fbpx

ASUSTOR Announces End to Deadbolt Investigation – Increases Commitment to Data Security

ASUSTOR Announces End to Deadbolt Investigation – Increases Commitment to Data Security

3 October 2022


In view of the continuing emergence of online threats caused by ransomware, including, but not limited to Deadbolt, ASUSTOR is committing to increased measures to fight ransomware and protect data security. ASUSTOR has completed its investigation of Deadbolt and has made enhancements to solve multiple vulnerabilities that could lead an attacker gaining control over ADM to inject unauthorized code. ASUSTOR will continue to increase its commitment to data security to protect user data.

Listed below are the current security adjustments:

• Addition of a removal mechanism to identify ransomware and software displaying unusual behavior

• The minimum TLS protocol version for HTTPS connections is now set to TLS 1.2 by default.

• A UPS cgi security vulnerability that could allow an attacker to gain control over the system was fixed.

• Addition of warnings to change default ports to reduce security risks when exposing your NAS to the Internet.

• HTTP Content Security Policy (CSP) headers were enabled for increased security.

ASUSTOR also makes this recommendation to increase security:

• It is recommended to make frequent use of backup apps available on ADM for easy scheduled backups for both onsite and offsite backups.

ASUSTOR also makes this recommendation to increase security:

• Updated Netatalk to fix AFP security vulnerabilities: CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124, CVE-2022-23125, CVE-2022-0194

• Updated OpenSSL to fix security vulnerabilities: CVE-2022-0778, CVE-2022-1292

• Fixed potential security issues dealing with source code scanning software to prevent malware attacks.

ASUSTOR is committed to maintaining security by continuously investigating and patching potential vulnerabilities. While these efforts can go a long way, we recognize that no software solution is 100% safe, ensuring your backups are at least 3-2-1 compliant can ensure the least amount of risk for your data. ASUSTOR regrets inconvenience caused during Deadbolt attacks and will improve its communication on the importance of backups and commitment to security.

Learn more about 3-2-1 backups: https://www.asustor.com/solution/backup_rules

Learn more about security advisories here: https://www.asustor.com/security/security_advisory