fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Hackers Are Backdooring QNAP NAS Devices With 3-year Old RCE Bug

Hackers Are Backdooring QNAP NAS Devices With 3-year Old RCE Bug

Hackers are scanning for vulnerable network-attached storage (NAS) devices running multiple QNAP firmware versions, trying to exploit a remote code execution (RCE) vulnerability addressed by QNAP in a previous release.

According to a report published today by researchers at Qihoo 360’s Network Security Research Lab (360 Netlab), unknown threat actors are currently exploiting a remote command execution vulnerability due to a command injection weakness in QNAP NAS devices’ firmware.

Command injection vulnerability leading to RCE

The vulnerability allows unauthenticated, remote attackers to achieve authentication using the authLogout.cgi executable because it fails to sanitize input —doesn’t filter out special characters — and calls the system function to run the command string, allowing for command injection which allows for remote code execution.

360 Netlab’s researchers reached out to QNAP PSIRT on May 13 to disclose the security they found and they were told on August 12 (three months later) that the company addressed the security issue in a previous security update and that there still are QNAP NAS devices that need to be upgraded.

QNAP fixed the vulnerability in firmware version 4.3.3 — released on July 21, 2017 — by replacing the function used to run the command strings.

“This release replaced the system function with qnap_exec, and the qnap_exec function is defined in the /usr/lib/libuLinux_Util.so.0,” 360 Netlab said. By using the execv to execute custom command, command injection has been avoided.”

“On August 12, 2020, QNAP PSIRT replied that the vulnerability had been fixed in early updates, but such attacks still exist in the network.”

Also read: Intrusion Into Privacy All About Law And Legal Definition

QNAP customers urged to upgrade

Based on 360 Netlab’s analysis, the bad actors behind these ongoing attacks haven’t yet fully automated the process and are going through some parts of the process by hand.

360 Netlab is yet to pinpoint the attackers’ end goal but discovered that they deploy the same two payloads on all compromised devices, one of them being a reverse shell working on the TCP/1234 port.

“We recommend that QNAP NAS users check and update their firmwares in a timely manner and also check for abnormal processes and network connections,” the researchers added.

360 Netlab provides a list of all affected QNAP firmware versions and indicators of compromise including the attackers’ scanner and downloader IP addresses.

Active eCh0raix Ransomware campaign

QNAP storage devices are also currently targeted by an ongoing eCh0raix Ransomware campaign that started two months ago, in early June, with victims reporting daily that their NAS devices are being encrypted according to this topic on Bleeping Computer’s forum.

Last month, QNAP also urged its customers to bolster their NAS devices’ security and update the Malware Remover app following a QSnatch malware joint alert issued by UK’s NCSC and the US CISA government cybersecurity agencies.

Even though the attack infrastructure used in previous QSnatch campaigns is now down, the two agencies found roughly 62,000 infected devices worldwide during mid-June 2020, of which about 3,900 were found in the United Kingdom and 7,600 in the United States.

Also read: 5 Tips In Using Assessment Tools To A Successful Businesses

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us