View this email in your browser
You are receiving this email because of your relationship with ASUSTOR Inc. If you do not wish to receive any more emails, you can unsubscribe here.
marketing@asustor.com
2023 年 7 月 華芸電子報 第 200 
本期焦點
保護個資不外洩, 跟著 ASUSTOR 一起這樣做 
個人資料防護很重要! 除了定期遵守 3-2-1 原則備份,還要建立好正確觀念和防護措施才能有效守護你我的資安。
一、隨時將 ADM 更新至最新版:
ASUSTOR ADM 作業系統會根據潛在的資安漏洞持續做出修改,為了保護資料安全,建議每位用戶將 ADM 更新到最新版本。
二、使用高強度的管理者帳號與密碼並定期更新密碼:
設定複雜的帳號和密碼是一件很常令人忽略的事情,多數人為了方便只設定了簡單的組合,但這讓帳戶容易被有心人士入侵並竊取隱私。ASUSTOR NAS 用戶可以點選 ADM 裡的「存取控制」-「本機使用者」-「新增」,填入自己命名的管理者帳號以及高強度密碼,並停用預設的 admin 帳號。
三、開啟 ADM Defender 防火牆以及網路防護:
點選 ADM 裡的「偏好設定」-「ADM Defender」-「網路防護」,啟用自動黑名單以防止惡意網路攻擊及嘗試登入。當任何用戶端 IP 位址在指定時間內重複登入失敗超過指定的次數,該用戶 IP 位址即會自動被封鎖。
Security Advisory

A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious scripts into the target applications to access any cookies or sensitive information retained by the browser and used with that application. (CVE-2023-2509)

  • The issue has been fixed on ADM 4.2.2.RI61.

EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. (CVE-2023-2909) 

  • The issue has been fixed on ADM 4.2.2.RI61.

The Netatalk development team disclosed multiple fixed vulnerabilities affecting earlier versions of the software on the latest release of Netatalk 3.1.13: CVE-2022-43634 and CVE-2022-45188.

  • Netatalk 3.1.13 patch has been updated on ADM 4.2.2.RI61 to resolve the issue.

Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. (CVE-2023-2749)

  • The issue has been fixed on Download Center 1.1.5.r1298 for ADM 4.2.

The PHP Group announced multiple vulnerabilities that have been fixed in the latest release of PHP 8.1.

CVE-2023-0662, CVE-2022-31631, CVE-2022-31630, CVE-2022-37454, CVE-2022-31628, CVE-2022-31629 and CVE-2022-31627 will affect ASUSTOR products with PHP 8.1 installed on ADM 4.1 or ADM 4.2

  • Updates with PHP 8.1.18 has been released on App Central for ADM 4.2.2.
得獎訊息
marketing@asustor.com
ASUSTOR Inc. NAS 再獲肯定! Lockerstor 2 Gen2 / AS6702T 獲得美國權威科技媒體 PC Magazine 認可,再度奪得「2022 年度最佳科技產品和服務」大獎,AS6702T 以強大的運算能力及豐富的功能,榮獲編輯青睞,評鑑為滿足未來企業儲存需求的絕佳選擇。
 
PC Magazine 編輯經過長達一年及不斷的反覆測試及驗證,從超過 2,000 項的產品中整理出 15 個年度最傑出的科技產品類別及多項頂級產品,以幫助大家在選購科技產品時作出最正確的判斷。AS6702T 為網通類別裡唯一獲獎的 NAS 產品,雙 2.5GbE 高速連線、超過 300 款商用、備份、安全及家庭娛樂應用程式的 ADM 系統、4 個 M.2 SSD 磁碟槽,高擴充性的特性、出色的功能使 AS6702T 在獲得「編輯首選」的獎項之後,再度獲得肯定,入選「2022 年度最佳科技產品和服務」。
marketing@asustor.com
Youtube 開箱分享
marketing@asustor.com
 
 
This message was sent from marketing@asustor.com to marketing@asustor.com
3F, No.136, Da-Ye Rd., Beitou Dist., Taipei City 112, Taiwan


Update Profile/Email Address | Forward Email | Report Abuse