Category: Qnap

Everything you need to know to create a Vulnerability Assessment Report

You’ve been asked for a Vulnerability Assessment Report for your organisation and for some of you reading this article, your first thought is likely to be “What is that?”

Worry not. This article will answer that very question as well as why you need a Vulnerability Assessment Report and where you can get one from.

As it’s likely the request for such a report came from an important source such as the Board, a partner, a client or an auditor, there isn’t a moment to waste. So let’s drive straight in.

What is a Vulnerability Assessment Report and why do you need one?

A Vulnerability Assessment Report is simply a document that illustrates how you are managing your organisation’s vulnerabilities. It’s important because, with tens of thousands of new technology flaws being discovered every year, you need to be able to prove that your organisation does its best to avoid attack if you want to be trusted by partners and customers.

A best security practice recommended by governments across the world, a vulnerability assessment is an automated review process that provides insights into your current security state. The vulnerability assessment report is the outcome of this review. Used as a roadmap to a better state of security preparedness, it lays out the unique risks your organisation is up against due to the technology you use, and reveals how best to overcome them with minimal disruption to your core business strategy and operations.

The help it provides is clear but why do you need one? As mentioned above, it’s likely you were asked for a Vulnerability Assessment Report by the Board, a partner, a client or an auditor as each of these groups needs reassurance that you’re on top of any weaknesses in your infrastructure. Here’s why:

— Customers need to trust you

Weaknesses in your IT systems could affect your customers’ operations. With supply chain attacks on the rise, a vulnerability in a single company could leave the whole range of organizations paralysed, as demonstrated by the infamous SolarWinds hack last year.

It doesn’t matter how small your business is; if your customers will be entrusting you with any of their data, they may wish for a Vulnerability Assessment Report first to confirm that your IT security practices are tiptop.

— The Board wants a better understanding of the business’ risk

Cyber security is a growing concern across many businesses, so chances are your board members want to take a better grip of their risk, before the lack of insights into vulnerabilities is turned into a much more serious business problem. With ransomware attacks regularly making headlines, having proper vulnerability management in place and presenting an “all clear” report, can give your business heads that needed peace of mind.

— Your auditors are checking for compliance

Many of the regulatory or compliance frameworks related to security and privacy, like SOC2, HIPAA, GDPR, ISO 27001, and PCI DSS, advise or outright require regular compliance scans and reporting, so if the request for a vulnerability assessment report was made by your auditor, it is likely to be for compliance purposes.

— Your CFO is renewing your cyber insurance

It could be the case that your insurance provider is seeking a vulnerability assessment report as part of the underwriting process. If you don’t want to run the risk of being denied your insurance payment or wouldn’t like to see your premiums rise, then you could benefit from supplying these reports regularly.

How often do you need to produce a vulnerability assessment report?

Regularly. Think of it like vulnerability scanning: For maximum efficacy, you need to conduct regular, if not constant, comprehensive evaluations of your entire technology stack, otherwise you could miss something that could bring your business to a costly halt.

Cybercriminals do not stop searching until they find something they can take advantage of. You need to scan your systems continuously and have up to date reporting to reflect your vigilance as and when it’s needed.

Modern vulnerability scanning solutions, like Intruder, will give you a cyber hygiene score which enables you to track the progress of your vulnerability management efforts over time, proving that your security issues are being continuously resolved in good time.‍

A vulnerability assessment report from Intruder, to provide evidence to your customers or regulators that a vulnerability scanning process is in place.

What should be included in a vulnerability assessment report?

Unfortunately, there isn’t a one size fits all report. While the contents are generally the number of vulnerabilities detected in your systems at a point in time, your different stakeholders will require varying levels of detail. Even for compliance purposes, vulnerability assessment reporting requirements can differ.

As a good rule of thumb, we recommend building an Executive Report containing graph views and composite cyber hygiene scores for the Board and C-Suite that clue them in on where they stand at any given moment. And for your IT team, their report needs greater detail such as how to apply the correct solutions to existing problems and sidestep subsequent mistakes.

Where can you get a Vulnerability Assessment Report from?

Ensuring your Vulnerability Assessment Reports contain all the elements and information your stakeholders require can take a lot of work and expertise; which can distract your security teams from other activities that will keep your organisation secure. That is why it’s recommended to choose an external provider to produce your reports.

