•   
  •   

US News QNAP warns of attacks on Zerologon vulnerability

19:30  22 october  2020
19:30  22 october  2020 Source:   zdnet.de

Iraq: a possible withdrawal of American troops worries Europeans

 Iraq: a possible withdrawal of American troops worries Europeans © AHMAD AL-RUBAYE / AFP American soldiers in Kirkuk, in northern Iraq, on March 29, 2020. The pro-Iran militias announced a " cease-fire ”, putting an end to attacks on foreign missions, especially American ones, on one condition: that the Iraqi government quickly establish a timetable for the total withdrawal of American troops from the country.

Qnap_TS-453B © DEFAULT_CREDIT Qnap_TS-453B A vulnerable NAS device allows hackers to bypass security functions in the network. Devices with QTS version 4.3, 4.4 and 4.5 are affected. Version 2.x, however, is not vulnerable.

QNAP has released an Security Alert for some of its NAS devices. Their QTS operating system may be susceptible to the so-called ZeroLogon gap, which is classified as critical under Windows in particular. In the case of QNAP network storage, an attacker could obtain an unauthorized extension of user rights in order to bypass security functions via a vulnerable QTS device in the network.

However, only NAS devices that are configured as domain controllers are affected. This function is not active at the factory and, according to Bleeping Computer , is only required if a NAS is also used in an organization to manage user accounts, authenticate and enforce domain security. Network storage devices for which the LDAP server has been activated are not affected, since they cannot be configured as domain controllers.

BKA warns of a new wave of cyber attacks

 BKA warns of a new wave of cyber attacks “The IDG study shows that a new, holistic security approach must take place. All the steps - from prevention and threat detection to simulation, with which you regularly test your own infrastructure - have to be included, ”Schlechter explains. The prognoses of the Federal Criminal Police Office do not provide for relaxation either: The threats would increase further in view of further technical developments and advancing digitization, according to the situation report of the BKA.

According to the security message, a patch is already available. The QTS versions 4.5.1.1456 Build 20201015 and later, 4.4.3.149 Build 20200925 and later, 4.3.6.1446 Build 20200929 and later, 4.3.4.1463 Build 20201006 and later and 4.3.3.1432 Build 20201006 and later are therefore error-free. However, the QTS 2.x and QES operating systems are not vulnerable.

QNAP distributes the update via its download center. Users registered as administrators can also download it from the control panel. QNAP strongly recommends that you apply the patches immediately. The advisory also describes the steps necessary to update all apps on network storage.

The ZeroLogon vulnerability in Windows is considered particularly serious. Attackers could possibly gain complete control of a domain. According to Microsoft , the vulnerability is already being actively exploited for attacks. The US security agency CISA also warned all US authorities of possible attacks in September and asked them to install the Microsoft patches immediately.

US Presidential: The Trump camp intensifies (again) its attacks against Joe Biden

 US Presidential: The Trump camp intensifies (again) its attacks against Joe Biden Donald Trump and Joe Biden were this Sunday in two key states of the election: Nevada and North Carolina. While the outgoing president lags behind in the polls, he has multiplied the insults and attacks against his opponent © Sipa Donald Trump and Joe Biden clashed remotely on two competing television channels on October 15, 2020. ELECTION - Donald Trump and Joe Biden were this Sunday in two key states of the election: Nevada and North Carolina.

As early as the end of September, QNAP advised a firmware update . It is designed to minimize the risk of ransomware attacks. Most recently, cyber criminals targeted QNAP NAS devices using AgeLocker ransomware.

ANZEIGE Slack collaboration platform: Work efficiently - no matter where

Before COVID-19, remote work was almost unthinkable for many companies. Today they have recognized that it can work very well if the framework conditions are right. In this webinar you will learn how you can react optimally to the changed working conditions with the Slack collaboration solution.

Register now and watch the recording.

Microsoft warns again of attacks on Zerologon vulnerability .
© DEFAULT_CREDIT Security (Image: Shutterstock) There are new reports of continued activities by cybercriminals. Microsoft reiterates that the August update is only the first step in fixing the vulnerability. Only a patch announced for February fully closes the security gap. Microsoft has issued an further warning against attacks on the Windows Netlogon protocol via the Microsoft Security Response Center.

usr: 0
This is interesting!