QNAP Zero-Days Leave 80K Devices Vulnerable to Cyberattack

Multiple QNAP operating systems are affected, including QTS, QuTS hero, QuTScloud, and QVP Pro appliances, and some don't yet have patches available. [TechWeb]( Follow Dark Reading: [RSS]( April 06, 2023 LATEST SECURITY NEWS & COMMENTARY [QNAP Zero-Days Leave 80K Devices Vulnerable to Cyberattack]( Multiple QNAP operating systems are affected, including QTS, QuTS hero, QuTScloud, and QVP Pro appliances, and some don't yet have patches available. [FBI Seizes Genesis Cybercriminal Marketplace in 'Operation Cookie Monster']( The homepage of a widely used Dark Web forum for stolen cookies and other compromised data has been replaced by a seizure notice by the US federal law enforcement agency. [The Pope's Security Gets a Boost With Vatican's MDM Move]( Faced with enterprise challenges, the Holy See looks to ensure it avoids a "holey" mobile device management solution. [Mysterious 'Rorschach' Ransomware Doubles Known Encryption Speeds]( The malware is one of the most sophisticated ransomwares ever seen in the wild, and marks a leap ahead for cybercrime. [3CX Breach Widens as Cyberattackers Drop Second-Stage Backdoor]( "Gopuram" is a backdoor that North Korea's Lazarus Group has used in some campaigns dating back to 2020, some researchers say. [Microsoft Patches 'Dangerous' RCE Flaw in Azure Cloud Service]( The vulnerability would have allowed an unauthenticated attacker to execute code on a container hosted on one of the platform's nodes. [Vulkan Playbook Leak Exposes Russia's Plans for Worldwide Cyberwar]( Russian intelligence services, together with a Moscow-based IT company, are planning worldwide hacking operations that will also enable attacks on critical infrastructure facilities. [Patch Now: Cybercriminals Set Sights on Critical IBM File Transfer Bug]( A vulnerability with a 9.8 CVSS rating in IBM's widely deployed Aspera Faspex offering is being actively exploited to compromise enterprises. [Data Breach Strikes Western Digital]( The company behind digital storage brand SanDisk says its systems were compromised on March 26. [US Space Force Requests $700M for Cybersecurity Blast Off]( Russia's invasion of Ukraine spurs Space Force to seek astronomical investments in cybersecurity. [Stop Blaming the End User for Security Risk]( Don't count on securing end users for system security. Instead, focus on better securing the systems — make them closed by default and build with a security-first approach. [4 Steps for Shifting Left & Winning the Cybersecurity Battle]( If companies prioritize communications and make the DevOps process more transparent, team members will better know what vulnerabilities to look for. [Using Observability to Power a Smarter Cybersecurity Strategy]( With an infrastructure for observability, security teams can make better decisions about access and identity-based threats. [How Strategic Investors Can Help Cybersecurity Startups]( Cybersecurity startups face pressure during this economic uncertainty, but strategic investors can help them succeed in providing tech that defends against cyberattacks. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [3 Fronts in the Battle for Digital Identity]( As both digital protection strategies and digital attacks become more sophisticated, organizations that know the terrain have a better chance of navigating it. [What RASP Should Have Been]( When runtime application self-protection is held to a higher standard, it can secure thousands of applications and prevent burnout in security teams. [What CISOs Can Do to Build Trust & Fight Fraud in the Metaverse]( Until a degree of confidence is established, a platform's credibility can be eroded by scammers and unsuspecting gamers who fall victim to their attacks. [MORE]( EDITORS' CHOICE [Researcher Tricks ChatGPT Into Building Undetectable Steganography Malware]( Using only ChatGPT prompts, a Forcepoint researcher convinced the AI to create malware for finding and exfiltrating specific documents, despite its directive to refuse malicious requests. LATEST FROM THE EDGE [Organizations Consider Self-Insurance to Manage Risk]( Risk reassessment is shaking up the cybersecurity insurance market, leading some organizations to consider their options, including self-insurance. LATEST FROM DR TECHNOLOGY [Adaptive Access Technologies Gaining Traction for Security, Agility]( With companies pushing to adopt zero-trust frameworks, adaptive authentication and access — once languishing — looks finally ready to move out of the doldrums. WEBINARS - [How to Launch a Threat Hunting Program]( Security teams need to be more proactive about finding threats before they can cause too much damage. How do these enterprises build threat hunting programs? What stakeholders needs to be involved? What skills are necessary for the threat hunting team? ... - [Managing Identity in the Cloud]( Shifting identity management and provisioning to the cloud helps streamline these operations. It also brings a new set of challenges, including integrating and managing user identities, privileges, and other attributes used in various on-premise and cloud systems, especially if your ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Enable and Protect Your Remote Workforce]( - [Evaluator's Guide for Managed Detection and Response (MDR) Services]( - [The Relationship Between Security Maturity and Business Enablement]( - [Causes and Consequences of IT and OT Convergence]( - [Top Three Considerations To Build, Deploy, and Run Your Application Journey]( - [Cloud Journey Consideration Stage: 2022 Cloud Security Report]( - [Cloud Incident Response Datasheet]( [View More White Papers >>]( FEATURED REPORTS - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Noname Security Announces Hardened API Security Platform]( [Cybereason Secures $100M in Funding Led by SoftBank Corp.]( [Industrial Defender Launches Phoenix: OT Visibility & Security Solution for Small to Midsized Operations]( [F5 Safeguards Digital Services With New AI-Powered App and API Security Capabilities]( [Mimecast Report Reveals Nearly 60% of Companies in UAE and Saudi Arabia Need to Increase Cybersecurity Spending]( [CardinalOps Launches MITRE ATT&CK Security Layers for Measuring Detection Posture]( [Akamai Launches Managed Security Service Updates and New Premium Offering]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The 10 Most Impactful Types of Vulnerabilities for Enterprises Today]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)