Before you start comparing individual vendors, make sure you have a solid understanding of your technical environment and of the specific outcomes that the vulnerability assessment should present. This is because vulnerability assessment tools are not built the same; they check for different types of weaknesses, so you need to choose the solution that best suits your requirements. Consider the features and checks you’ll require, as well as the industry standards you need to follow and your budget.

Two key elements to consider relate to reporting: firstly, how flexible the assessment provider will be with how much detail is presented (particularly if you need to present data to different audiences); and secondly, how clearly the results are communicated. Scanning results can be overwhelming but the right vendor will demystify complex security data to grant you a clear, jargon-free understanding of the risks you face.

At Intruder, reports are designed to be well-understood, whilst also maintaining all the technical detail required by IT managers and DevOps teams. Whether you’re a massive enterprise or a fledgling startup, you can generate rapid reports, create compliance paper trails, stay secure, and communicate with employees and potential investors. Intruder offers a free trial of its software, which you can activate here. Get vulnerability assessment reporting in place now.

Source :
https://thehackernews.com/2022/04/everything-you-need-to-know-to-create.html

Are bigger SSD’s faster?

It’s possible you’ve read somewhere or someone gave you the following advice: a bigger SSD is faster. That is correct. If you take a specific SSD drive model and compare its 250 GB size variant to the 1 TB variant, the bigger one will be faster.

Again, I can’t stress this enough: we’re talking about the same model from the same manufacturer – only the size differs.

In this whole idea, we’re talking about comparing something like the Kingston A400 240 GB model to the Kingston A400 960 GB model. In this example, even the manufacturer stats about 100 MB/s faster write performance.

Ok, but why is a bigger SSD faster?

To put it simply, a bigger SSD has more NAND chips ranks and more channels that they can use in parallel. This leads to faster data transfer. This is a lame simplified explanation.

This of course, varies from manufacturer to manufacturer and that is because there are different controllers out there, different things a manufacturer can do in the SSD’s firmware and so on. But usually, you’ll see a measurable difference between the low capacity drives and the higher capacity ones.

Consider the DRAM Cache

The way an SSD uses its cache is by placing data in this lower-latency area, called the cache, so future requests for that data can occur much faster. These caches are usually of two types: DRAM Cache or SLC Cache.

Fast SSDs, usually have a DRAM cache. The controller of the SSD actually has this dynamic random-access memory (DRAM). Do not confuse this with the SLC cache.

Why would you care? Well, bigger SSDs have a bigger DRAM cache. Just check Samsung’s datasheet for the 870 EVO – on page 3 you’ll see the 1TB, 2TB, and 4TB have bigger and bigger DRAM caches than the 250/500GB drives.

that is the DRAM cache. Its an additional chip!

DRAM Cache and SLC Cache are completely different animals. Yes they both do the ‘cache’ action. They both have the purpose of accelerating the drive’s speed, but the cost and logic are different.

A DRAM cache is basically a separate chip in the PCB of your SSD. This DRAM chip is responsible for the work in your SSD, just as your system RAM is responsible for the operation of your PC. It temporarily stores data for the purpose of accelerating processing.

And because of the temporary storage function of the DRAM cache, many read and write processes can directly use the data in this cache – and it is a lot faster than starting from the beginning.

When we’re talking about the SLC cache, it is not a separate chip. Because it is called a cache and it is not really a true SLC NAND Flash chip, but a part of the space in the TLC or QLC’s NAND Flash IC, it simulates the SLC writing method. It simulates it as in it writes only 1 bit of data in each cell. This does improve the read/write performance of the SSD. But not as long or as much as a DRAM cache.

But! For an SSD without a DRAM cache, just a SLC Cache, the speeds will drop dramatically after that cache is exhausted from sequential writes – thye drop to the original value of the TLC NAND Flash. For these types of SSDs, without a DRAM cache, usually the indicated read/write speed in the tech specs are measured using the SLC Cache. (the test does not get to saturate the SLC cache and the average speed is higher. But if it were to be really tested, we’d see lower numbers once the SLC Cache can’t keep up)

The bottom line is: a drive without a DRAM Cache will not be able to sustain those advertised speeds for long.

Plus, a bigger DRAM Cache means you can abuse that drive more. By abusing, I mean giving it heavy workloads like a lot of writes/reads at once.

