Hackers are actively exploiting critical vulnerabilities in 92,000 D-Link network-attached storage devices, which can be remotely taken over by sending malicious commands through simple HTTP traffic. D-Link has no plans to patch the vulnerabilities in end-of-life devices, leaving them unsupported. The vulnerabilities, found in the nas_sharing.cgi programming interface, allow for remote takeover and have severity ratings of 9.8 and 7.3. The best defense is to replace end-of-life hardware or ensure it's running the most recent firmware, and to disable UPnP and remote Internet connections unless necessary and properly configured.
Ugreen has partnered with Intel to introduce the NASync series of network attached storage devices, featuring Intel Core i5 control chips for AI-driven data management. The series includes models for home and business use, offering up to 184TB of storage capacity, DDR5 memory, and various connectivity options. Ugreen is also launching a compact "all-flash" model for creative professionals, with a Kickstarter campaign set to launch in mid-March.
QNAP Systems has issued security advisories for two critical command injection vulnerabilities affecting its QTS operating system and applications on network-attached storage (NAS) devices. The flaws, tracked as CVE-2023-23368 and CVE-2023-23369, allow remote attackers to execute commands via a network. QNAP users are urged to update their systems to the latest versions to mitigate the risk of cyberattacks, as NAS devices are often targeted for data theft and ransomware attacks.
