Security News

Synology hurries out patches for zero-days exploited at Pwn2Own

2024-11-01 16:38

Synology, a Taiwanese network-attached storage (NAS) appliance maker, patched two critical zero-days exploited during last week's Pwn2Own hacking competition within days. [...]

#pwn2own #synology #zeroday

QNAP, Synology, Lexmark devices hacked on Pwn2Own Day 3

2024-10-25 06:57

The third day of Pwn2Own Ireland 2024 continued to showcase the expertise of white hat hackers as they exposed 11 zero-day vulnerabilities, adding $124,750 to the total prize pool, which now...

#hacked #pwn2own #qnap #synology

New Admin Takeover Vulnerability Exposed in Synology's DiskStation Manager

2023-10-18 06:48

A medium-severity flaw has been discovered in Synology's DiskStation Manager (DSM) that could be exploited to decipher an administrator's password and remotely hijack the account. "Under some rare...

#synology #takeover #vulnerability

Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers

2023-01-04 04:28

Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems.Tracked as CVE-2022-43931, the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has been described as an out-of-bounds write bug in the remote desktop functionality in Synology VPN Plus Server.

#patch #vulnerability #synology #server #VPN #RCE #critical #CVE-2022-43931

Synology fixes maximum severity vulnerability in VPN routers

2023-01-03 15:36

Taiwan-based NAS maker Synology has addressed a maximum severity vulnerability affecting routers configured to run as VPN servers. VPN Plus Server is a virtual private network server that allows administrators to set up Synology routers as a VPN server to allow remote access to resources behind the router.

#router #synology #VPN #vulnerability