QNAP fixes another critical security flaw on its NAS devices

• The comparison
• Computer Technology
• QNAP fixes another critical security flaw on its NAS devices

Taiwanese network-attached storage (NAS) manufacturer QNAP has resolved an inappropriate access control vulnerability in the device's data backup and disaster restoration software. Internet-connected NAS devices are popular targets for threat actors who target vulnerabilities in your software to embed ransomware or even use your computing resources for malicious purposes like cryptocurrency mining. In recent times, QNAP devices have been the target of multiple cyber-attack campaigns due to their popularity. But, for what it's worth, QNAP has also been very active in patching vulnerabilities.

TheComparison needs you! We take a look at how our readers are using VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 5 seconds of your time, and you can also be entered into a draw to win a $XNUMX Amazon voucher or one of XNUMX-year ExpressVPN subscriptions.

Click here to launch the survey in a new window

In the sights

The critical security vulnerability now fixed can be exploited to allow attackers to remotely access devices and elevate privileges, execute commands, and access confidential information without authorization. Bleeping Computer reports that the manufacturer resolved another vulnerability in the same backup software, back in April, that was exploited by Qlocker ransomware operators to attack any fragile NAS connected to the Internet. Similarly, late last year, QNAP resolved a cross-site scripting vulnerability and also released patches to defeat malware that used the QNAP device to mine cryptocurrency earlier this year. Western Digital users have also been victims of software vulnerabilities in their devices, with multiple MyBook devices losing their data after rolling back their devices as part of an ongoing malware campaign.