Taiwan-based network-attached storage (NAS) maker QNAP has addressed an improper access control vulnerability in the devices’ disaster recovery and data backup software.
Internet-connected NAS devices are popular targets with threat actors who’ve target vulnerabilities in their software to deploy ransomware or even to use their computing resources for malicious purposes like mining cryptocurrency.
QNAP devices have been at the receiving end of various cyber attack campaigns lately, due to the popularity of the devices. But for what it’s worth, QNAP has been very active in patching vulnerabilities as well.
- We've put together a list of the best endpoint protection software
- These are the best NAS devices currently available
- Take a look at the best NAS drives in the market
In the crosshairs
The now-patched critical security vulnerability can be exploited to enable attackers to gain remote access to the devices and escalate privileges, execute commands, and access sensitive information without authorization.
Bleeping Computer reports that the manufacturer fixed another vulnerability in the same backup software, back in April, which was exploited by the Qlocker ransomware operators to target any Internet-connected vulnerable NAS device.
Similarly, late last year QNAP fixed a cross-site scripting vulnerability, and also issued patches to neutralize malware that used the QNAP device to mine cryptocurrency, earlier this year.
Western Digital users have also been on the receiving end of software vulnerabilities in their devices, with several MyBook devices losing their data after having their devices reset in an ongoing malware campaign.
- Check our roundup of the best cloud storage services
