September 6, 2022
QNAP Patches Zero-day Vulnerability Exploited by Deadbolt Ransomware
QNAP has issued a warning to customers of ongoing “DeadBolt” ransomware attacks that started on Saturday by exploiting a zero-day vulnerability in Photo Station.
- QTS 5.0.1 Photo Station Fixed in 6.1.2 and later.
- QTS 5.0.0/4.5.x Photo Station Fixed in 6.0.22 and later.
- QTS 4.3.6 Photo Station Fixed in 5.7.18 and later.
- QTS 4.3.3 Photo Station Fixed in 5.4.15 and later.
- QTS 4.2.6 Photo Station Fixed in 5.2.14 and later.
CYREBRO recommends updating QNAP NAS devices to the latest firmware version
additionally, it is also recommended to disable port forwarding on routers, prevent NAS devices from being accessible through the Internet, use strong passwords for user accounts, and perform regular backups to avoid data loss.
Alternatively, QNAP recommends replacing Photo Station with QuMagie, a more secure photo storage management tool for QNAP NAS devices.
References: QNAP Advisory