Security News

Taiwanese hardware vendor QNAP urged customers on Monday to disable Universal Plug and Play port forwarding on their routers to prevent exposing their network-attached storage devices to attacks from the Internet. UPnP Port Forwarding allows network devices to communicate seamlessly and create groups for easier data sharing.

Customers of Taiwan-based QNAP Systems are in a bit of limbo, waiting until the company releases a patch for an OpenSSL bug that the company has warned affects most of its network-attached storage devices. Though the bug - tracked as CVE-2022-0778 and rated 7.5 on the CVSS severity-rating scale - has been patched by OpenSSL, QNAP hasn't gotten around to applying a fix yet for its NAS devices affected by the vulnerability.

Taiwanese company QNAP this week revealed that a selected number of its network-attached storage appliances are affected by a recently-disclosed bug in the open-source OpenSSL cryptographic library. "An infinite loop vulnerability in OpenSSL has been reported to affect certain QNAP NAS," the company said in an advisory published on March 29, 2022.

Taiwan-based network-attached storage maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.

DeadBolt ransomware has resurfaced in a new wave of attacks on QNAP that begin in mid-March and signals a new targeting of the Taiwan-based network-attached storage devices by the fledgling threat, researchers said. Researchers from Censys, which provides attack-surface management solutions, said they observed DeadBolt infections on QNAP gear ramp up slowly starting March 16, with a total of 373 infections that day.

Network-attached storage appliance maker QNAP on Monday warned of a recently disclosed Linux vulnerability affecting its devices that could be abused to elevate privileges and gain control of affected systems. "A local privilege escalation vulnerability, also known as 'Dirty Pipe,' has been reported to affect the Linux kernel on QNAP NAS running QTS 5.0.x and QuTS hero h5.0.x," the company said.

Dirty Pipe, a recently reported local privilege escalation vulnerability, affects the Linux kernel on QNAP NAS running QTS 5.0.x and QuTS hero h5.0.x, QNAP advised. QTS 5.0.x on all QNAP x86-based NAS and certain QNAP ARM-based NAS. QuTS hero h5.0.x on all QNAP x86-based NAS and certain QNAP ARM-based NAS. QNAP NAS running QTS 4.x aren't affected.

Taiwanese hardware vendor QNAP warns most of its Network Attached Storage devices are impacted by a high severity Linux vulnerability dubbed 'Dirty Pipe' that allows attackers with local access to gain root privileges. The 'Dirty Pipe' security bug affects Linux Kernel 5.8 and later versions, even on Android devices.

QNAP has extended support and will keep issuing security updates for some end-of-life network-attached storage devices until October 2022. "Due to these reasons, QNAP normally maintains security updates for 4 years after a product passes its EOL date. As a special effort to help users protect their devices from today's security threats, QNAP has extended security updates for some EOL models till October 2022.".

Taiwanese company QNAP has warned customers to secure network-attached storage appliances and routers against a new ransomware variant called DeadBolt. "QNAP urges all QNAP NAS users to [] immediately update QTS to the latest available version."