December 9, 2024 at 08:29AM QNAP Systems announced security patches for vulnerabilities discovered at Pwn2Own Ireland 2024, including a severe command injection flaw (CVE-2024-50393) and a CRLF injection bug (CVE-2024-48868), both with CVSS scores of 8.7. Users are urged to update their systems to protect against potential attacks. ### Meeting Takeaways 1. **Vulnerability Patches Released**: … Read more
November 26, 2024 at 05:33AM QNAP addressed 24 vulnerabilities in its products, with two critical and nine high-severity flaws identified. The most affected was the Notes Station 3 app. Meanwhile, Veritas disclosed seven critical vulnerabilities in its Enterprise Vault software, with patches expected long-term, raising concerns about security management and response efficiency. ### Meeting Takeaways … Read more
November 25, 2024 at 05:18PM QNAP has issued security bulletins addressing multiple vulnerabilities, including three critical ones in Notes Station 3 and QuRouter. Users are urged to update to the latest versions to mitigate risks. Other products also received important fixes. QNAP advises against direct Internet connections for devices to prevent exploitation. ### Meeting Takeaways: … Read more
November 22, 2024 at 03:55PM QNAP has withdrawn a problematic firmware update (QTS 5.2.2.2950) following user complaints of connectivity issues and device lockouts. Customers reported errors preventing access to their NAS features. QNAP recommends downgrading to the previous version (5.2.1.2930) to resolve these issues but has not issued a formal statement. ### Meeting Takeaways 1. … Read more
October 30, 2024 at 01:43PM QNAP released security patches for two critical zero-day vulnerabilities, CVE-2024-50387 and another in HBS 3 Hybrid Backup Sync, exploited during Pwn2Own 2024. These patches were issued quickly, highlighting QNAP devices’ susceptibility to cyberattacks. Users are urged to update their software promptly to protect sensitive data. ### Meeting Takeaways 1. **Recent … Read more
October 30, 2024 at 04:37AM Synology, QNAP, and TrueNAS are addressing vulnerabilities that were exploited at Pwn2Own Ireland 2024 by implementing patches and mitigation strategies. **Meeting Takeaways:** 1. **Recent Vulnerabilities**: Synology, QNAP, and TrueNAS have acknowledged vulnerabilities that were exploited during the Pwn2Own Ireland 2024 event. 2. **Action Taken**: Each company has begun implementing patches … Read more
October 29, 2024 at 01:37PM QNAP addressed a critical zero-day vulnerability (CVE-2024-50388) in HBS 3 Hybrid Backup Sync, exploited at Pwn2Own Ireland 2024. The patch is available in version 25.1.1.673 and later. This follows a history of security challenges for QNAP devices, often targeted by ransomware gangs due to sensitive file storage. ### Meeting Takeaways: … Read more
August 21, 2024 at 02:18PM QNAP, a Taiwanese hardware vendor, has integrated a Security Center with ransomware protection into the newest QTS operating system for NAS devices. This enhancement aims to bolster security for network-attached storage systems. Based on the meeting notes, the key takeaway is that QNAP, a Taiwanese hardware vendor, has incorporated a … Read more
May 22, 2024 at 01:33AM QNAP has addressed medium-severity security flaws in its QTS and QuTS hero, including permissions, code execution, and buffer overflow vulnerabilities. Fixes have been released, credited to Aliz Hammond of watchTowr Labs. Although some issues remain outstanding, QNAP has committed to improving coordination with researchers and enhancing security measures for its … Read more
May 20, 2024 at 10:07AM QNAP’s vulnerabilities disclosed by watchTowr revealed 15 issues, with only 4 addressed. Six are accepted with no available patches, while the rest are still under embargo or have no solution. QNAP has a history of ransomware attacks and slow patching. CVE-2024-27130, with potential RCE, remains unpatched despite being acknowledged by … Read more