Kyocera and QNAP Address Critical Cybersecurity Vulnerabilities

In the rapidly evolving landscape of digital security, cyber threats continue to present critical challenges. Recently, two significant vulnerabilities have been disclosed, affecting users and businesses alike, emphasizing the need for relentless vigilance in cybersecurity.

Kyocera has grappled with a security flaw in its Device Manager product, allowing attackers to manipulate authentication attempts to their own resources. This path traversal issue, tracked as CVE-2023-50916, facilitates unauthorized access to client accounts and data theft, raising the stakes for network security. It notably enables NTLM relay attacks, where intercepted local paths can be altered toward backup locations of databases. However, Kyocera has been swift to respond, and the issue has been addressed in Kyocera Device Manager version 3.1.1213.0. Users must update their installations to mitigate these risks.

Similarly, QNAP has issued fixes for several vulnerabilities that impacted its QTS and QuTS hero, QuMagie, Netatalk, and Video Station. One such flaw is CVE-2023-39296, a prototype pollution vulnerability. This allows remote attackers to override existing attributes, potentially crashing the system. Updates have been made available in QTS 5.1.3.2578 and QuTS hero h5.1.3.2578. There is no evidence these vulnerabilities have been exploited in the wild, but users are encouraged to update to the latest versions to protect their devices.

Trustwave’s recent revelations about Kyocera reinforce the precariousness of network security. They discovered the improper input validation vulnerability through rigorous penetration testing. This vulnerability could be exploited if specific Windows security policies are not enabled, leading to NTLM credential relaying or cracking attacks.

Cybersecurity is not solely the responsibility of businesses, but a collective effort involving users, too. Staying informed of the latest software updates is crucial. For Kyocera’s Device Manager, users should contact their dealer, authorized reseller, or servicing agent to ensure their devices are secure. Similarly, QNAP users can update their systems via the Control Panel or by manually downloading updates from QNAP’s website.

A concerted effort is essential to outpace cyber perpetrators. Users must remain proactive, and businesses like Kyocera and QNAP must be vigilant, constantly reinforcing their cyber defenses. These incidents underline that in the domain of cybersecurity, complacency is not an option.