• For Enquiry
  • 847-868-9253
  • 847-868-9208
  • Home
  • Why Choose CIO Landing?
    • Our Team
    • Success Stories
    • ‘8 Things’ We Do Better
    • Partners & Certifications
    • Our Services
  • Industry Expertise
    • Manufacturing
    • Medical
    • Education
    • Financial Services
    • Non-Profit
    • Law Firms
  • IT Solutions
    • Co-Managed Service
    • Managed IT Services
    • IT Support
      • On Demand Services
      • Office Moves & Wiring
      • Security
    • Server Management
    • Backup & Disaster Recovery
    • Cloud Services
    • CIO & IT Consulting
    • Cybersecurity Services
    • VoIP
    • Managed Firewall
    • Microsoft 365
      • Microsoft 365 Plans
        • Small Business
        • Enterprise
        • Education
    • Hardware & Software Sales
    • Email & Spam Protection
  • Resources
    • Free Copy Of New Book
    • Blog
    • Newsletter
    • Video Tips
      • Video Tips Archive
    • Free Cloud Report
    • IT Buyers Guide
    • Cybersecurity Crisis Report
    • Network Audit
    • COVID 19 Resources
    • In The NEWS
    • Online Training
  • About Us
    • Our Mission
    • Leadership
    • Teams
    • Referral Program
    • Press Releases
      • CIO Landing: More Than Just an IT
      • Small businesses can have an IT department too
      • CIO Landing, Inc. has joined forces with Banc Certified Merchant Services (BCMS).
    • Affiliations
    • Careers
      • Job Descriptions
    • FAQs
    • Causes We Support
    • Privacy Policy
    • Terms & Conditions
  • Locations
    • Northfield, IL
    • Northbrook, IL
    • Chicago, IL
    • Miami, FL
  • Support
✕
Large Insurance Company Geico Suffers Data Breach
May 14, 2021
End For Skype For Business Is Just Around The Corner
May 17, 2021

Popular NAS Device Vendor Fixes Vulnerability Recommends Update

May 15, 2021

QNAP recently addressed a critical security vulnerability you need to be aware of.

Previous to the fix, the company had included hard-coded credentials to serve as a backdoor to the device.

Unfortunately, hackers became aware of this and began abusing those credentials. That resulted in a number of confirmed instances where hackers gained access to the device via the backdoor, then installed ransomware and encrypted all of the files on the device.

The issue is being tracked as CVE-2021-28799, and at this point, has already been resolved.

All you need to do is to download and install the latest version of the software your device uses, which will be one of the following:

  • QTS 4.5.2: HBS 3 Hybrid Backup Sync 16.0.0415 and later
  • QTS 4.3.6: HBS 3 Hybrid Backup Sync 3.0.210412 and later
  • QuTS hero h4.5.1: HBS 3 Hybrid Backup Sync 16.0.0419 and later
  • QuTScloud c4.5.1~c4.5.4: HBS 3 Hybrid Backup Sync 16.0.0419 and later

To update HBS on your NAS device, simply log into QuTS Hero or QTS as an administrator and do a search for the phrase “HBS 3 Hybrid Backup Sync” in the App Center. Once you’ve found that, click “Update” and “Ok” to start the process. Note that if your software is already up to date, then the “Update” button will be greyed out.

This is not the first time that QNAP devices have been targeted by hackers. Given the sensitive data they invariably contain, they’re almost the perfect target for ransomware attacks. Recently, the company issued guidance relating to how to check your device for the presence of malware, and these steps are well worth following at periodic intervals:

  • Change all passwords for all accounts on the device
  • Remove unknown user accounts from the device
  • Make sure the device firmware is up-to-date, and all of the applications are also updated
  • Remove unknown or unused applications from the device
  • Install QNAP MalwareRemover application via the App Center functionality
  • Set an access control list for the device (Control panel -> Security -> Security level)

Make sure you’re up to date as soon as possible. This security patch should be given highest priority.

Share
47
taylor
taylor

Related posts

March 10, 2025

The Hidden Threat: How Gift Card Scams Are Targeting Businesses Like Yours

Read more
February 11, 2025

CIO Landing Named to CRN’s MSP 500 List for 2025—For the Third Year in a Row!

Read more
December 4, 2024

Unlocking the Power of Windows 11: Tips for Maximum Productivity

Read more
© 2025 All Rights Reserved | Powered by CIO Landing