U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

A mysterious code prevents QNAP NAS devices to be updated

Users of QNAP NAS devices are reporting through QNAP forum discussions of mysterious code that adds some entries that prevent software update. Users of the Network attached storage devices manufactured by QNAP  have reported a mystery string of malware attacks that disabled software updates by hijacking entries in host machines’ hosts file. According to the […]

QNAP TS-253A

Users of QNAP NAS devices are reporting through QNAP forum discussions of mysterious code that adds some entries that prevent software update.

Users of the Network attached storage devices manufactured by QNAP  have reported a mystery string of malware attacks that disabled software updates by hijacking entries in host machines’ hosts file.

According to the users, the malicious code adds some 700 entries to the /etc/hosts file that redirects requests to IP address 0.0.0.0.

QNAP TS-253A

The user ianch99 in the QNAP NAS community forum reported that the antivirus ClamAV was failing to update due to 0.0.0.0 clamav.net host file entries.

“Since recent firmware updates, the ClamAV Antivirus fails to update due to 700+ clamav.net entries in /etc/hosts, all set to 0.0.0.0 e.g.” wrote
the user ianch99.

“0.0.0.0 bugs.clamav.net
0.0.0.0 current.cvd.clamav.net
0.0.0.0 database.clamav.net
0.0.0.0 db.local.clamav.net
0.0.0.0 update.nai.com
0.0.0.0 db.ac.clamav.net
0.0.0.0 db.ac.ipv6.clamav.net
0.0.0.0 db.ac.big.clamav.net
<snip>

As they are all set to 0.0.0.0, the ClamAV update fails. If you remove these entries, the update runs fine but they return on after rebooting.”

Other users reported similar problems with the MalwareRemover, but it is still unclear if the events are linked.

QNAP provided a script that could help users to restore normal operations deleting the mysterious entries.

QNAP hasn’t confirmed that the incidents were caused by a malware.

“Exposing your NAS on the internet (allowing remote access) is always a high risk thing to do (at least without a properly deployed remote access VPN and/or 2FA on all existing user accounts)!” wrote the user P3R.

“The real problems that I see with Qnap are:

  • The marketing is pushing the private cloud message and tell users that the Qnap solution is a secure way to deploy it. Unfortunately the first part is very attractive to users that doesn’t understand the risks and the last part is a lie.
  • Qnap have many dangerous things enabled by default and/or without sufficient warnings about the risks.”
[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – NAS, hacking)

[adrotate banner=”5″] [adrotate banner=”13″]