1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • QNAP extends support for older NAS devices amid surge in attacks

    From TechnologyDaily@1337:1/100 to All on Tue Feb 15 16:30:04 2022
    QNAP extends support for older NAS devices amid surge in attacks

    Date:
    Tue, 15 Feb 2022 16:23:30 +0000

    Description:
    Support extended for older NAS devices until October 2022.

    FULL STORY ======================================================================

    QNAP has decided to extend support for some of its network-attached storage (NAS) devices that had reached end of life (EOL), but the additional support does come with a caveat.

    Businesses sporting unsupported devices will get until October this year to upgrade, but even with extended support, only certain risks will be
    mitigated.

    "EOL models may lack computational capabilities, be short on operational memory, be unable to receive up-to-date component drivers, or possess other technical constraints or deprecated technology," BleepingComputer cited the Taiwanese NAS maker as saying. Addressing high severity vulnerabilities only

    "Due to these reasons, QNAP normally maintains security updates for four
    years after a product passes its EOL date. As a special effort to help users protect their devices from todays security threats, QNAP has extended
    security updates for some EOL models till October 2022."

    These updates, however, will only address high-severity and critical vulnerabilities, meaning some relatively dangerous flaws might still make it through with malware .

    In the same announcement, the company warned customers not to expose EOL NAS devices to the internet, as they might easily be targeted by malicious actors already acquainted with certain unpatched vulnerabilities. Read more

    QNAP says it is working on patches for OpenSSL bugs impacting its NAS
    devices


    QNAP NAS devices left encrypted by Deadbolt ransomware


    QNAP NAS devices hit with surge of ransomware attacks

    Owners of EOL NAS devices should do these two things to defend from attacks, QNAP suggested:

    Disable the Port Forwarding function of the router (in the routers management interface, check the Virtual Server, NAT, Port Forwarding settings, and disable the port forwarding settings for port 8080 and 433); Disable the UPnP function of the QNAP NAS (on the QTS menu, navigate to myQNAPcloud > Auto Router Configuration, and unselect Enable UPnP Port forwarding.

    In late December last year, some QNAP NAS device owners were targeted by the eCh0raix ransomware . The threat actors were allowed to create a user in the administrator group, after which they managed to encrypt all the files on the NAS system. A free decryptor is available online, but only for older versions of the ransomware. We've created a list of the best antivirus services around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/qnap-extends-support-for-older-nas-devices-amid -surge-in-attacks/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)