FreshRSS

🔒
❌ À propos de FreshRSS
Il y a de nouveaux articles disponibles, cliquez pour rafraîchir la page.
À partir d’avant-hierFlux principal

Microsoft: SolarWinds fixes Serv-U bug exploited for Log4j attacks

19 janvier 2022 à 23:32
SolarWinds has patched a new Serv-U vulnerability discovered by Microsoft that threat actors attempted to use to propagate Log4j attacks to internal LDAP servers. [...]

Les Radeon Software Adrenalin Edition 22.1.2, débarquent, quoi de neuf ?

19 janvier 2022 à 08:59

Les Radeon Software Adrenalin EditionDe nouveaux pilotes graphiques Radeon Software Adrenalin débarquent. Nous avons des optimisations et la prise en charge de nouveaux GPU.

The post Les Radeon Software Adrenalin Edition 22.1.2, débarquent, quoi de neuf ? appeared first on GinjFo.

Terramaster NAS Drives Being Attacked by Ransomware

18 janvier 2022 à 10:13

Terramaster NAS Devices Being Targetted by Ransomware – IMPORTANT

If you are a current Terramaster NAS user, then immediately log into your system and check that your data is in order. In a little over the last week, numerous users have been reporting that their TNAS systems have been hit by ransomware attacks (bearing similarity in structure and protocol to the eCh0raix attacks that were attempted/executed on QNAP and Synology NAS systems in 2020/2021) and a considerable number of users are reporting that the data has now been encrypted, with the usual ranSom note for payment (bitcoin to X wallet etc) left for the user’s attention. Despite any internet-accessible device always having to take into consideration (and preparation) for the possibility of an outside intruder getting in, there are questions being raised about the extent to which this has been the fault of Terramaster to secure their systems, re-enforce security protocol/workflows onto their audience (many of whom purchasing their value series devices with a domestic level of technical knowledge) as well as questions being raised about vulnerabilities in the uPnP (previously raised in April 2021). Here is a breakdown of everything we know so far at the time of writing.

The Terramaster NAS Ransomware Attack – The Story so far and what Terramaster Recommend You Do

On the 11th Jan 2022, Terramaster raised this post on their official forum and news pages here regarding reports of ransomware attacks on TNAS systems. The key points and recommendations for actions from that post were as follows:

Recently, we have received reports that some TNAS devices have been attacked by ransomware. Based on the case study, we preliminarily concluded that this was an external attack targeting TNAS devices. To keep your data safe from attack, please take action immediately!

We suggest you take the following countermeasures:

1. Upgrade your TOS to the latest version;

2. Install good anti-virus software on your computer, TNAS device and router to help you detect and resist malicious threats;

3. Disable port forwarding on your router.

4. Disable the UPnP function on your TNAS.
Image

5. Disable RDP, SSH and Telnet when not in use;
Image
Image

6. Change the default port of FTP.
Image

7. Set a high security level password for all users;

8. Disable the system default admin account, re-create a new admin account, and set an advanced password;
Note: For versions after TOS 4.2.09, you can set the administrator account without using the default admin username when installing the system. If it was upgraded from a version before TOS 4.2.09, you need to reset the system configuration, then you can customize the user name.

9. Enable firewall and only allow trusted IP addresses and ports to access your device;
a. Go to Control Panel > General Settings > Security > Firewall.
b. Create a firewall rule and choose the operation of allow or deny.
c. Fill in the IP range you allow or deny access to.
Image

10. Avoid using default port numbers 5443 for https and 8181 for http;

11. Enable automatic IP block in TOS Control Panel to block IP addresses with too many failed login attempts;
Image

12. Backing up data is the best way to deal with malicious attacks; always back up data, at least one backup to another device. It is strongly recommended to adopt a 3-2-1 backup strategy.

If unfortunately, you have found that your data is infected by ransomware:

1. Disconnect your computer and TNAS device from the Internet immediately;

2. Before restoring data, thoroughly remove the infection in the computer system and TNAS; You need to restore your TNAS to factory settings and completely format all your hard drives.

