QNAP fixes critical bug in NAS backup, disaster recovery app

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,573
Content source
https://www.bleepingcomputer.com/news/security/qnap-fixes-critical-bug-in-nas-backup-disaster-recovery-app/
Taiwan-based network-attached storage (NAS) maker QNAP has addressed a critical security vulnerability enabling attackers to compromise vulnerable NAS devices' security.

The improper access control vulnerability tracked as CVE-2021-28809 was found by Ta-Lun Yen of TXOne IoT/ICS Security Research Labs in HBS 3 Hybrid Backup Sync, QNAP's disaster recovery and data backup solution.

The security issue is caused by buggy software that does not correctly restrict attackers from gaining access to system resources allowing them escalate privileges, execute commands remotely, or read sensitive info without authorization.

QNAP says that the security flaw is already fixed in the following HBS versions and advises customers to update the application to the latest released version:
  • QTS 4.3.6: HBS 3 v3.0.210507 and later
  • QTS 4.3.4: HBS 3 v3.0.210506 and later
  • QTS 4.3.3: HBS 3 v3.0.210506 and later
However, while QNAP published the security advisory announcing that CVE-2021-28809 is fixed today, the app's release notes do not list any security updates since May 14th, 2021.

According to the company, QNAP NAS devices running QTS 4.5.x with HBS 3 v16.x are not affected by this security vulnerability and are not exposed to attacks.
Click to expand...
HBS backdoor account exploited by Qlocker ransomware
QNAP fixed another critical security vulnerability found in the HBS 3 Hybrid Backup Sync backup and disaster recovery app in April.

The backdoor account flaw, initially described by the company as "hardcoded credentials" and then as an "improper authorization," provided a backdoor account that allowed Qlocker ransomware operators to encrypt Internet-exposed Network Attached Storage (NAS) devices.

Starting with at least April 19th, Qlocker began targeting QNAP devices as part of a massive campaign, deploying ransomware payloads that moved victims' files in password-protected 7zip archives and asked for ransoms.

As BleepingComputer reported, the ransomware gang made around $260,000 in just five days by demanding ransoms of 0.01 bitcoins (worth roughly $500 at the time).

The same month, QNAP urged their customers to secure their NAS devices from Agelocker ransomware attacks targeting their data and, two weeks later, from an eCh0raix ransomware campaign.

QNAP devices were previously attacked by eCh0raix ransomware (also known as QNAPCrypt) during June 2019 and June 2020.
Click to expand...
Customers who want to secure their NAS devices from incoming attacks are advised to follow these best practices for enhancing NAS security.
Click to expand...
 
  • Like
Reactions: Venustus, upnorth, The_King and 3 others
You must log in or register to reply here.

Similar threads

CyberTech
    • Like
    • Applause
    • +Reputation
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto
Replies
0
Views
669
News Archive
CyberTech
CyberTech
Gandalf_The_Grey
    • Like
QNAP 'thoroughly investigating' new DeadBolt ransomware attacks
Replies
0
Views
629
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • Applause
    • HaHa
Police tricks DeadBolt ransomware out of 155 decryption keys
Replies
0
Views
616
News Archive
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top