Recherche : [NAS] - Cyberveille

Exposed SMB: The Hidden Risk Behind ‘WantToCry’ Ransomware Attacks https://www.seqrite.com/blog/wanttocry-ransomware-smb-vulnerability/

03/02/2025 11:42:39

Learn how the WantToCry ransomware group is exploiting vulnerable SMB (Server Message Block) services to launch devastating attacks. Understand the risks of misconfigured SMB and discover best practices to protect your organization from ransomware.

D-Link won’t fix critical flaw affecting 60,000 older NAS devices https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-flaw-affecting-60-000-older-nas-devices/

11/11/2024 12:03:58

More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit.

QNAPping At The Wheel (CVE-2024-27130 and friends) https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/

20/05/2024 10:09:52

Infosec is, at it’s heart, all about that data. Obtaining access to it (or disrupting access to it) is in every ransomware gang and APT group’s top-10 to-do-list items, and so it makes sense that our research voyage would, at some point, cross paths with products intended to manage - and safeguard - this precious resource.

+92,000 Internet-facing D-Link NAS devices can be easily hacked https://securityaffairs.com/161549/hacking/d-link-nas-flaw.html

07/04/2024 21:47:16

A researcher disclosed an arbitrary command injection and hardcoded backdoor issue in multiple end-of-life D-Link NAS models.

Over 92,000 exposed D-Link NAS devices have a backdoor account https://www.bleepingcomputer.com/news/security/over-92-000-exposed-d-link-nas-devices-have-a-backdoor-account/

06/04/2024 20:13:31

A threat researcher has disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) device models.

Synology NAS DSM Account Takeover: When Random is not Secure https://claroty.com/team82/research/synology-nas-dsm-account-takeover-when-random-is-not-secure

18/10/2023 09:20:23

Team82 has uncovered the use of a weak random number generator in Synology’s DiskStation Manager (DSM) Linux-based operating system running on the company’s network-attached storage (NAS) products
The insecure Math.random() method was used to generate the password of the admin password for the NAS device itself.
Under some rare conditions, an attacker could leak enough information to restore the seed of the pseudorandom number generator (PRNG), reconstruct the admin password, and remotely take over the admin account.
The vulnerability, tracked as CVE-2023-2729, has been addressed by Synology. Synology’s advisory is here.

QNAP warns of zero-day vulnerability in latest DeadBolt ransomware campaign https://therecord.media/qnap-warns-of-zero-day-vulnerability-in-latest-deadbolt-ransomware-campaign/

07/09/2022 08:29:50

The Record by Recorded Future gives exclusive, behind-the-scenes access to leaders, policymakers, researchers, and the shadows of the cyber underground.

QNAP warns severe OpenSSL bug affects most of its NAS devices https://www.bleepingcomputer.com/news/security/qnap-warns-severe-openssl-bug-affects-most-of-its-nas-devices/

31/03/2022 15:05:09

Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago.

Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.

New DeadBolt ransomware targets QNAP devices, asks 50 BTC for master key https://www.bleepingcomputer.com/news/security/new-deadbolt-ransomware-targets-qnap-devices-asks-50-btc-for-master-key/

15/02/2022 20:59:55

A new DeadBolt ransomware group is encrypting QNAP NAS devices worldwide using what they claim is a zero-day vulnerability in the device's software.

Liens par page

Filtres