Security News

Taiwanese network-attached storage devices maker QNAP on Thursday warned its customers of a fresh wave of DeadBolt ransomware attacks. "QNAP urges all NAS users to check and update QTS to the latest version as soon as possible, and avoid exposing their NAS to the internet," QNAP said in an advisory.

Taiwan-based network-attached storage maker QNAP warned customers on Thursday to secure their devices against attacks pushing DeadBolt ransomware payloads."According to the investigation by the QNAP Product Security Incident Response Team, the attack targeted NAS devices using QTS 4.3.6 and QTS 4.4.1, and the affected models were mainly TS-x51 series and TS-x53 series," the NAS maker said.

QNAP, Taiwanese maker of network-attached storage devices, on Friday released security updates to patch nine security weaknesses, including a critical issue that could be exploited to take over an affected system. "A vulnerability has been reported to affect QNAP VS Series NVR running QVR," QNAP said in an advisory.

QNAP has released several security advisories today, one of them for a critical security issue that allows remote execution of arbitrary commands on vulnerable QVR systems, the company's video surveillance solution hosted on a NAS device. QNAP's advisory explains that the "Vulnerability has been reported to affect QNAP VS Series NVR running QVR. If exploited, this vulnerability allows remote attackers to run arbitrary commands."

Users of Synology and QNAP network-attached storage devices are advised to be on the lookout for patches for several critical vulnerabilities affecting Netatalk, an open-source implemention of the Apple Filing Protocol that allows Unix-like operating systems to serve file servers for Macs.Network-attached storage devices are usually used by small-to-medium businesses and home users for storing and sharing files and backups.

Network-attached storage appliance maker QNAP on Wednesday said it's working on updating its QTS and QuTS operating systems after Netatalk last month released patches to contain seven security flaws in its software. Netatalk is an open-source implementation of the Apple Filing Protocol, allowing Unix-like operating systems to serve as file servers for Apple macOS computers.

Taiwanese corporation QNAP has asked customers this week to disable the AFP file service protocol on their network-attached storage appliances until it fixes multiple critical Netatalk vulnerabilities. On QNAP NAS devices, AFP allows macOS systems to access data on the NAS. According to QNAP, it's still used because it "Supports many unique macOS attributes that are not supported by other protocols."

QNAP, the makers of Networked Attached Storage devices that are especially popular with home and small business users, has issued a warning about not-yet-patched bugs in the company's products. QNAP hasn't yet pushed out the HTTP Server 2.4.53 update to its own devices, although it is now warning that two of the bugs that were fixed, CVE-2022-22721 and CVE-2022-23943, do affect some of its products.

Network-attached storage appliance maker QNAP on Thursday said it's investigating its lineup for potential impact arising from two security vulnerabilities that were addressed in the Apache HTTP server last month. The critical flaws, tracked as CVE-2022-22721 and CVE-2022-23943, are rated 9.8 for severity on the CVSS scoring system and impact Apache HTTP Server versions 2.4.52 and earlier -.

QNAP has asked customers to apply mitigation measures to block attempts to exploit Apache HTTP Server security vulnerabilities impacting their network-attached storage devices. The flaws were tagged as critical with severity base scores of 9.8/10 and impact systems running Apache HTTP Server 2.4.52 and earlier.