QNAP Issues Patch for Zerologon Vulnerability
QNAP has released a new patch for its devices to address the infamous Zerologon vulnerability, which Microsoft says threat actors are already using in the wild.
An unintended side effect of having a large market share is that it takes a really long time to patch all systems when a nasty vulnerability shows up. Not everyone is quick to apply the latest updates, which leaves many systems vulnerable for years on end.
The Zerologon vulnerability (CVE-2020-1472) will likely show its ugly head for a long time since it’s already used in the wild by threat actors. Hackers know an inherent inertia slows system patching, so they exploit vulnerabilities like Zerologon for as long as possible.
“The Zerologon vulnerability has been reported to affect some versions of QTS,” says QNAP in its advisory.
“If exploited, this elevation of privilege vulnerability allows remote attackers to bypass security measures via a compromised QTS device on the network. The NAS may be exposed to this vulnerability if users have configured the device as a domain controller in Control Panel > Network & File Services > Win/Mac/NFS > Microsoft Networking.”
As usual, updating the operating system to the latest version is recommended as the only way to fix the problem. Of course, users should also consider updating all installed applications as well.
QNAP regularly releases updates for its NAS (network attached storage) systems. Just recently, the company had to deal with a ransomware campaign targeting older version of QTS. Before that, CISA issued an advisory regarding a malware named QSnatch affecting the same NAS devices.
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data
May 24, 2022
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight
April 15, 2022
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users
April 14, 2022
Why and how to hide your IP address while traveling
April 13, 2022
How Bitdefender Can Help Restore Your Privacy in the Digital Age
April 04, 2022
How Strong is VPN Encryption?
February 28, 2022