Synology patches critical vulnerabilities, urges users to update devices against zero-click attacks

  • Synology patches critical zero-click vulnerabilities in NAS devices
  • Attackers can exploit vulnerabilities without user interaction
  • $260,000 was awarded to researchers for discovering exploits

Synology has recently patched a critical security flaw in its NAS device products which could have allowed hackers to hijack victim units.

The company released two advisories to notify users about patched vulnerabilities in its data storage products, specifically those in Photos for DMS and BeePhotos for BeeStation.

The identified issues, shown off at the recent Pwn2Own Ireland 2024 event, allowed for remote code execution, posing a serious threat as they enabled attackers to take control of affected devices without user interaction.

Critical vulnerabilities revealed

Remote code execution vulnerabilities are especially dangerous as they give attackers the ability to execute arbitrary commands on the device, putting sensitive data at risk.

By addressing these flaws, Synology has ensured users who apply the updates can better protect their devices from potential attacks, as this not only prevents potential remote access, but also reduces the likelihood of ransomware, data theft, and other types of attacks that exploit NAS vulnerabilities.

Devices storing sensitive information are often connected to the internet, therefore they are usually susceptible to attacks. To guard against malicious actors, it is important to employ regular security patches.

Organized by Trend Micro’s Zero Day Initiative (ZDI), Pwn2Own Ireland 2024 awarded over $1 million to white-hat hackers who successfully demonstrated exploits across devices, including NAS systems, cameras, and smart speakers.

Synology was one of the companies with security flaws with its products earning researchers $260,000 in total for their discovered vulnerabilities. The company quickly responded to the competition findings and addressed critical flaws in its products.

Via SecurityWeek

You might also like



from Latest from TechRadar US in News,opinion https://ift.tt/QrmLdkj
Synology patches critical vulnerabilities, urges users to update devices against zero-click attacks  Synology patches critical vulnerabilities, urges users to update devices against zero-click attacks Reviewed by Ghaniiero on décembre 21, 2024 Rating: 5

Aucun commentaire:

Fourni par Blogger.