Tag Archive for: Infinite

QNAP Warns of OpenSSL Infinite Loop Vulnerability Affecting NAS Devices


OpenSSL Infinite Loop Vulnerability

Taiwanese company QNAP this week revealed that a selected number of its network-attached storage (NAS) appliances are affected by a recently-disclosed bug in the open-source OpenSSL cryptographic library.

“An infinite loop vulnerability in OpenSSL has been reported to affect certain QNAP NAS,” the company said in an advisory published on March 29, 2022. “If exploited, the vulnerability allows attackers to conduct denial-of-service attacks.”

Tracked as CVE-2022-0778 (CVSS score: 7.5), the issue relates to a bug that arises when parsing security certificates to trigger a denial-of-service condition and remotely crash unpatched devices.

CyberSecurity

QNAP, which is currently investigating its line-up, said it affects the following operating system versions –

  • QTS 5.0.x and later
  • QTS 4.5.4 and later
  • QTS 4.3.6 and later
  • QTS 4.3.4 and later
  • QTS 4.3.3 and later
  • QTS 4.2.6 and later
  • QuTS hero h5.0.x and later
  • QuTS hero h4.5.4 and later, and
  • QuTScloud c5.0.x
CyberSecurity

To date, there is no evidence that the vulnerability has been exploited in the wild. Although Italy’s Computer Security Incident Response Team (CSIRT) released an advisory to the contrary on March 16, the agency clarified to The Hacker News that it has “updated the alert with an errata corrige.”

The advisory comes a week after QNAP released security updates for QuTS hero (version h5.0.0.1949 build 20220215 and later) to address the “Dirty Pipe” local privilege escalation flaw impacting its devices. Patches for QTS and QuTScloud operating systems are expected to be released soon.


() () recently rebranded as IGI Cybersecurity, President and COO Andrew Hoyen tells Proactive the Pittsford, New York-based group is working to help its clients fight ‘cyber warfare.’

Hoyen says the group has seen incident response increase amongst its clients.

It leverages its product Nodeware to identify gaps in environments to identify vulnerabilities to be better prepared if something does happen.

Add related topics to MyProactive

Create your account: sign up and get ahead on news and events

NO INVESTMENT ADVICE

The Company is a publisher. You understand and agree that no content published on the Site constitutes a recommendation that any particular security, portfolio of securities, transaction, or investment strategy is…

In exchange for publishing services rendered by the Company on behalf of named herein, including the promotion by the Company of in any Content on the Site, the Company receives from said issuer annual cash…

FOR OUR FULL DISCLAIMER CLICK HERE

Source…

Steer Clear of iOS 8’s Infinite Loop – TechNewsWorld


TechNewsWorld

Steer Clear of iOS 8's Infinite Loop
TechNewsWorld
Attackers could automatically recruit any iOS device in range into what essentially would be a mobile botnet that could launch denial of service attacks on target iOS devices. The possibility of such an attack is real, according to Simone Margaritelli

and more »

android botnet – read more

Infinitec Infinite USB Memory Drive review (Sean Hollister/Engadget)

Sean Hollister / Engadget:
Infinitec Infinite USB Memory Drive review  —  The idea behind Infinitec’s Infinite USB Memory Drive is actually quite straightforward, but we’ve found that when we tell friends and acquaintances about the unit, it often boggles their minds.  So, we’ll try to keep it real simple …

Read more