Now, how did this occur? It seems like details are being circulated regarding a vulnerability that was found online in December. A remarkably comprehensive and detailed breakdown of how this vulnerability into a Terramaster was exploited can be explored here, published in December 2021 – https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/

There has been several criticisms raised against Terramaster and their recommendations that were raised, as well as how loud the brand is being, outside singular forum posts, to raise awareness of this. Criticisms range from not adequately explaining methods of actioning the recommendations (such as how to disable the admin account and how it is not simply a case of an on/off option accessible via a separate account immediately to all) or detailing how these changes will impact system use afterwards. An official Terramaster support team member has responded:

First of all, it is very sad that this happened to all the victims. Terramaster has been working hard to strengthen the security of TNAS devices. Various security tools are integrated in TOS, and we also provide you with various possible countermeasures. However, once your device is exposed to the Internet, there is a risk of being attacked. Because you are dealing with very professional hackers, hackers will do anything to gain profits. Only one method is not enough to avoid attacks. In order to improve the security level, multiple security measures must be adopted. Even so, there is still no guarantee that your device is completely secure. A large number of devices are attacked by ransomware every day, including Terramaster, QNAP, Synology, and even the servers of some large enterprises or government agencies.
https://unit42.paloaltonetworks.com/ech … ware-soho/

If you expose your device to the internet but don’t want to do anything, you may be one of the victims. After studying the cases of individual victims, we found that the hackers continued to attack the victim’s device through the ftp service for more than dozens of hours. If you use the system default port, low security level account and password, you are very likely to become a victim. However, ftp is definitely not the only way to attack, please act immediately and follow our countermeasures one by one to reduce the risk of being attacked.

We will continue to study how the ransomware invaded TNAS devices and will release updates in a timely manner.

Now, one recommendation that has raised particular scrutiny is disabling the default admin account. Many users highlight that Disabling the default administrator account is easier said than done as it is dependant on your installation and version of TOS. To disable the admin account (taken from the official Terramaster official forum and their service team), you need to be a new user with a new TOS installation from 4.2.09 or later versions. For all users with TOS versions installed before 4.2.09 or update to a later version is not possible to disable the default admin account, you need to re-install a new TOS later than 4.2.09. If you are considering re-installing TOS fresh on your terramaster (for security or as a last alternative to get your system storage back without paying ransomware payments regardless of lost data, a guide from terramaster to recover can be found here – https://forum.terra-master.com/en/viewtopic.php?f=76&t=423

Additionally, Terramsater is currently working on TOS 5.0, the latest version of their software (currently still in early alpha/beta testing) and some users on the official forum are highlighting that jsut waiting on this new full release is preferable.

If you have been hit by the Terramaster Ransomware Attack?

Currently, it seems (at least at the time of writing) that if your Terramaster NAS has been hit by this ransomware, there is little to no 3rd party tool/decryption solution available online. However, much like when QNAP was hit by eChoraix and Qsnatch, over time some solutions were made (some in executional form such as QRescue with PhotoRec addons) and some in reverse engineering methods might be possible, so if you have important data that you hope to have recovered, but bulk at the prospect of paying the attackers, it might be worth moving this data off the NAS and onto another storage system (USB, Cloud, offline server, etc) in the meantime. Of course, if you still wish to use your terramaster NAS system, it will require a system reset/format. Indeed, Terramaster themselves raised it (rather bluntly one might say) in their official forum regarding the process of the malware attack in this (and most) cases and the result, if no decrypted can be put together (as has been the case on a few of the 2020/early-2021 ransomware attacks on other platforms such as QNAP:

Since the ransomware creates a random sequence as the AES Key, and then encrypts the previously generated AES Key with the locally generated RSA public key, and uses the AES CFB algorithm to encrypt the files in the infected device, each encrypted device uses a different key. Likewise, once files are encrypted by ransomware, there is usually no way to decrypt them. If your data is so important that you need to get it back, paying the ransom might be the only way. It’s worth reminding that even paying the ransom is not a 100% guarantee that your data will be rescued. If you are not willing to pay the ransom, intend to give up the encrypted data. You can go to Control Panel > Storage, delete volumes and storage pools, and restore the system to factory settings.

