fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

QNAP Warns Of New QTS Bugs That Allow Take Over Of Devices

QNAP Warns Of New QTS Bugs That Allow Take Over Of Devices

QNAP today announced two vulnerabilities affecting QTS, the operating system powering its network-attached storage devices, that could allow running arbitrary commands.

The bugs are remotely exploitable and have been reported in versions of the software released before September 8, 2020.

Latest version is safe

The network-attached storage (NAS) device vendor does not provide too many details about the two issues but says that recent QTS releases include the necessary patches.

According to QNAP’s security advisory, users that have updated the QTS operating system to at least version QTS 4.4.3.1421 build 20200907 have nothing to worry about.

Currently tracked as CVE-2020-2490 and CVE-2020-2492, the two bugs are classified as command injection vulnerabilities, the company says.

Also Read: 15 Best Tools For Your Windows 10 Privacy Settings Setup

It is unclear how an attacker could exploit these vulnerabilities or what components of the OS are vulnerable but running arbitrary commands on a system is typically synonymous with full take over of the device.

The features in the QTS operating system go beyond providing a comfortable environment for sharing files, managing storage, and backup operations. It also allows installing applications from the QNAP App Center that extend the functionality of the NAS device to cover business and home entertainment purposes.

QNAP devices are attractive targets

Small businesses typically use them for backup and file sharing. An exposed system running an outdated operating system could give attackers an opportunity to compromise the storage device with various types of malware.

Back in September, QNAP warned customers about ransomware attacks targeting its NAS products. The threat actor exploited a vulnerability in the Photo Station app that enables users to upload images to the device, create albums, or view them remotely.

More recently, the company fixed issues in the Helpdesk app that could be exploited to get control of a QNAP device.

Another warning came on October 21 when the NAS device vendor alerted customers that some versions of the QTS operating system are impacted by the critical Windows ZeroLogon (CVE-2020-1472) vulnerability.

Also Read: How To Secure Your WiFi Camera? 4 Points To Consider

Users can install the latest QTS update manually after downloading it from the QNAP website or by checking for updates and letting the operating system download and apply the new version:

  1. Log on to QTS as administrator
  2. Go to Control Panel > System > Firmware Update
  3. Under Live Update, click Check for Update

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us