Synology patches critical vulnerabilities, urges users to update devices against zero-click attacks

Synology patches critical zero-click vulnerabilities in NAS devices
Attackers can exploit vulnerabilities without user interaction
$260,000 was awarded to researchers for discovering exploits

Synology has recently patched a critical security flaw in its NAS device products which could have allowed hackers to hijack victim units.

The company released two advisories to notify users about patched vulnerabilities in its data storage products, specifically those in Photos for DMS and BeePhotos for BeeStation.

The identified issues, shown off at the recent Pwn2Own Ireland 2024 event, allowed for remote code execution, posing a serious threat as they enabled attackers to take control of affected devices without user interaction.

Critical vulnerabilities revealed

Remote code execution vulnerabilities are especially dangerous as they give attackers the ability to execute arbitrary commands on the device, putting sensitive data at risk.

By addressing these flaws, Synology has ensured users who apply the updates can better protect their devices from potential attacks, as this not only prevents potential remote access, but also reduces the likelihood of ransomware, data theft, and other types of attacks that exploit NAS vulnerabilities.

Devices storing sensitive information are often connected to the internet, therefore they are usually susceptible to attacks. To guard against malicious actors, it is important to employ regular security patches.

Organized by Trend Micro’s Zero Day Initiative (ZDI), Pwn2Own Ireland 2024 awarded over $1 million to white-hat hackers who successfully demonstrated exploits across devices, including NAS systems, cameras, and smart speakers.

Synology was one of the companies with security flaws with its products earning researchers $260,000 in total for their discovered vulnerabilities. The company quickly responded to the competition findings and addressed critical flaws in its products.

Via SecurityWeek

https://cdn.mos.cms.futurecdn.net/ZikRhsiSck2xaCGFGgLqS7-1200-80.jpg

Source link
udinmwenefosa@gmail.com (Efosa Udinmwen)

Adorama Memorial Day sale: I’ve found the 14 best deals on our favorite cameras from Canon, Nikon, and more

Minisforum just put a laptop chip in a server rack, but AMD won’t be happy with this bold new AI play

I heard Oasis’s greatest hits in Dolby Atmos, and now I’m sure spatial audio is going to live forever

Forget Rolls-Royce – after living with the new Lexus LM350h, I’ve decided we have a new king of luxury

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Which Celebrity Styles Americans Copy Most in 2025: New Study

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

Know Your Fund Manager | Rohan Korde, Fund Manager – Equity, ITI Mutual Fund

Tronox's SWOT analysis: titanium dioxide producer faces stock challenges

Before he revolutionized tech with Steve Jobs, Jony Ive wanted to quit Apple. Now he’s forging a new power pair with OpenAI’s Sam Altman

Bilibili's SWOT analysis: gen z favorite faces growth hurdles in china tech

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Synology patches critical vulnerabilities, urges users to update devices against zero-click attacks

Adorama Memorial Day sale: I’ve found the 14 best deals on our favorite cameras from Canon, Nikon, and more

Know Your Fund Manager | Rohan Korde, Fund Manager – Equity, ITI Mutual Fund

Tronox's SWOT analysis: titanium dioxide producer faces stock challenges

Before he revolutionized tech with Steve Jobs, Jony Ive wanted to quit Apple. Now he’s forging a new power pair with OpenAI’s Sam Altman