Vulnerable ownCloud/Nextcloud based private cloud servers found in HK
HKCERT has received reports from CERT-Bund, the federal CERT of Germany, about vulnerable installations of ownCloud and Nextcloud found in Hong Kong.
ownCloud and Nextcloud are both software suites for running self-hosted cloud instances for data synchronization and sharing, i.e. private cloud. Nextcloud GmbH has performed scans for installations of ownCloud and Nextcloud openly accessible from the Internet, and found that there are vulnerable or outdated installations which could lead to information leakage or the installation being taken control by criminals. They have provided the scan results to CERT-Bund, which has referred HKCERT the server information related to Hong Kong.
HKCERT has notified the ISP of the cloud owners, and urged the ISP to alert their clients timely. If you have received notification from your ISP, please take action immediately to secure your ownCloud or Nextcloud. We have also provided instructions on checking the scanning results in the email notification to ISP, and you can check the problems currently existing in your cloud installation in the result.
Further information of securing ownCloud and Nextcloud can be found here:
Share with