QNAP calls on users to update NAS devices immediately

New flaws discovered on multiple NAS devices

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

QNAP network-attached storage (NAS) users just can’t seem to catch a break. The company has just released a security advisory, warning users topatchup their endpoints immediately, to fix a flaw that allowed potential threat actors to execute code on the devices, remotely.

The flaw is found in PHP, it was said, and can be found in these devices: QTS 5.0.x and later, QTS 4.5.x and later, QuTS hero h5.0.x and later, QuTS hero h4.5.x and later, and QuTScloud c5.0.x and later.

Users are advised to patch to version QTS 5.0.1.2034 build 20220515 and later, as well as QuTS hero h5.0.0.2069 build 20220614 and later.

The flaw isn’t exactly new, the company further clarified. It was known for approximately three years, but apparently, wasn’t a viable option to exploit until now.

QNAP seems to be withstanding an everlasting barrage of cyberattacks. Lately, it seems that a week can’t go by without the company fixing some high-severity vulnerability that’s placed its customers at immense risk.

Just this week it was said that QNAPNAS drivesusers were under attack from the ech0raix ransomware threat actors again, the same group that targeted these devices in December last year.

Sorry QNAP customers, you’re under attack again>QNAP NAS devices left encrypted by Deadbolt ransomware>QNAP NAS devices hit with surge of ransomware attacks

Furthermore, earlier this year, Deadbolt threat actors left manyNAS devicesencrypted.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

A year ago, the company has had to release a patch to address the problem of cryptomining, as many threat actors were taking advantage of vulnerable NAS devices, installing cryptocurrency miners on them, for their own personal benefit.

While cryptominers don’t necessarily hurt the target endpoint, they do take up the majority of computing power, leaving the device almost unusable for anything else, until it’s removed.

Besides ech0raix and Deadbolt, QNAP was also observed targeted by Qlocker.

Via:Tom’s Hardware

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Another reason to avoid edge-lit 4K TVs: they may fail faster than others, according to this report