What are you looking for ?
Mobile Search Icon
Mobile Menu Icon
Infinidat
Articles_top

Asustor: End to Deadbolt Investigation – Increases Commitment to Data Security

Enhancements to solve multiple vulnerabilities that could lead attacker gaining control over ADM to inject unauthorized code

This is a Press Release edited by StorageNewsletter.com on September 26, 2022 at 1:01 pm

In view of the continuing emergence of online threats caused by ransomware, including, but not limited to Deadbolt, Asustor, Inc. is committing to increased measures to fight ransomware and protect data security.

2022 09 Asustor Security

The company has completed its investigation of Deadbolt and has made enhancements to solve multiple vulnerabilities that could lead an attacker gaining control over ADM to inject unauthorized code. It will continue to increase its commitment to data security to protect user data.

Listed below are current security adjustments: 

  • Addition of a removal mechanism to identify ransomware and software displaying unusual behavior 

  • Minimum TLS protocol version for HTTPS connections is now set to TLS 1.2 by default. 

  • UPS cgi security vulnerability that could allow an attacker to gain control over the system was fixed.

  • Addition of warnings to change default ports to reduce security risks when exposing your NAS to Internet.

  • HTTP Content Security Policy (CSP) headers were enabled for increased security.

 The company also makes recommendation to increase security: 

  • It is recommended to enable HTTP Content Security Policy (CSP) headers for increased security

Other recent security updates include:

  • Updated Netatalk to fix AFP security vulnerabilities: CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124, CVE-2022-23125, CVE-2022-0194 

  • Updated OpenSSL to fix security vulnerabilities: CVE-2022-0778, CVE-2022-1292 

  • Fixed potential security issues dealing with source code scanning software to prevent malware attacks.

The company is committed to maintaining security by continuously investigating and patching potential vulnerabilities. While these efforts can go a long way, it recognizes that no software solution is 100% safe, ensuring your backups are at least 3-2-1 compliant can ensure the least amount of risk for your data. The firm regrets inconvenience caused during Deadbolt attacks and will improve its communication on the importance of backups and commitment to security.

Articles_bottom
AIC
ATTO
OPEN-E