QNAP patches yet another critical security bug in its NAS devices

Urges users to update to the latest firmware

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Taiwan-basednetwork-attached storage (NAS)maker QNAP has addressed an improperaccess controlvulnerability in the devices’disaster recoveryand databackupsoftware.

Internet-connected NAS devices are popular targets with threat actors who’ve target vulnerabilities in their software to deployransomwareor even to use their computing resources for malicious purposes likemining cryptocurrency.

QNAP devices have been at the receiving end of various cyber attack campaigns lately, due to the popularity of the devices. But for what it’s worth, QNAP has been very active in patching vulnerabilities as well.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

Click here to start the survey in a new window«

In the crosshairs

The now-patched critical security vulnerability can be exploited to enable attackers to gain remote access to the devices and escalate privileges, execute commands, and access sensitive information without authorization.

Bleeping Computerreportsthat the manufacturer fixed another vulnerability in the same backup software, back in April, which was exploited by the Qlocker ransomware operators to target any Internet-connected vulnerable NAS device.

Similarly, late last year QNAP fixed across-site scripting vulnerability, and also issued patches toneutralize malwarethat used the QNAP device tomine cryptocurrency, earlier this year.

Western Digital users have also beenon the receiving endof software vulnerabilities in their devices, with severalMyBook deviceslosing their data after having their devices reset in an ongoingmalwarecampaign.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

This dangerous new malware is hitting Windows devices by hiding in games

Windows PCs targeted by new malware hitting a vulnerable driver

Steps to take when your phone number is publicly listed online