Blog Layout

Popular NAS Device Vendor Fixes Vulnerability Recommends Update

sccomputerguys • May 15, 2021

QNAP recently addressed a critical security vulnerability you need to be aware of.

Previous to the fix, the company had included hard-coded credentials to serve as a backdoor to the device.

Unfortunately, hackers became aware of this and began abusing those credentials. That resulted in a number of confirmed instances where hackers gained access to the device via the backdoor, then installed ransomware and encrypted all of the files on the device.

The issue is being tracked as CVE-2021-28799, and at this point, has already been resolved.

All you need to do is to download and install the latest version of the software your device uses, which will be one of the following:

  • QTS 4.5.2: HBS 3 Hybrid Backup Sync 16.0.0415 and later
  • QTS 4.3.6: HBS 3 Hybrid Backup Sync 3.0.210412 and later
  • QuTS hero h4.5.1: HBS 3 Hybrid Backup Sync 16.0.0419 and later
  • QuTScloud c4.5.1~c4.5.4: HBS 3 Hybrid Backup Sync 16.0.0419 and later

To update HBS on your NAS device, simply log into QuTS Hero or QTS as an administrator and do a search for the phrase "HBS 3 Hybrid Backup Sync" in the App Center. Once you've found that, click "Update" and "Ok" to start the process. Note that if your software is already up to date, then the "Update" button will be greyed out.

This is not the first time that QNAP devices have been targeted by hackers. Given the sensitive data they invariably contain, they're almost the perfect target for ransomware attacks. Recently, the company issued guidance relating to how to check your device for the presence of malware, and these steps are well worth following at periodic intervals:

  • Change all passwords for all accounts on the device
  • Remove unknown user accounts from the device
  • Make sure the device firmware is up-to-date, and all of the applications are also updated
  • Remove unknown or unused applications from the device
  • Install QNAP MalwareRemover application via the App Center functionality
  • Set an access control list for the device (Control panel -> Security -> Security level)

Make sure you're up to date as soon as possible. This security patch should be given highest priority.

You May Need To Replace Old Cisco VPN Routers

By sccomputerguys 22 Jul, 2022
Do you own one or more of the following products made by Cisco? The RV110W Wireless-N VPN Firewall The RV130 VPN Router The RV130W Wireless-N Multifunction VPN Router The RV215W Wireless-N VPN ...

Some Requested Features May Be Coming To Microsoft Teams

By sccomputerguys 21 Jul, 2022
Do you use Microsoft Teams?  If so, you'll be thrilled to know that the Redmond Giant is continuing to pour resources into improving the software with a specific focus on audio and ...

It May Be Time To Update Your Business Logo

By sccomputerguys 20 Jul, 2022
Corporate branding can be worth its weight in gold and certain images are absolutely iconic.  The Golden Arches, the Nike "swoosh," and Apple's Apple all come to mind. Logo images give companies ...

Researchers Find New CPU Security Vulnerability

By sccomputerguys 19 Jul, 2022
Remember the Heartbleed scare we had a couple years back?  It was a nasty side-channel attack that was somewhat exotic and difficult to pull off, and it was absolutely devastating and sent ...

Ransomware Hackers Have Set Their Sights On Exchange Servers

By sccomputerguys 18 Jul, 2022
Microsoft Exchange servers are once more in the crosshairs of hackers around the world.  Most recently, hacking groups have been specifically targeting them to deploy BlackCat ransomware. As is common among ransomware ...

The Surprising Ways Mobile Technology Impacts Our Lives

By sccomputerguys 16 Jul, 2022
If you grew up in the days before the internet, it's absolutely staggering to think of all the ways that mobile technology has changed our lives (and mostly for the better). Remember ...

Edge Will Replace Internet Explorer After It Is Gone

By sccomputerguys 15 Jul, 2022
It may seem as though Internet Explorer is the browser that will not die, but according to Microsoft, it is now a step closer to breathing its last virtual breath. Microsoft has ...

New Panchan Botnet Targets Linux Servers

By sccomputerguys 14 Jul, 2022
If you're involved with IT Security at any level and if your network includes Linux servers, keep a watchful eye out for the new Panchan botnet. It first appeared in the wilds ...

How To Protect Your Company With Cybersecurity Awareness

By sccomputerguys 13 Jul, 2022
These days, companies spend significant sums of money to protect themselves from cyber criminals.  The threat matrix is vast, and attacks can come from almost any quarter. That is why many companies ...

Data Breach Hits One Of America’s Largest Healthcare Providers

By sccomputerguys 12 Jul, 2022
Do you receive healthcare of any kind from Kaiser Permanente?  If so, be aware that they recently published a data breach notification indicating that an unidentified attacker accessed an email account that ...
More Posts
Share by: