QNAP Patches Critical Security Vulnerability that Allows Remote Code Injection

QNAP is warning customers to install QTS and QuTS firmware updates that fix a critical security vulnerability that potentially allows remote attackers to inject malicious code on QNAP NAS devices. This vulnerability is tracked as CVE-2022-27596 and is rated as a Critical impact by the company and affects QTS 5.0.1 and QuTS hero h5.0.1 versions of the operating system. The vulnerability, according to the company, is a SQL injection flaw, which allows attackers to send specially crafted requests to modify legitimate SQL queries to perform unexpected behavior. QNAP then released a JSON file that describes the severity of the vulnerability, indicating it can be exploited through low-level remote attacks, without requiring user interaction or privileges on the targeted device. To update their devices, customers can log into the device and go to Control Panel System Firmware Update. Under the Live Update section, they should select the Check for Update option and wait for the download and installation to be finished. Furthermore, they can also manually download the updates from QNAP’s Download Center by selecting the correct product type and model. QNAP’s advisory hasn’t marked CVE-2022-27596 as actively exploited in real-world attacks. However, considering the gravity of the vulnerability, users are advised to immediately apply available security updates to avoid exploitation. QNAP devices are already being targeted by ongoing ransomware campaigns like DeadBolt and eCh0raix, which abuse vulnerabilities to encrypt data on exposed NAS devices.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 30 Jan 2023 17:26:03 +0000


Cyber News related to QNAP Patches Critical Security Vulnerability that Allows Remote Code Injection

