Popular NAS Device Vendor Fixes Vulnerability Recommends Update

May 15, 2021

Written by wukovits


QNAP recently addressed a critical security vulnerability you need to be aware of.

Previous to the fix, the company had included hard-coded credentials to serve as a backdoor to the device.

Unfortunately, hackers became aware of this and began abusing those credentials. That resulted in a number of confirmed instances where hackers gained access to the device via the backdoor, then installed ransomware and encrypted all of the files on the device.

The issue is being tracked as CVE-2021-28799, and at this point, has already been resolved.

All you need to do is to download and install the latest version of the software your device uses, which will be one of the following:

  • QTS 4.5.2: HBS 3 Hybrid Backup Sync 16.0.0415 and later
  • QTS 4.3.6: HBS 3 Hybrid Backup Sync 3.0.210412 and later
  • QuTS hero h4.5.1: HBS 3 Hybrid Backup Sync 16.0.0419 and later
  • QuTScloud c4.5.1~c4.5.4: HBS 3 Hybrid Backup Sync 16.0.0419 and later

To update HBS on your NAS device, simply log into QuTS Hero or QTS as an administrator and do a search for the phrase “HBS 3 Hybrid Backup Sync” in the App Center. Once you’ve found that, click “Update” and “Ok” to start the process. Note that if your software is already up to date, then the “Update” button will be greyed out.

This is not the first time that QNAP devices have been targeted by hackers. Given the sensitive data they invariably contain, they’re almost the perfect target for ransomware attacks. Recently, the company issued guidance relating to how to check your device for the presence of malware, and these steps are well worth following at periodic intervals:

  • Change all passwords for all accounts on the device
  • Remove unknown user accounts from the device
  • Make sure the device firmware is up-to-date, and all of the applications are also updated
  • Remove unknown or unused applications from the device
  • Install QNAP MalwareRemover application via the App Center functionality
  • Set an access control list for the device (Control panel -> Security -> Security level)

Make sure you’re up to date as soon as possible. This security patch should be given highest priority.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Key Considerations for Effective Cybersecurity Implementation

Consider this: In the realm of cybersecurity, things often get tangled in the web of "you should do it anyway" arguments. Yet, for busy business owners bombarded with daily "must-dos," deciphering the essentials from the fluff can feel like a cyber maze. We aim to...

Unlocking Small Business Success: The Impact of AI in a Digital Era

In the rapidly evolving business landscape, staying competitive necessitates embracing technological advancements. Artificial Intelligence (AI), once perceived as a luxury for larger enterprises, is now accessible to small businesses, offering new opportunities for...