNAP Systems has warned about the latest round of DeadBolt ransomware attacks targeting users of its QNAP network-attached storage devices. "QNAP detected a new DeadBolt ransomware campaign on the morning of September 3rd, 2022. The campaign appears to target QNAP NAS devices running Photo Station with internet exposure," the company said in a security advisory.

QNAP has issued a new advisory urging users of its network-attached storage devices to upgrade to the latest version of Photo Station following yet another wave of DeadBolt ransomware attacks in the wild by exploiting a zero-day flaw in the software. The Taiwanese company said it detected the attacks on September 3 and that "The campaign appears to target QNAP NAS devices running Photo Station with internet exposure."

QNAP is warning customers of ongoing DeadBolt ransomware attacks that started on Saturday by exploiting a zero-day vulnerability in Photo Station. "QNAP® Systems, Inc. today detected the security threat DEADBOLT leveraging exploitation of Photo Station vulnerability to encrypt QNAP NAS that are directly connected to the Internet," explains the security notice.

QNAP is warning customers of ongoing DeadBolt ransomware attacks that started on Saturday by exploiting a zero-day vulnerability in Photo Station. "QNAP® Systems, Inc. today detected the security threat DEADBOLT leveraging exploitation of Photo Station vulnerability to encrypt QNAP NAS that are directly connected to the Internet," explains the security notice.

QNAP Systems is warning about Checkmate, a new piece of ransomware targeting users of its network-attached storage appliances. "Preliminary investigation indicates that Checkmate attacks via SMB services exposed to the internet, and employs a dictionary attack to break accounts with weak passwords," the company says.

Network-attached storage vendor QNAP warned customers to secure their devices against attacks using Checkmate ransomware to encrypt data. QNAP says the attacks are focused on Internet-exposed QNAP devices with the SMB service enabled and accounts with weak passwords that can easily be cracked in brute-force attacks.

QNAP, Taiwanese maker of network-attached storage devices, on Wednesday said it's in the process of fixing a critical three-year-old PHP vulnerability that could be abused to achieve remote code execution. "A vulnerability has been reported to affect PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11 with improper nginx config," the hardware vendor said in an advisory.

QNAP has warned customers today that most of its Network Attached Storage devices are vulnerable to attacks that would exploit a three-year-old critical PHP vulnerability allowing remote code execution. "A vulnerability has been reported to affect PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11. If exploited, the vulnerability allows attackers to gain remote code execution," QNAP explained in a security advisory released today.

Taiwan-based QNAP Systems is warning consumers and organizations using their network-attached storage appliances of a new DeadBolt ransomware campaign. Since NAS devices are often accessible remotely via the internet, criminals usually leverage software/firmware vulnerabilities or brute-force admin account passwords to gain access to them, pilfer and encrypt the files on them, then ask for a ransom to restore them.

This week, ech0raix ransomware has started targeting vulnerable QNAP Network Attached Storage devices again, according to user reports and sample submissions on the ID Ransomware platform. Ech0raix had hit QNAP customers in multiple large-scale waves starting with the summer of 2019 when the attackers brute-forced their way into Internet-exposed NAS devices.