If I was in the shoes of someone who had their data encrypted, without a backup in place, then (where possible) I would still hold out for recovery methods. It was rightly raised by Charlie Crocker on the Terramaster forum that decryption of previous NAS ransomware is still ongoing and so if you have the means to move this data elsewhere (along with the ransom .txt, as this is often incredibly useful for identifying the encryption campaign method later), I would recommend that – rather than wiping it all! But I can appreciate that this can be an expensive option.

Criticism of Terramaster in their Response to this Ransomware Attack

Currently, Terramaster is being heavily criticized on their own forums for their handling of this. Understandably, some users were already unhappy with the raised reminders if UPnP weaknesses in a previous version of TOS. An older vulnerability in the Terramaster NAS system was reported in April 2021. As it turns out though, their NAS systems are accessible across the entire internet via the UPnP protocol. Universal Plug and Play (UPnP) is used by an infinite number of network devices, including NAS, routers, computers, gaming consoles, printers, mobile devices, IoT devices, and many more. A full breakdown of this vulnerability in TOS last year was covered over on StorageReview here – https://www.storagereview.com/news/terramaster-nas-vulnerability-found-over-upnp/

This is a developing matter and I will continue to update this article and compile it in a video over on YouTube shortly (when available, it will be published below).

 

It's not just you: Telegram is down for many users

17 janvier 2022 à 16:01
Telegram users are currently experiencing issues around the world, with users unable to use the desktop and mobile apps. [...]

Les Radeon Software Adrenalin Edition 22.1.1, débarquent, quoi de neuf ?

13 janvier 2022 à 10:26

Les Radeon Software Adrenalin EditionAMD a publié de nouveaux pilotes graphiques, les Radeon Software Adrenalin 22.1.1. Nous avons des optimisations pour plusieurs jeux

The post Les Radeon Software Adrenalin Edition 22.1.1, débarquent, quoi de neuf ? appeared first on GinjFo.

Windows 10 KB5009543 & KB5009545 updates released

11 janvier 2022 à 20:41
The new update is now available for Windows 10 version 21H2, version 21H1, and version 20H2 As per the official release notes, Microsoft has published two main cumulative updates for Windows 10 - KB5009543 and KB5009545. [...]

WordPress 5.8.3 security update fixes SQL injection, XSS flaws

10 janvier 2022 à 16:28
The WordPress development team released version 5.8.3, a short-cycle security release that addresses four vulnerabilities, three of which are rated of high importance. [...]

Swiss army bans all chat apps but locally-developed Threema

6 janvier 2022 à 17:02
The Swiss army has banned foreign instant-messaging apps such as Signal, Telegram, and WhatsApp and requires army members to use the locally-developed Threema messaging app instead. [...]

Privacy-focused Brave browser records massive growth in 2021

6 janvier 2022 à 00:32
The privacy-focused web browser Brave continues to grow rapidly as the company reached 50 million monthly active users for the first time in 2021. [...]

Hackers use video player to steal credit cards from over 100 sites

4 janvier 2022 à 18:52
Hackers used a cloud video hosting service to perform a supply chain attack on over one hundred real estate sites that injected malicious scripts to steal information inputted in website forms. [...]

Opera browser working on clipboard anti-hijacking feature

22 décembre 2021 à 20:00
The Opera browser team is working on a new clipboard monitoring and protection system called Paste Protection, which aims to prevent content hijacking and snooping. [...]

Synology DVA1622 AI Powered NVR 2-Bay for Business & Prosumers

3 décembre 2021 à 11:42

New Synology DVA1622 2-Bay NVR NAS Revealed

Synology revealed quite a few interesting hardware and software plans in their recent 2022 and Beyond event, with quite an impressive amount of focus being given to their planned updates for the Surveillance station and a new piece of AI-powered NVR hardware, the DVA1622. This is by no means their first AI-assisted surveillance solution (with the DVA3219 and DVA3221 for High-end business and enterprise released in recent years), but the DVA1622 is by far the most compact and buyer accessible entry into this series yet (though almost certainly still arriving with a price tag that will push it outside the low end, home user). Arriving with Surveillance Station 9.0 at launch, the DVA1622 will feature the support of deep video analysis found in the larger 4 bay GPU equipped versions (though in lower volume instances), as well as unique local access options and easier compact deployment. So, let’s take a look at everything we learned about this new NAS system for surveillance see what makes it stand out from the crowd.

