DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
November 20, 2018 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 85 people online.

 

Latest Reviews
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
 

Follow us
RSS
 

NAS devices under attack by Shellshock exploit

Posted on Thursday, October 02 2014 @ 18:17:56 CEST by


UPDATE October 3, 2014: QNAP has issued patches for the Bash vulnerability, you can download them over here.




IT World writes hackers are using the "Shellshock" Bash vulnerability to gain access to QNAP NAS devices in universities in the US, Japan and Korea. All QNAP network-attached storage devices are vulnerable to CVE-2014-6271, one of the six recently discovered security flaws in the GNU Bash. Security firm FireEye writes hackers are targeting NAS devices because these would be desirable targets that can contain sensitive, interesting or valuable information. In related news, it was also discovered earlier this week that OpenVPN servers are vulnerable to Shellshock, under certain configurations. Due to the broad scope of the vulnerability, it's expected that many more attacks will follow.
The attackers were taking advantage of a publicly disclosed security weakness in which the web servers embedded in the devices manufactured by QNAP have administrative privileges by default, researchers for FireEye said Wednesday.

Once attackers compromise the server and get these privileges, they have full control of the device.

"They (QNAP) acknowledged this particular vulnerability on their website," Josh Gomez, security researcher at FireEye, said.

Knowing the vulnerability existed; the attackers scanned the devices for Shellshock and downloaded malware using autostart script provided by the manufacturer, James Bennett, threat researcher for FireEye, said. The script is used to have programs start automatically.




 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2018 DM Media Group bvba