Over 29,000 QNAP devices vulnerable to code injection attacks - Tens of thousands of QNAP network-attached storage devices are waiting to be patched against a critical security flaw addressed by the Taiwanese company on Monday. Remote threat actors can exploit this SQL injection vulnerability to inject malicious ...
1 year ago Bleepingcomputer.com
QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products - Taiwan-based QNAP Systems on Friday announced patches for a dozen vulnerabilities across its product portfolio, including high-severity flaws in its operating system. The bug affects QTS versions 5.1.x and QuTS hero versions h5.1.x and was resolved ...
11 months ago Securityweek.com
QNAP takes down server behind widespread brute-force attacks - QNAP took down a malicious server used in widespread brute-force attacks targeting Internet-exposed NAS devices with weak passwords. The Taiwanese hardware vendor detected the attacks on the evening of October 14 and, with assistance from Digital ...
1 year ago Bleepingcomputer.com
New ISC Security Patches Released for 2021: What You Need to Know - The Internet Systems Consortium (ISC), the largest provider of open-source Internet infrastructure software, has released new security patches designed to mitigate data breaches and other cyber threats. These new security patches, released in January ...
1 year ago Thehackernews.com
Multiple QNAP Severity Flaw Let Attackers Execute Remote Code - QNAP has released multiple security advisories for addressing several high, medium, and low-severity vulnerabilities in multiple products, including QTS, QuTS hero, Netatalk, Video Station, QuMagie, and QcalAgent. QNAP has also stated all the ...
11 months ago Gbhackers.com
QNAP Patches Critical Security Vulnerability that Allows Remote Code Injection - QNAP is warning customers to install QTS and QuTS firmware updates that fix a critical security vulnerability that potentially allows remote attackers to inject malicious code on QNAP NAS devices. This vulnerability is tracked as CVE-2022-27596 and ...
1 year ago Bleepingcomputer.com
QNAP Devices Unpatched Against Critical Flaw: Over 29,000 Vulnerable - Tens of thousands of QNAP network-attached storage devices are exposed online and unpatched against a critical security flaw. Remote threat actors can exploit this SQL injection vulnerability to inject malicious code in attacks targeting ...
1 year ago Bleepingcomputer.com
GitLab Patches: Severe SAML Authentication Bypass Flaw Fixed - Security Boulevard - In addition to these patches, OmniAuth SAML has been upgraded to version 2.2.1 and Ruby-SAML to 1.17.0. It’s worth mentioning that the issue only impacts self-managed instances; therefore, users of GitLab Dedicated instances do not need to take any ...
2 months ago Securityboulevard.com
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
11 months ago Feeds.dzone.com
30k Internet-Exposed QNAP NAS Devices Affected by Recent Vulnerability - Attack surface management firm Censys has identified roughly 30,000 internet-exposed QNAP network-attached storage appliances that are likely affected by a recently disclosed critical-severity code injection vulnerability. Tracked as CVE-2022-27596, ...
1 year ago Securityweek.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
2 months ago Helpnetsecurity.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
1 year ago Microsoft.com
QNAP Alerts of a Vulnerability that Could Lead to Deadbolt Ransomware Attacks - QNAP, a data-storage hardware vendor, has issued a warning to customers to update their devices due to the discovery of a vulnerability that could leave thousands exposed to attacks. The vulnerability, known as CVE-2022-27596, affects QNAP devices ...
1 year ago Therecord.media
The First 10 Days of a vCISO’S Journey with a New Client - Cyber Defense Magazine - During this period, the vCISO conducts a comprehensive assessment to identify vulnerabilities, engages with key stakeholders to align security efforts with business objectives, and develops a strategic roadmap to prioritize actions and resources. If ...
2 months ago Cyberdefensemagazine.com
CISA Warns of FXC Router, QNAP NVR Vulnerabilities Exploited in the Wild - The US cybersecurity agency CISA on Thursday released industrial control system advisories for vulnerabilities affecting Future X Communications routers and QNAP network video recorder devices, and warned organizations that they have been exploited ...
11 months ago Securityweek.com
6 Best Cloud Security Companies & Vendors in 2024 - Cloud security companies specialize in protecting cloud-based assets, data, and applications against cyberattacks. To help you choose, we've analyzed a range of cybersecurity companies offering cloud security products and threat protection services. ...
10 months ago Esecurityplanet.com
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
2 months ago Cyberdefensemagazine.com
Hackers Actively Exploiting Vulnerability to Deploy Mirai Malware - Hackers exploit QNAP devices because they often have known vulnerabilities or misconfigurations that can be exploited for unauthorized access. QNAP devices store valuable data, which makes them lucrative targets for threat actors seeking to:-. NVR is ...
1 year ago Cybersecuritynews.com
Five business use cases for evaluating Azure Virtual WAN security solutions - To help organizations who are evaluating security solutions to protect their Virtual WAN deployments, this article considers five business use cases and explains how Check Point enhances and complements Azure security with its best-of-breed, ...
7 months ago Blog.checkpoint.com
10 Best Security Service Edge Solutions - Security Service Edge is an idea in cybersecurity that shows how network security has changed over time. With a focus on customized solutions, Security Service Edge Solutions leverages its expertise in multiple programming languages, frameworks, and ...
10 months ago Cybersecuritynews.com
How to Keep Your Data Secure: Leaks, Breaches, Patches and Tweaks - In today’s world, data security is more important than ever. With the rise of cybercrime, data breaches, and security threats, it’s essential to stay vigilant when it comes to protecting your data. In this article, we discuss the latest news on ...
1 year ago Nakedsecurity.sophos.com
Google Patches 25 Android Flaws, Including Critical Privilege Escalation Bug - Google has released patches for 25 documented security vulnerabilities in the Android operating system, including a critical-severity flaw in the Framework component. The critical bug, tracked as CVE-2024-31320, impacts Android versions 12 and 12L ...
5 months ago Packetstormsecurity.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Normalizing Security Culture: Stay Ready - While it may seem like self-promotion or extraneous work, it’s extremely valuable to take the extra time to summarize threats stopped, processes improved, projects completed and team members modeling strong security behavior. Most people don't ...
2 months ago Darkreading.com
A Practitioner's Guide to Security-First Design - Instead, organizations must proactively fortify their defenses and enter the era of security-first design - an avant-garde approach that transcends traditional security measures. Security-first design is an approach that emphasizes integrating robust ...
1 year ago Feeds.dzone.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)