The IT Nerd

From the “this is sounding like a broken record” department comes this latest warning from NAS company QNAP. The company apparently has fixed an issue that opened the door to the DeadBolt ransomware that has been plaguing the company for over a year at this point. In the security advisory that was published over the weekend, users need to update to the latest version of QNAP’s Photo Station software to mitigate the threat. Plus the security advisory also has tips to further mitigate the threat that DeadBolt poses. Which amount to not exposing your NAS to the Internet and making sure that all the software on the NAS is up to date.

Now the reason why I started this post with “this is sounding like a broken record” is that I have posted about DeadBolt attacks on QNAP NAS devices here, here, here, here, here, here, here and here. And that was within this calendar year. The only other company that I have heard that has had issues with DeadBolt is ASUS. I am not hearing about this from any other NAS vendor which is only reinforcing my desire to move to another NAS. Because I don’t expose my NAS to the Internet, this isn’t a today problem. But clearly QNAP have some serious security issues that they simply set to be unable to solve. Which means since I take my security very seriously, I should be on some other NAS product unless QNAP give me a very compelling reason to stick with them. And constant disclosures of issues with DeadBolt isn’t a compelling reason to stick with them.

This entry was posted on September 8, 2022 at 12:00 pm and is filed under Commentary with tags QNAP. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.