The Synology DVA1622 Surveillance NAS Details

The Synology DVA1622 is clearly stylized on the most recent other 2-bay solution from the brand, the DS720+, arriving in the same compact chassis (though perhaps a pinch taller/wider). There are still a number of key details, such as the CPU that is inside, whether the system will utilize an on-board GPU or Google TPU Coral m.2, and precise ports, but there are still lots of things that Synology was able to confirm about this device during their 2022 launch content.

Highlights of the DVA1622 Surveillance NAS

  • Supports upto 16x IP Cameras
  • Supports upto 2x AI-Powered Tasks
  • Arriving with Surveillance Station 9.0 by default
  • Supports H.265 Format/Compression
  • USB Ports, but full KVM support TBC
  • Stylised on the DS720+ Chassis4K HDMI Enabled
  • AI Deep Video Analysis Features Inc. People and vehicle detection, People counting Face recognition, Intrusion detection and Deep motion detection
  • Expandability (DX517?) TBC
  • Details on inclusive camera license TBC

Later today we will be going through all of the many, MANY updates that are coming to Synology’s surveillance station platform (Cloud recording, Watermarks, Privacy masks, Monitor Center GUI, Google Maps integration and more) in a dedicated Surveillance Station 9.0 article, but there will ALL be supported on the DVA1622 NAS, thanks to it’s impressive yet compact architecture. Alongside the existing range of AI-supported video analysis tools available to the DVA series, there will also be a new (heavily requested) feature added – Licence Plate Recognition.

Now, this seems like an odd feature to get hyped up about, until you think about a business, its security and its means of keeping track of visitors and intruders to their physical premises. Even small businesses are likely to have an on-site car park. So, scenario one – Your building has room for 12 cars and you need to know the frequency of who/where/when they arrive – having a database of which cars belong to your team, means this can be used to know who is present and at what time they arrived/departed. Not enough? Ok, scenario 2 – It’s 5am and a van arrives at your business. Is it a known vehicle to the business or intruders who want to break in? deep video analysis of live recordings and vehicle+licence plate recognition would allow you to have triggers set to alert you if an ‘unknown’ vehicle has arrived and not moved for X time. This allows tailored alerts and actions to be set up. STILL not enough? OK! Scenario 3 – You have a fleet of delivery vehicles that, although very similar in livery/design, are all different vehicle registrations. You need to know if they are all present at closing time OR have all left the main site/depot by 9AM – License plate AI recognition that monitors LIVE recordings (as well as the support of checking legacy recordings over additional time) is hugely useful. But deep video analysis on the DVA1622 and other AI-assisted Surveillance NAS does not end there.

What is Deep Video Analysis and How is it Used in Network Video Servers?