My 2cents? Never buy a DRAM-less SSD. SSDs that have a DRAM cache are so cheap nowadays it does not make sense to trade off the performance. Heck, I’ve seen DRAM-less SSDs a couple of bucks more expensive than the ones with a DRAM cache. I don’t know why.

How to tell if that SSD has a DRAM cache?

Just look up the datasheet on the manufacturer’s website. PCpartpicker also sometimes lists this specification in the Cache column.

If I’m in a hurry, if the manufacturer does not say anything about the DRAM cache, I will assume it has none. If I really want to know, just Google some review of that model.

TBW – total bytes written

A specification where bigger drives win again, as they allow for more writes before failure.

To be fair, a normal gamer/user will probably never saturate this even if we’re talking about a small drive. It takes a lot of work to actually write so much data and usually… you’ll probably want to upgrade to a bigger or faster drive before your old SSD will fial.

Nonetheless, it is worth mentioning that the TBW figure is also bigger in a bigger SSD.

Always try to buy bigger and with DRAM Cache

Enough said. Spending a little more for a bigger drive with a DRAM cache is always worth it. Always!

Examples of popular SSDs that do have a DRAM cache:

  • Samsung 870 EVO, 860 EVO, 850 EVO, 860 PRO, 980 PRO, 960 PRO, 970 EVO drives
  • Crucial MX500 drives
  • Gigabyte Aorus Gen4 7000s
  • Patriot Ignite 960 GB
  • Kingston A2000 M.2

Do note that the list above is not complete. I’m sure I’ve missed some. Those are just some popular drives that I can actually recommend if you are looking for suggestions on what to buy – and always strive to get the biggest capacity you can afford!

Final thoughts

If there is something to remember from this whole article is this: buy as big as your budget allows you and always buy an SSD that has a DRAM Cache. These two ideas will guarantee that you’ll not be disappointed with your new SSD.

Source :
https://techie-show.com/bigger-ssd-faster/

CMR vs SMR drives – what to pick? How to tell?

Buying a hard disk used to be quite easy. Now we have stuff like CMR vs SMR drives, manufacturers not being completely clear in their product showcase pages, and so on.

TLDR: To keep things short, you should strive to buy a CMR drive because SMR drives, while they work just fine, are usually slower in every typical individual test carried by a lot of people out there. SMR drives are slower as their method of writing data aims for storage density, and one of the drawbacks of this goal is speed.

And before we continue, yes, even if manufacturers have developed firwmare that optimize the read and write performance for SMR drives, they are still not that great as a CMR drive.

Tip: some great benchmarks for hard disk drives are: Crystal Disk Mark, ATTO Disk Benchmark, HD Tune, and even PCMark has some storage benchmarks.

CMR or PMR drives – how they work

CMR comes from Conventional Magnetic Recording. It is also known as PMR that comes from Perpendicular Magnetic Recording.

The way CMR works is by aligning the poles of the magnetic elements, which represent bits of data perpendicularly to the surface of the disk. The magnetic tracks are written side-by-side without overlapping.

a great image explanation from Synology for CMR / PMR drives

And because the write head is usually quite large in comparison to the read head, HDD manufacturers aim to shrinking the size of the write head – or do it as much as possible.

SMR – how do these drives work?

Shingled Magnetic Recording, or SMR, is an extension to PMR. It basically offers improved density. And this happens because rather than writing each magnetic track without overlapping, SMR overlaps each new track with part of the previous track. One way to think about it is by comparing it to the shingles on a roof.

a great image explanation from Synology for SMR drives

By overalapping the tracks, write heads become a lot thinner, and we get a bigger areal density.

CMR vs SMR drives – why does it actually matter?

In short, because you want the best performance for your dollar.

But to get a little bit more technical, regardless of whether an HDD uses CMR or SMR when some new data is written on the drive, the tracks are fully readable without performance impact.

So we have a pretty good read speed, right? No matter what we choose? Right? Kind of. Not really. Well, it depends on how you use the drive.

But! On an SMR drive, when any data is edited or overwritten, the write head will not overwrite data on the existing magnetic track. It will write the new data on an empty area of the disk. While the original track with the old data will temporarily sit put. Then, when the SMR HDD becomes idle, it will enter a ‘reorganization mode’, where the old bits of data on the original track are being erased and made available for future use.

This reorganization procedure must occur and makes idle time essential on an SMR drive. If you hit the respective SMR drive hard with write and read operations, it won’t get to do this in a fast way, and the drive will have to write new data and reorganize stuff at the same time. This causes an impact on the overall read and write performance of the drive.

How can I tell if the HDD I want to buy is SMR or CMR?

Some manufacturers make it easy, some not so much. But basically, searching with something like ‘product code SMR or CMR’ on Google will lead you to a good result most of the time.

Now, Western Digital, on their homepage in the shop section, actually lists CMR or SMR for their drives in the ‘Full Specifications’ area, at the Recording Technology specification. Neat!

For Seagate, however, you have to go to the product page, and download the PDF datasheet. Oh well, I guess it works.

Here’s a breakdown of what is what usually, at least for the common models. Please, search online or on the manufacturer’s website in case the below data becomes outdated. It was last looked up in 29.01.2022, on the manufacturers’ websites, just so you know.

ManufacturerModelCapacityRecording technology
SeagateIron Wolf Pro*1AnyCMR
SeagateIron Wolf*2AnyCMR
SeagateBarracuda Compute*3AnySMR
Western DigitalPurple*4AnyCMR
Western DigitalRed Plus*5AnyCMR
Western DigitalRed – WD20EFAX2 TBSMR
Western DigitalRed – WD30EFAX3 TBSMR
Western DigitalRed – WD40EFAX4 TBSMR
Western DigitalRed – WD60EFAX6 TBSMR

*1 = ST4000NE001, ST6000NE000, ST8000NE001, ST10000NE000, ST10000NE0008, ST12000NE0008, ST14000NE0008, ST16000NE000, ST18000NE000, ST20000NE000

*2 = ST1000VN002, ST2000VN004, ST3000VN007, ST3000VN006, ST4000VN008, ST4000VN006, ST6000VN001, ST8000VN004, ST10000VN000, ST10000VN0008, ST12000VN0008

*3 = ST500LM030, ST500LM034, ST1000LM048, ST1000LM049, ST2000LM015, ST3000LM024, ST4000LM024, ST5000LM000

*4 = WD10PURZ, WD20PURZ, WD22PURZ, WD30PURZ, WD40PURZ, WD42PURZ, WD60PURZ, WD62PURZ, WD63PURZ, WD84PURZ, WD102PURZ, WD121PURZ, WD140PURZ

*5 = WD10EFRX, WD20EFZX, WD30EFZX, WD40EFZX, WD60EFZX, WD80EFBX, WD80EFZX, WD101EFBX, WD120EFBX, WD140EFGX

When does buying a SMR drive make sense?

My opinion is that never.

But if you get an amazing price, and you know that hard drive will not get a lot of writes, edits, and deletions… well, it might make sense since the actual heavy usage of erasing,editing and writing data is causing the ‘slowness’. Like if you were to just fill it up with movies and that’s it. Those movies will not get edited, deleted or anything – they will just be read when you watch them. I guess – thinking about selfhosting something like Plex or Nextcloud… or a DIY NAS. I’d still opt for a CMR drive – what kind of discount are we talking about, to be fair? 10% is not worth it in my opinion.

Closing thoughts

Basically, aim for a CMR drive. And if you are new to the whole computer parts upgrade or stuff… don’t stress if you are buying a NAS drive for your desktop PC. It does not matter, it will work the same – maybe even last longer!

Hard disk buying is now as tedious as buying another component, I guess – one more thing to look for besides the usual specifications. I do hope that testing, developing, and working with diverse methods and technologies of storing data will eventually lead to manufacturers developing more performant and higher density hard disks. Just imagine a 100 TB HDD! That would be insane.

I hope this article helped you figure out what you need – an SMR or a CMR drive and why it matters.

Source :
https://techie-show.com/cmr-vs-smr-drives/

QNAP Warns of OpenSSL Infinite Loop Vulnerability Affecting NAS Devices

Taiwanese company QNAP this week revealed that a selected number of its network-attached storage (NAS) appliances are affected by a recently-disclosed bug in the open-source OpenSSL cryptographic library.

“An infinite loop vulnerability in OpenSSL has been reported to affect certain QNAP NAS,” the company said in an advisory published on March 29, 2022. “If exploited, the vulnerability allows attackers to conduct denial-of-service attacks.”

