DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
May 20, 2019 
Main Menu
News archives

Who's Online
There are currently 63 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

NAS devices under attack by Shellshock exploit

Posted on Thursday, October 02 2014 @ 18:17:56 CEST by

UPDATE October 3, 2014: QNAP has issued patches for the Bash vulnerability, you can download them over here.

IT World writes hackers are using the "Shellshock" Bash vulnerability to gain access to QNAP NAS devices in universities in the US, Japan and Korea. All QNAP network-attached storage devices are vulnerable to CVE-2014-6271, one of the six recently discovered security flaws in the GNU Bash. Security firm FireEye writes hackers are targeting NAS devices because these would be desirable targets that can contain sensitive, interesting or valuable information. In related news, it was also discovered earlier this week that OpenVPN servers are vulnerable to Shellshock, under certain configurations. Due to the broad scope of the vulnerability, it's expected that many more attacks will follow.
The attackers were taking advantage of a publicly disclosed security weakness in which the web servers embedded in the devices manufactured by QNAP have administrative privileges by default, researchers for FireEye said Wednesday.

Once attackers compromise the server and get these privileges, they have full control of the device.

"They (QNAP) acknowledged this particular vulnerability on their website," Josh Gomez, security researcher at FireEye, said.

Knowing the vulnerability existed; the attackers scanned the devices for Shellshock and downloaded malware using autostart script provided by the manufacturer, James Bennett, threat researcher for FireEye, said. The script is used to have programs start automatically.



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba