QNAP has unveiled two critical zero-day vulnerabilities present in its legacy model TS-231 network attached storage devices and a number of other non-legacy NAS hardware, according to Threatpost. The company said the bugs can be addressed immediately on its non-legacy NAS devices through patches, while a patch for the TS-231 model is scheduled for release over the next few weeks. The bugs, which are designated CVE-2020-2509 and CVE-2021-36195, enable threat actors to perform remote unauthenticated attacks and manipulate data stored on the affected devices. Researchers from SAM Seamless network disclosed the bugs to the public last Wednesday after notifying QNAP of them and providing a four-month grace period for the company to provide a fix. The researchers declined to make public the full technical details of the vulnerabilities due to the possibility of their causing severe harm to QNAP devices that are currently affected, which number in the tens of thousands.
Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.
Organizations could have their sensitive information compromised through a high-severity vulnerability in Google Cloud, Azure, and Amazon Web Services command line interface tools dubbed "LeakyCLI", The Hacker News reports.
Attacks by the Muddled Libra threat operation — also known as UNC3944, Scattered Spider, Scatter Swine, and Starfraud — have been redirected at cloud service providers and software-as-a-service apps as part of efforts to bolster its data extortion efforts, reports The Hacker News.