Tracked as CVE-2022-0778 (CVSS score: 7.5), the issue relates to a bug that arises when parsing security certificates to trigger a denial-of-service condition and remotely crash unpatched devices.

QNAP, which is currently investigating its line-up, said it affects the following operating system versions –

  • QTS 5.0.x and later
  • QTS 4.5.4 and later
  • QTS 4.3.6 and later
  • QTS 4.3.4 and later
  • QTS 4.3.3 and later
  • QTS 4.2.6 and later
  • QuTS hero h5.0.x and later
  • QuTS hero h4.5.4 and later, and
  • QuTScloud c5.0.x

To date, there is no evidence that the vulnerability has been exploited in the wild. Although Italy’s Computer Security Incident Response Team (CSIRT) released an advisory to the contrary on March 16, the agency clarified to The Hacker News that it has “updated the alert with an errata corrige.”

The advisory comes a week after QNAP released security updates for QuTS hero (version h5.0.0.1949 build 20220215 and later) to address the “Dirty Pipe” local privilege escalation flaw impacting its devices. Patches for QTS and QuTScloud operating systems are expected to be released soon.

Source :
https://thehackernews.com/2022/03/qnap-warns-of-openssl-infinite-loop.html

Potential Legacy Risk from Malware Targeting QNAP NAS Devices

Summary

This is a joint alert from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC).

CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP.  

All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes. The malware, documented in open-source reports, has infected thousands of devices worldwide with a particularly high number of infections in North America and Europe. Further, once a device has been infected, attackers can prevent administrators from successfully running firmware updates.

This alert summarizes the findings of CISA and NCSC analysis and provides mitigation advice.

Click here for a PDF version of this report from NCSC.

For a downloadable copy of IOCs, see STIX file.

Technical Details

Campaigns  

CISA and NCSC have identified two campaigns of activity for QSnatch malware. The first campaign likely began in early 2014 and continued until mid-2017, while the second started in late 2018 and was still active in late 2019. The two campaigns are distinguished by the initial payload used as well as some differences in capabilities. This alert focuses on the second campaign as it is the most recent threat.  

It is important to note that infrastructure used by the malicious cyber actors in both campaigns is not currently active, but the threat remains to unpatched devices.  

Although the identities and objectives of the malicious cyber actors using QSnatch are currently unknown, the malware is relatively sophisticated, and the cyber actors demonstrate an awareness of operational security.

Global distribution of infections  

Analysis shows a significant number of infected devices. In mid-June 2020, there were approximately 62,000 infected devices worldwide; of these, approximately 7,600 were in the United States and 3,900 were in the United Kingdom. Figure 1 below shows the location of these devices in broad geographic terms.

Figure 1: Locations of QNAP NAS devices infected by QSnatch

Delivery and exploitation

The infection vector has not been identified, but QSnatch appears to be injected into the device firmware during the infection stage, with the malicious code subsequently run within the device, compromising it. The attacker then uses a domain generation algorithm (DGA)—to establish a command and control (C2) channel that periodically generates multiple domain names for use in C2 communications—using the following HTTP GET request:

HTTP GET https://[generated-address]/qnap_firmware.xml?=t[timestamp][1]

Malware functionalities  

Analysis shows that QSnatch malware contains multiple functionalities, such as:  

  1. CGI password logger  
    • This installs a fake version of the device admin login page, logging successful authentications and passing them to the legitimate login page.
  2. Credential scraper
  3. SSH backdoor  
    • This allows the cyber actor to execute arbitrary code on a device.
  4. Exfiltration
    • When run, QSnatch steals a predetermined list of files, which includes system configurations and log files. These are encrypted with the actor’s public key and sent to their infrastructure over HTTPS.
  5. Webshell functionality for remote access

Persistence

The malware appears to gain persistence by preventing updates from installing on the infected QNAP device. The attacker modifies the system host’s file, redirecting core domain names used by the NAS to local out-of-date versions so updates can never be installed.  

Samples

The following tables provide hashes of related QSnatch samples found in open-source malware repositories. File types fall into two buckets: (1) shell scripts (see table 1) and (2) shell script compiler (SHC)-compiled executable and linking format (ELF) shell scripts (see table 2). One notable point is that some samples intentionally patch the infected QNAP for Samba remote code execution vulnerability CVE-2017-7494.  

