fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

QNAP Extends Critical Updates for Some Unsupported NAS Devices

QNAP Extends Critical Updates for Some Unsupported NAS Devices

QNAP has extended support and will keep issuing security updates for some end-of-life (EOL) network-attached storage (NAS) devices until October 2022.

This should provide customers with unsupported devices to upgrade and have their data protected from “evolving security threats.”

“EOL models may lack computational capabilities, be short on operational memory, be unable to receive up-to-date component drivers, or possess other technical constraints or deprecated technology,” the Taiwan-based NAS maker said.

Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service

“Due to these reasons, QNAP normally maintains security updates for 4 years after a product passes its EOL date.  As a special effort to help users protect their devices from today’s security threats, QNAP has extended security updates for some EOL models till October 2022.”

The company added that, while the support date has been moved until October, these EOL devices will only receive security updates addressing high severity and critical vulnerabilities.

More info on what NAS models now come with extended support time can be found in the table embedded below.

CPU ArchitectureLast Supported NAS OS Version for the ModelExtended Date
x86 64-bit models
or ARM models that support one of the NAS OS versions on the right.
QTS 4.2.6
QTS 4.3.3
QTS 4.3.6
QTS 4.4.1
Effectively till October 2022

Don’t expose your NAS to the Internet

QNAP also added that customers should not expose EOL NAS devices to the Internet to ensure that attackers will not compromise them using exploits targeting unpatched vulnerabilities.

This warning mirrors a recent one issued in January before Qlocker and DeadBolt ransomware attacks began targeting Internet-exposed devices.

Customers were warned their devices were at a high risk of being the target of an attack if exposed to the Internet and the System Administration service was directly accessible from external IP addresses.

Also Read: How To Prevent WhatsApp Hack: 7 Best Practices

QNAP said taking the following  measures should defend from attacks:

  • Disable the Port Forwarding function of the router: Go to the management interface of your router, check the Virtual Server, NAT, or Port Forwarding settings, and disable the port forwarding setting of NAS management service port (port 8080 and 433 by default).
  • Disable the UPnP function of the QNAP NAS: Go to myQNAPcloud on the QTS menu, click the “Auto Router Configuration,” and unselect “Enable UPnP Port forwarding.”

QNAP also urged customers today to follow recommendations on enhancing NAS devices’ security to block malware or other types of attacks.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us