Many Legacy D-Link NAS Devices Exposed to Remote Attacks via Critical Flaw

November 11, 2024 at 06:10AM D-Link has alerted users about a critical command injection vulnerability in several discontinued NAS models, leaving them exposed to remote attacks. This emphasizes the importance of maintaining security awareness for legacy devices. **Meeting Takeaways:** 1. **Vulnerability Alert**: D-Link has identified a critical-severity command injection vulnerability. 2. **Affected Products**: The issue … Read more

D-Link won’t fix critical flaw affecting 60,000 older NAS devices

November 8, 2024 at 02:23PM Over 60,000 D-Link NAS devices are vulnerable to a critical command injection flaw (CVE-2024-10914). An attacker can exploit it via crafted HTTP GET requests. D-Link confirmed no fix will be provided and recommends retiring the affected devices or isolating them from the internet due to their end-of-life status. ### Meeting … Read more

Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices

November 5, 2024 at 04:48AM Synology has addressed a critical zero-day vulnerability (CVE-2024-10443) called RISK:STATION, affecting millions of DiskStation and BeePhotos devices, allowing remote code execution without user interaction. Meanwhile, QNAP resolved three critical flaws in their products. Users are urged to apply patches promptly to protect against potential attacks. ### Meeting Takeaways – November … Read more

QNAP patches second zero-day exploited at Pwn2Own to get root

October 30, 2024 at 01:43PM QNAP released security patches for two critical zero-day vulnerabilities, CVE-2024-50387 and another in HBS 3 Hybrid Backup Sync, exploited during Pwn2Own 2024. These patches were issued quickly, highlighting QNAP devices’ susceptibility to cyberattacks. Users are urged to update their software promptly to protect sensitive data. ### Meeting Takeaways 1. **Recent … Read more

QNAP fixes NAS backup software zero-day exploited at Pwn2Own

October 29, 2024 at 01:37PM QNAP addressed a critical zero-day vulnerability (CVE-2024-50388) in HBS 3 Hybrid Backup Sync, exploited at Pwn2Own Ireland 2024. The patch is available in version 25.1.1.673 and later. This follows a history of security challenges for QNAP devices, often targeted by ransomware gangs due to sensitive file storage. ### Meeting Takeaways: … Read more

White Hat Hackers Earn $500,000 on First Day of Pwn2Own Ireland 2024

October 23, 2024 at 03:58AM At Pwn2Own Ireland 2024, participants earned $500,000 on the first day by successfully hacking NAS devices, cameras, speakers, and printers. The event highlights the ongoing efforts and skills of white hat hackers in cybersecurity. The post appeared on SecurityWeek. **Meeting Takeaways:** 1. **Event Overview**: Pwn2Own Ireland 2024 is currently ongoing. … Read more

QNAP adds NAS ransomware protection to latest QTS version

August 21, 2024 at 02:18PM QNAP, a Taiwanese hardware vendor, has integrated a Security Center with ransomware protection into the newest QTS operating system for NAS devices. This enhancement aims to bolster security for network-attached storage systems. Based on the meeting notes, the key takeaway is that QNAP, a Taiwanese hardware vendor, has incorporated a … Read more

Recent Zyxel NAS Vulnerability Exploited by Botnet

June 25, 2024 at 09:44AM A critical vulnerability in discontinued Zyxel NAS devices, tracked as CVE-2024-29973, allows for remote code execution through crafted HTTP POST requests. Exploited by a Mirai-like botnet, the flaw was discovered by security researcher Timothy Hjort. Zyxel released patches for the vulnerability, urging users to update devices or consider replacing them. … Read more

‘Mirai-like’ botnet observed attacking EOL Zyxel NAS devices

June 24, 2024 at 10:41AM Early attacks are targeting end-of-life Zyxel NAS boxes following the disclosure of three critical vulnerabilities. The Shadowserver Foundation observed attempts of remote command execution by a botnet and advised users to check for compromise signs. It’s recommended to patch affected devices or consider upgrading for enhanced security, given the lack … Read more

Exploitation Attempts Target Unpatched Flaw Affecting Many D-Link NAS Devices

April 9, 2024 at 06:06AM An unpatched vulnerability affecting D-Link NAS devices (CVE-2024-3273) is being exploited in the wild. The vulnerability allows unauthenticated attackers to execute arbitrary commands, potentially leading to information theft or system configuration alteration. D-Link confirmed affected models, with exploitation attempts already observed. CISA is aware of 16 D-Link product vulnerabilities exploited … Read more