QNAP corrige une faille zero-day exploitée par le ransomware DeadBolt

QNAP fixes a zero-day flaw!

For several months, there has been a real duel between QNAP and the DeadBolt ransomware. Waves of attacks are very frequent, and each time users pay a high price: the data on their NAS is encrypted. The manufacturer QNAP has just fixed a zero-day security flaw exploited by DeadBolt.

Since Saturday, the DeadBolt ransomware has been attacking QNAP NAS again, and this time it exploits a zero-day security flaw present in l’application Photo Station. This application is used to manage his personal photos from his NAS.

In his security bulletinQNAP explains that the ransomware exploits this vulnerability to compromise NAS directly connected to the Internet, and then encrypt the data. “We strongly recommend that their QNAP NAS not be directly connected to the Internet. We recommend users to use the myQNAPcloud Link function provided by QNAP, or enable the VPN service.

QNAP reacted quite quickly since 12 hours after the start of attacks based on this vulnerability, the NAS manufacturer posted a security patch for Photo Station. According to the version of the QTS system, here is the version of Photo Station to install:

  • QTS 5.0.1: Photo Station 6.1.2 et +
  • QTS 5.0.0/4.5.x: Photo Station 6.0.22 et +
  • QTS 4.3.6: Photo Station 5.7.18 et +
  • QTS 4.3.3: Photo Station 5.4.15 et +
  • QTS 4.2.6: Photo Station 5.2.14 et +

Otherwise, QNAP Recommends Users Ditch Photo Station and Switch to QuMagie App : a more advanced photo management application, which relies in particular on artificial intelligence.

DeadBolt ransomware has been attacking QNAP NAS since January 2022, and then there have been several waves of attacks, including May 2022 and June 2022. After a lull, although it still remains active at a minimum, he’s back to exploit a zero-day security flaw. If you are using the Photo Station app, you need to update as soon as possible.



#QNAP #fixes #zeroday #flaw

Leave a Comment

Your email address will not be published. Required fields are marked *