{"id":20030,"date":"2022-09-06T16:10:05","date_gmt":"2022-09-07T00:10:05","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2022\/09\/06\/news-13763\/"},"modified":"2022-09-06T16:10:05","modified_gmt":"2022-09-07T00:10:05","slug":"news-13763","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/09\/06\/news-13763\/","title":{"rendered":"Update now! QNAP warns users DeadBolt is exploiting Photo Station vulnerability"},"content":{"rendered":"<p>QNAP&nbsp;(Quality Network Appliance Provider) has <a href=\"https:\/\/www.qnap.com\/en-us\/security-news\/2022\/take-immediate-action-to-update-photo-station-to-the-latest-available-version\" target=\"_blank\">warned users<\/a>&nbsp;to update Photo Station to the latest available version.<\/p>\n<p>The warning comes&nbsp;after QNAP detected that cybercriminals known as DeadBolt have been exploiting a Photo Station vulnerability in order to encrypt QNAP NAS systems that are directly connected to the internet.<\/p>\n<p>QNAP&nbsp;produces NAS (Network Attached Storage) devices, among other things. QNAP&#8217;s Photo Station is an online photo album that allows users to share photos and videos stored on their NAS with others over the internet. With Photo Station, users can drag and drop photos into virtual albums, which means they don&rsquo;t have to create copies when they are needed in more than one album.<\/p>\n<h2>Deadbolt<\/h2>\n<p>The ransomware group responsible for this attack is generally known as DeadBolt. The name DeadBolt is also used in the file extension of the encrypted files that the group&#8217;s ransomware generates.<\/p>\n<p>QNAP and DeadBolt have history. In January 2022, news broke that a ransomware group was targeting QNAP Network Attached Storage (NAS) devices. As a countermeasure, QNAP pushed out an <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2022\/01\/qnap-update-stops-deadbolt-ransomware-annoys-some-users-starts-debate\">automatic, forced, update<\/a> with firmware containing the latest security updates to protect against the attackers&#8217; DeadBolt ransomware, which annoyed part of&nbsp;its userbase.<\/p>\n<h2>The vulnerability<\/h2>\n<p>Little has been published about the vulnerability, except that the QNAP Product Security Incident Response Team (QNAP PSIRT) made the assessment and released the patched Photo Station app for the current version within 12 hours. All that was made clear is that the ransomware gang is exploiting a Photo Station vulnerability to encrypt QNAP NAS systems that are directly connected to the internet.<\/p>\n<p>The vulnerability has been fixed in the following versions:<\/p>\n<ul>\n<li>QTS 5.0.1: Photo Station 6.1.2 and later<\/li>\n<li>QTS 5.0.0\/4.5.x: Photo Station 6.0.22 and later<\/li>\n<li>QTS 4.3.6: Photo Station 5.7.18 and later<\/li>\n<li>QTS 4.3.3: Photo Station 5.4.15 and later<\/li>\n<li>QTS 4.2.6: Photo Station 5.2.14 and later<\/li>\n<\/ul>\n<h2>How to fix the QNAP Photo Station vulnerability<\/h2>\n<p>Update Photo Station to the latest available version or to switch to <a href=\"https:\/\/www.qnap.com\/en\/software\/qumagie\" target=\"_blank\">QuMagie<\/a>.<\/p>\n<p>Here&#8217;s how to <a href=\"https:\/\/www.qnap.com\/en-uk\/security-advisory\/qsa-22-24\" target=\"_blank\">update Photo Station<\/a>:<\/p>\n<ul>\n<li>Log on to QTS (the QNAP NAS <a href=\"https:\/\/www.malwarebytes.com\/glossary\/operating-system-os\">Operating System<\/a>) as administrator.<\/li>\n<li>Open the App Center and then click the magnifying glass.<\/li>\n<li>A search box will appear. Enter &#8220;Photo Station&#8221;.<\/li>\n<li>Click <strong>Update<\/strong> and then <strong>OK<\/strong>.<\/li>\n<li>The application&nbsp;will be updated.<\/li>\n<\/ul>\n<p><em>Note: The Update button is not available if your version is already up to date.<\/em><\/p>\n<p>Do not connect your NAS directly to the internet. To enhance the security of your NAS, QNAP recommends users use the myQNAPcloud Link feature provided by QNAP, or enable the VPN service. Or you can use another <a href=\"https:\/\/www.malwarebytes.com\/glossary\/vpn\">VPN<\/a> of your choice.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2022\/09\/update-now-qnap-warns-users-about-deadbolt-leveraging-exploitation-of-photo-station-vulnerability\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<table cellpadding='10'>\n<tr>\n<td valign='top' align='left'>\n<p>Categories: <a href='https:\/\/www.malwarebytes.com\/blog\/category\/exploits-and-vulnerabilities' rel='category tag'>Exploits and vulnerabilities<\/a><\/p>\n<p>Categories: <a href='https:\/\/www.malwarebytes.com\/blog\/category\/news' rel='category tag'>News<\/a><\/p>\n<p>Tags: QNAP<\/p>\n<p>Tags:  Photo Station<\/p>\n<p>Tags:  Deadbolt<\/p>\n<p>Tags:  ransomware<\/p>\n<p>Tags:  VPN<\/p>\n<p>QNAP says it&#8217;s detected that DeadBolt is exploiting a Photo Station vulnerability to encrypt QNAP NAS systems directly connected to the internet.<\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/www.malwarebytes.com\/blog\/news\/2022\/09\/update-now-qnap-warns-users-about-deadbolt-leveraging-exploitation-of-photo-station-vulnerability' title='Update now! QNAP warns users DeadBolt is exploiting Photo Station vulnerability'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel='nofollow' href='https:\/\/www.malwarebytes.com\/blog\/news\/2022\/09\/update-now-qnap-warns-users-about-deadbolt-leveraging-exploitation-of-photo-station-vulnerability'>Update now! QNAP warns users DeadBolt is exploiting Photo Station vulnerability<\/a> appeared first on <a rel='nofollow' href='https:\/\/www.malwarebytes.com'>Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[24751,22783,32,27446,18557,3765,10863],"class_list":["post-20030","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-deadbolt","tag-exploits-and-vulnerabilities","tag-news","tag-photo-station","tag-qnap","tag-ransomware","tag-vpn"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20030","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=20030"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20030\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=20030"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=20030"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=20030"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}