I think that is good to share some news about Linux and hardware.
I have a QNAP TS251. I think I will do a factory reset. 
Thanks for sharing this. Very worrying news indeed.
Youâre welcome.
I hope this thread will be useful.
Here is an article from Reuters on FBI action to try and avoid:
On the other hand, in April, Cisco warned about a back-door in their âSmart Install Clientâ: <https://blog.talosintelligence.com/2018/04/critical-infrastructure-at-risk.html>.
Kaspersky noticed it as well: <https://www.kaspersky.com/blog/cisco-apocalypse/21966/>.
There were reports in German language IT news streams of this issue November last year.
If the back-door was there, and a few people were aware of it, then âŠ
Further administration warnings from Cisco:
<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2>
<https://github.com/Cisco-Talos/smi_check>
<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170214-smi>
Havenât noticed anything from Bruce Schneier on this yet: <https://www.schneier.com/>.
[HR][/HR]BTW: QNAP have another issue with their firmware version (4.3.4.0588 Build 20180519) «which theyâve withdrawn 
» â the âadminâ login loops on a âData Protectionâ notice presumably introduced due to the European Data Protection law which becomes effective tomorrow âŠ
I need to revert to an earlier image by means of âCLI via SSHâ ⊠
Staff have looked at this thread. They think:
- That the titles suggests that this is a thread where forum members announce their marriage or that they are going on holidays, or bought a new system, but in fact it is a bout a more serious subject. Thus the title will be changed.
- The News and Announcements section is for news and announcements made by the project (often started by a newsbot inside SUSE/openSUSE. Also this is not directly about openSUSE. Thus it will be moved to General Chitchat.
While these moves are made, the thread is CLOSED.
Moved from Announcements and open again.
QNAP have announced a security advisory: <https://www.qnap.com/en/security-advisory/NAS-201805-24>.
Please note the build dates: "QTS 4.2.6 build 20170628, 4.3.3 build 20170703, and earlier versions, or using the default password for the administrator account."I guess that, the current Build Iâm running is OK: â20180501, version 4.3.4.0569â.
Thanks.
Anyway I did a factory reset and changed my passw.
Do you confess with this that you did not change the default password on the device as soon as you started using it? 
Basic security action my dear Watson.
No. I think I was misunderstood.
I changed my passwd every 4-5 months.
Now I changed again. And is longer than usual. :shame:
I really misunderstood you and apologize.
The documents pointed to, specially mention to change the default password, that is why I thought you were one of those.
No problem. No need to apologize.
I liked you post
do you confess...my dear Watson
.
BTW, I still smile.
I posted the following elsewhere yesterday about this massive Russian botnet, the malware exploit is dubbed âVPNfilterâ
This morning,
Is the Security news of the dayâŠ
You can get more breaking news using the search term âvpnfilterâ and
omit âvpn filterâ results.
Summary
Est >500,000 devices already compromised
Current main attack focus is Ukraine
Almost no attack vector info, except that
- IoT devices with known unpatchable vulnerabilities
- Primarily SOHO Internet routers and Microtik and QNAS NAS appliances
- 2 stage, the first stage survives reboots, the second stage does not
- Uses image files(no explanation Iâve seen so far, does this mean
steganography? Text files stored on image sites like Photobucket?)
Article from main Security team working with the US federal government
https://blog.talosintelligence.com/2018/05/VPNFilter.html
Additional info from Cisco/Talos
https://blogs.cisco.com/security/talos/vpnfilter
One posting how to identify whether youâve been hacked (IMO YMMV)
https://a2alert.com/vpnfilter-malware-indicators-compromise/
Although the available information is very sketchy at the moment,
A few important bits of info are
- Review the security of your edge devices (Those exposed to the
Internet), particularly focusing on passwords. - Change all default passwords on edge devices
- Donât use any easily guessed or commonly used passwords on edge devices.
- Donât forget devices where traffic is forwarded through your
Internet Router to devices like NAS within your network. Those should
be considered exposed as Internet devices as well.
Minor update to my posting,
Apparently an Ars Technica article confirmed that steganography is used (I was speculating from lack of information)
TSU
As for a changed (non-default) password,
It may still be necessary to make sure the new password isnât also easily guessed.
So,
For example the Mirai IoT attack 2 years ago also gained access by not only checking for the default password but also checked against a short list of something like the 69 most common passwords. Even that short a password list yielded over 500,000 successful compromises. The Mirai botnet was different though⊠It only wanted access to load payloads into volatile memory and didnât survive re-boots, whereas this VPNfilter attack actually installs malware on to the system so that it survives reboots (and can brick your device to avoid analysis). And, that attack targeted different devices, mostly webcams and the like but also included SOHO Internet routers.
TSU