“Owowa” stealthily lurks on IIS servers, waiting to harvest successful logins when an Outlook Web Access (OWA) authentication request is made.
https://threatpost.com/malicious-exchange-server-module-outlook-credentials/177077/
QNAP is warning clients that a recently disclosed vulnerability affects most of its NAS devices, with no mitigation available while the vendor readies a patch.
https://threatpost.com/qnap-customers-adrift-fix-openssl-bug/179197/