Menu
Bayou Technologies | Lake Charles, Louisiana | Technology | Cybersecurity | Communication | Marketing
Computer IT Services & Marketing
  • Technology
    • Managed Services
    • Computer Repair
    • Consulting
  • Cybersecurity
    • BDR
    • Network Security
    • Computer Security
    • Data Recovery
  • Communication
    • Cabling
    • Wireless Networking
    • Phones
  • Marketing
    • Website Development
    • Search Engine Optimization
    • Social Media & Online Presence
    • Location Scan
    • Website & Email Management
    • Online Advertising
    • Multimedia Design
    • Newsletter
  • CALL: 337-214-1172

HOME  |  BLOG  |  REMOTE SUPPORT

Home
Support
Blog
Contact
Close Menu
Some NAS Devices Are Being Exploited By Remote Hackers
September 12 2020

Some NAS Devices Are Being Exploited By Remote Hackers

wukovits Blog, Business & Finance, General Interest, Recent News, Security, Technology News

Do you have any network-attached storage (NAS) devices attached to your home or corporate network? If so, be advised that they’ve become the new favorite inroad for hackers around the world. According to a report recently published by researchers at 360 Netlab, hacking groups are increasingly exploiting weaknesses in some NAS devices running a variety of QNAP firmware versions that suffer from command injection vulnerabilities.

The good news is that this vulnerability has already been addressed by QNAP with their release of firmware version 4.3.3. The better news is that the company addressed this back in July of 2017.

Unfortunately, not many people are good about keeping their firmware up to date, so you may have one or more vulnerable devices and not even realize it. Both QNAP and the researchers at 360 Netlab recommend checking the version number of the firmware you’re using, and upgrading immediately if you are at risk.

If you’re looking for additional technical details about what caused the problem and how it was addressed, see below.

QNAP had this to say about version 4.3.3 of their firmware:

“This release replaced the system function with qnap_exec, and the qnap_exec function is defined in the /usr/lib/libuLinux_Util.so.0,” 360 Netlab said. By using the execv to execute custom command, command injection has been avoided.”

Sadly, this isn’t the first time QNAP has been the target of hackers. In fact, there’s an ongoing ransomware campaign that utilizes eChoraix ransomware to encrypt NAS devices. Just last month, the US’s CISA and the UK’s NCSC issued a joint malware alert about a malware strain called QSnatch that also targets QNAP NAS devices.

In any event, although this issue has long been resolved, it’s clear that there are a great number of vulnerable devices out there, both on home and office networks. Kudos to 360 Netlab for shining a light on them, and to QNAP for moving swiftly to correct the issue.

Used with permission from Article Aggregator

Upgrade Older Phones To Get New Pokemon Go Updates Adobe Updates Some Of Their Products Due To Critical Issues

Related Posts

Big Changes Coming To Microsoft Outlook In Coming Years

Blog, General Interest, Microsoft, Recent News, Technology News

Big Changes Coming To Microsoft Outlook In Coming Years

Hacker Attacks On Healthcare Industry Are On The Rise

Blog, General Interest, Recent News, Security, Technology News

Hacker Attacks On Healthcare Industry Are On The Rise

Adobe Flash Has Reached End of Life Status

Blog, General Interest, Recent News, Security, Technology News

Adobe Flash Has Reached End of Life Status

Recent Posts

  • Big Changes Coming To Microsoft Outlook In Coming Years
  • Hacker Attacks On Healthcare Industry Are On The Rise
  • Adobe Flash Has Reached End of Life Status

Archives

Categories

Get a Domain Registered


$.99* .COM Domain! Get going with GoDaddy!

Back To Top
Bayou Technologies | Lake Charles, Louisiana | Technology | Cybersecurity | Communication | Marketing
  • Home
  • Technology
  • Cybersecurity
  • Communication
  • Marketing
  • Newsletter
  • Blog
  • Support
  • Contact

BBB Logo

Bayou Technologies, LLC
✖
Bayou Technologies is a BBB Accredited Busines
A+
On a scale of A+ to F

Reviewed, Evaluated and Accredited

Meets All 26 Standards of Accreditation

BBB Accredited since 1/1/2012

Click here for BBB Business Report on Bayou Technologies, LLC

BBB Accredited:

BBB Rating as of:

Verify Bayou Technologies, LLC
Bayou Technologies, LLC © 2019
Website Development and Marketing in Lake Charles, Louisiana
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are as essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.