Table 1: QSnatch samples – shell scripts

SH Samples (SHA256)
09ab3031796bea1b8b79fcfd2b86dac8f38b1f95f0fce6bd2590361f6dcd6764
3c38e7bb004b000bd90ad94446437096f46140292a138bfc9f7e44dc136bac8d
8fd16e639f99cdaa7a2b730fc9af34a203c41fb353eaa250a536a09caf78253b
473c5df2617cee5a1f73880c2d66ad9668eeb2e6c0c86a2e9e33757976391d1a
55b5671876f463f2f75db423b188a1d478a466c5e68e6f9d4f340396f6558b9f
9526ccdeb9bf7cfd9b34d290bdb49ab6a6acefc17bff0e85d9ebb46cca8b9dc2
4b514278a3ad03f5efb9488f41585458c7d42d0028e48f6e45c944047f3a15e9
fa3c2f8e3309ee67e7684abc6602eea0d1d18d5d799a266209ce594947269346
18a4f2e7847a2c4e3c9a949cc610044bde319184ef1f4d23a8053e5087ab641b
9791c5f567838f1705bd46e880e38e21e9f3400c353c2bf55a9fa9f130f3f077
a569332b52d484f40b910f2f0763b13c085c7d93dcdc7fea0aeb3a3e3366ba5d
a9364f3faffa71acb51b7035738cbd5e7438721b9d2be120e46b5fd3b23c6c18
62426146b8fcaeaf6abb24d42543c6374b5f51e06c32206ccb9042350b832ea8
5cb5dce0a1e03fc4d3ffc831e4a356bce80e928423b374fc80ee997e7c62d3f8
5130282cdb4e371b5b9257e6c992fb7c11243b2511a6d4185eafc0faa0e0a3a6
15892206207fdef1a60af17684ea18bcaa5434a1c7bdca55f460bb69abec0bdc
3cb052a7da6cda9609c32b5bafa11b76c2bb0f74b61277fecf464d3c0baeac0e
13f3ea4783a6c8d5ec0b0d342dcdd0de668694b9c1b533ce640ae4571fdbf63c

Table 2: QSnatch samples – SHC-compiled ELF shell scripts

SH Samples (SHA256)
18a4f2e7847a2c4e3c9a949cc610044bde319184ef1f4d23a8053e5087ab641b
3615f0019e9a64a78ccb57faa99380db0b36146ec62df768361bca2d9a5c27f2
845759bb54b992a6abcbca4af9662e94794b8d7c87063387b05034ce779f7d52
6e0f793025537edf285c5749b3fcd83a689db0f1c697abe70561399938380f89

Mitigations

As stated above, once a device has been infected, attackers have been known to make it impossible for administrators to successfully run the needed firmware updates. This makes it extremely important for organizations to ensure their devices have not been previously compromised. Organizations that are still running a vulnerable version should take the following steps to ensure the device is not left vulnerable:

  1. Scan the device with the latest version of Malware Remover, available in QNAP App Center, to detect and remove QSnatch or other malware.
  2. Run a full factory reset on the device.
  3. Update the firmware to the latest version.

The usual checks to ensure that the latest updates are installed still apply. To prevent reinfection, this recommendation also applies to devices previously infected with QSnatch but from which the malware has been removed.

To prevent QSnatch malware infections, CISA and NCSC strongly recommend that organizations take the recommended measures in QNAP’s November 2019 advisory.[2]

CISA and NCSC also recommend organizations consider the following mitigations:  

  1. Verify that you purchased QNAP devices from reputable sources.  
    • If sources are in question then, in accordance with the instructions above, scan the device with the latest version of the Malware Remover and run a full factory reset on the device prior to completing the firmware upgrade. For additional supply chain recommendations, see CISA’s tip on Securing Network Infrastructure Devices.
  2. Block external connections when the device is intended to be used strictly for internal storage.

References

[1] QSnatch – Malware designed for QNAP NAS devices[2] QNAP: Security Advisory for Malware QSnatch

Revisions

July 27, 2020: Initial VersionAugust 4, 2020: Updated Mitigations sectionAugust 6, 2020: Updated Mitigations section

Alert (AA20-209A)

Source :
https://us-cert.cisa.gov/ncas/alerts/aa20-209a