Synology patches critical vulnerabilities, urges users to update devices against zero-click attacks

Synology patches critical zero-click vulnerabilities in NAS devices
Attackers can exploit vulnerabilities without user interaction
$260,000 was awarded to researchers for discovering exploits

Synology has recently patched a critical security flaw in its NAS device products which could have allowed hackers to hijack victim units.

The company released two advisories to notify users about patched vulnerabilities in its data storage products, specifically those in Photos for DMS and BeePhotos for BeeStation.

The identified issues, shown off at the recent Pwn2Own Ireland 2024 event, allowed for remote code execution, posing a serious threat as they enabled attackers to take control of affected devices without user interaction.

Critical vulnerabilities revealed

Remote code execution vulnerabilities are especially dangerous as they give attackers the ability to execute arbitrary commands on the device, putting sensitive data at risk.

By addressing these flaws, Synology has ensured users who apply the updates can better protect their devices from potential attacks, as this not only prevents potential remote access, but also reduces the likelihood of ransomware, data theft, and other types of attacks that exploit NAS vulnerabilities.

Devices storing sensitive information are often connected to the internet, therefore they are usually susceptible to attacks. To guard against malicious actors, it is important to employ regular security patches.

Organized by Trend Micro’s Zero Day Initiative (ZDI), Pwn2Own Ireland 2024 awarded over $1 million to white-hat hackers who successfully demonstrated exploits across devices, including NAS systems, cameras, and smart speakers.

Synology was one of the companies with security flaws with its products earning researchers $260,000 in total for their discovered vulnerabilities. The company quickly responded to the competition findings and addressed critical flaws in its products.

Via SecurityWeek

https://cdn.mos.cms.futurecdn.net/ZikRhsiSck2xaCGFGgLqS7-1200-80.jpg

Source link
udinmwenefosa@gmail.com (Efosa Udinmwen)

Is the Galaxy S25 Edge ready for its debut? Samsung sets May 12 for virtual Galaxy Unpacked

How to watch IIHF World Championship 2025: live stream ice hockey online

This tiny $829 box has more power than your full-size PC – and it runs 8K games with ease

How to watch Giro d’Italia 2025 live stream, potentially for free

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Which Celebrity Styles Americans Copy Most in 2025: New Study

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

Indian Alcobev Stocks: How will India-UK FTA affect Indian alcobev stocks?

PHX Energy Announces Annual Meeting Voting Results for Election of Directors

Retail Investors: Why are retail investors betting on beaten-down stocks despite market weakness?

Hyundai Motor Group Delivers Enhanced In-Car Experience Through Equinix Data Centers Globally

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Synology patches critical vulnerabilities, urges users to update devices against zero-click attacks

Indian Alcobev Stocks: How will India-UK FTA affect Indian alcobev stocks?

PHX Energy Announces Annual Meeting Voting Results for Election of Directors

Retail Investors: Why are retail investors betting on beaten-down stocks despite market weakness?

Hyundai Motor Group Delivers Enhanced In-Car Experience Through Equinix Data Centers Globally