We use cookies to help us improve our webpage. Please read our Cookie Policy .

2022-09-23

ASUSTOR Announces End to Deadbolt Investigation – Increases Commitment to Data Security


Taipei, Taiwan, 23 September 2022 – In view of the continuing emergence of online threats caused by ransomware, including, but not limited to Deadbolt, ASUSTOR is committing to increased measures to fight ransomware and protect data security. ASUSTOR has completed its investigation of Deadbolt and has made enhancements to solve multiple vulnerabilities that could lead an attacker gaining control over ADM to inject unauthorized code. ASUSTOR will continue to increase its commitment to data security to protect user data.
 
Listed below are the current security adjustments:
• Addition of a removal mechanism to identify ransomware and software displaying unusual behavior
• The minimum TLS protocol version for HTTPS connections is now set to TLS 1.2 by default.
• A UPS cgi security vulnerability that could allow an attacker to gain control over the system was fixed.
• Addition of warnings to change default ports to reduce security risks when exposing your NAS to the Internet.
• HTTP Content Security Policy (CSP) headers were enabled for increased security.
 
ASUSTOR also makes this recommendation to increase security:
• It is recommended to make frequent use of backup apps available on ADM for easy scheduled backups for both onsite and offsite backups. 
 
ASUSTOR also makes this recommendation to increase security:
• Updated Netatalk to fix AFP security vulnerabilities: CVE-2022-23121, CVE-2022-23122, CVE-2022-23123, CVE-2022-23124, CVE-2022-23125, CVE-2022-0194
• Updated OpenSSL to fix security vulnerabilities: CVE-2022-0778, CVE-2022-1292
• Fixed potential security issues dealing with source code scanning software to prevent malware attacks.
 
 
ASUSTOR is committed to maintaining security by continuously investigating and patching potential vulnerabilities. While these efforts can go a long way, we recognize that no software solution is 100% safe, ensuring your backups are at least 3-2-1 compliant can ensure the least amount of risk for your data. ASUSTOR regrets inconvenience caused during Deadbolt attacks and will improve its communication on the importance of backups and commitment to security.
 
 
Learn more about 3-2-1 backups: https://www.asustor.com/solution/backup_rules
Learn more about security advisories here: https://www.asustor.com/security/security_advisory
 
 
About ASUSTOR Inc.
Founded in 2011, ASUSTOR Inc. was established via direct investment from ASUSTeK Computer Inc. The ASUSTOR brand name was created as a portmanteau of “ASUS” and “Storage”. ASUSTOR is a leading innovator and provider of private cloud storage (network attached storage) and video surveillance (network video recorder) solutions, also specializing in the development and integration of related firmware, hardware and applications. We are devoted to providing the world with unparalleled user experiences and the most complete set of network storage solutions possible.
Media Contact: marketing@asustor.com