Despite the fact that almost all Synology NAS devices arrived with surveillance station and camera licences included, the performance of the security software will always differ on each Synology NAS device because of its respective hardware. Until recently, these differences could be measured in easy and straightforward terms, such as:
  • Number of simultaneous cameras one time
  • The frame rate of individual cameras recording
  • Resolution supported by individual cameras simultaneously
These three ways were the key measurements with which you could decide the right Synology surveillance station NAS for your needs, as different CPU and memory combinations lead to varying levels of coverage.
What makes the DVA1622 so different is both the Nvidia graphics card inside and the extra real-time supported surveillance add-ons that it enables with its. Typically, a surveillance NAS will be used as a means of being notified of and actioning security alerts. The bulk of security alerts can simply be described as ‘Thing A is in the field of vision of Camera B‘, and should not be. The DVA1622 supports all of the control and alerts that you would find on almost any Synology NAS, such as motion detection, light detection and heat (depending on the camera in question). These alerts will almost always require you to assess recorded footage after the event you are being notified about, reviewing and assessing old footage after the fact and making a judgement on whether this is a perceived negative action. This not only takes time, but also manpower, and with so many false alarms in play (trees moving in the wind, motion detection in a busy environment or night vision tracking as LED hardware switches time of day activity, etc) this can lead to both excessive time-wasting and unreliable results.
The answer to this is DVA (Deep Video Analysis) thanks to this, that means that footage is being analysed by an AI inside the DVA1622 and false alerts and unreliable data can be eliminated instantly. The DVA1622 is smart enough to know the difference between a person and a car, a tree and a bag, and so on and so forth – as well as being able to be programmed to identify things, rather than on motion or blobs of pixels. In real terms that means that you can monitor an entire area over multiple cameras, filled with constantly moving people, and yet it can see if someone has left an unattended item or a vehicle has entered the scene. Likewise, because it can differentiate the difference between items moving in the wind and items that have their own traction, it can alert you to the movement of things without wasting your time with a leaf falling off a tree.
This system of deep video analytics goes even further though, with recognition of people and trigger zones. In real terms, that means that you can draw an area of effect, or a start and finish line digitally thanks to the surveillance station user interface that the deep video analytics AI in the DVA1622 can work with to identify if people move in and out of a given zone, as well as keep count and subtract numbers if needed. This kind of analytics can, of course, be done by humans later on and with hours, days, weeks and months of recorded footage, but it saves a huge amount of time and resources to have this kind of video analysis done in real-time.
These are the things that make the Synology DVA1622 such an impressive device and a tremendously positive thing that these features are going to be available on a much smaller scale (with local potential KVM access of course) on the Synology DVA1622.

What Improvements are Coming to Synology Surveillance Station 9.0?

Synology’s surveillance station platform has always been an exceedingly strong arm of the company and alongside the reveal of the DVA1622 NAS hardware, they took the time to show off their upcoming big update to their NVR software, Surveillance Station 9.0. These updates focused on improvements to the user experience (i.e UX design changes). the scalability of your recordings and security enhancements. I have covered ALL of the updates that Synology is bringing to version 9.0 in the dedicated article below:

FULL Breakdown of the New Features Coming to Surveillance Station 9.0 will be LIVE later today via the link below

When Will the Synology DVA1622 NAS Be Released?

Synology state that the DVA1622 will be released in the first half of 2022, however further details beyond that (eg month or the price of the DVA1622) were not available. Given that this system will be launched with Surveillance station 9.0 by default, then there is every likelihood that this new surveillance hardware platform will act as the launch device for that big software update. Given its business class nature, expect it perhaps at the tail even of the first quarter of 2022. Subscribe to NASCompares to keep updated on the DVA1622, Surveillance Station 9.0 and further updates on the Synology NAS platform.

 


Articles Get Updated Regularly - Get an alert every time something gets added to this page!


This description contains links to Amazon. These links will take you to some of the products mentioned in today's content. As an Amazon Associate, I earn from qualifying purchases. Visit the NASCompares Deal Finder to find the best place to buy this device in your region, based on Service, Support and Reputation - Just Search for your NAS Drive in the Box Below

 

SEARCH IN THE BOX BELOW FOR NAS DEALS

Need Advice on Data Storage from an Expert?

We want to keep the free advice on NASCompares FREE for as long as we can. Since this service started back in Jan '18, We have helped hundreds of users every month solve their storage woes, but we can only continue to do this with your support. So please do choose to buy at Amazon US and Amazon UK on the articles when buying to provide advert revenue support or to donate/support the site below. Finally, for free advice about your setup, just leave a message in the comments below here at NASCompares.com and we will get back to you. Need Help? Where possible (and where appropriate) please provide as much information about your requirements, as then I can arrange the best answer and solution to your needs. Do not worry about your e-mail address being required, it will NOT be used in a mailing list and will NOT be used in any way other than to respond to your enquiry. [contact-form-7] Terms and Conditions Alternatively, why not ask me on the ASK NASCompares forum, by clicking the button below. This is a community hub that serves as a place that I can answer your question, chew the fat, share new release information and even get corrections posted. I will always get around to answering ALL queries, but as a one-man operation, I cannot promise speed! So by sharing your query in the ASK NASCompares section below, you can get a better range of solutions and suggestions, alongside my own.  

❌