#Synology

Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices

by

November 5, 2024 at 04:48AM Synology has addressed a critical zero-day vulnerability (CVE-2024-10443) called RISK:STATION, affecting millions of DiskStation and BeePhotos devices, allowing remote code execution without user interaction. Meanwhile, QNAP resolved three critical flaws in their products. Users are urged to apply patches promptly to protect against potential attacks. ### Meeting Takeaways – November … Read more

Synology hurries out patches for zero-days exploited at Pwn2Own

by

November 1, 2024 at 12:40PM Synology quickly addressed two critical zero-click vulnerabilities found in its Synology Photos and BeePhotos software during the Pwn2Own 2024 competition. Users are urged to update their systems to prevent remote code execution attacks. Similar vulnerabilities were also patched by QNAP, highlighting ongoing security risks for exposed NAS devices. **Meeting Takeaways:** … Read more

Synology, QNAP, TrueNAS Address Vulnerabilities Exploited at Pwn2Own Ireland

by

October 30, 2024 at 04:37AM Synology, QNAP, and TrueNAS are addressing vulnerabilities that were exploited at Pwn2Own Ireland 2024 by implementing patches and mitigation strategies. **Meeting Takeaways:** 1. **Recent Vulnerabilities**: Synology, QNAP, and TrueNAS have acknowledged vulnerabilities that were exploited during the Pwn2Own Ireland 2024 event. 2. **Action Taken**: Each company has begun implementing patches … Read more

New Admin Takeover Vulnerability Exposed in Synology’s DiskStation Manager

by

October 18, 2023 at 03:33AM A medium-severity flaw has been discovered in Synology’s DiskStation Manager (DSM) that could allow an attacker to remotely hijack an administrator’s account by deciphering their password. The flaw stems from the use of a weak random number generator. Synology has already addressed the issue in updates released in June 2023. … Read more