Security News

Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability
2024-11-10 09:00

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) Synology has...

Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices
2024-11-05 09:34

Taiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution. Tracked as...

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)
2024-11-04 14:04

Synology has released fixes for an unauthenticated “zero-click” remote code execution flaw (CVE-2024-10443, aka RISK:STATION) affecting its popular DiskStation and BeeStation network attached...

Synology hurries out patches for zero-days exploited at Pwn2Own
2024-11-01 16:38

Synology, a Taiwanese network-attached storage (NAS) appliance maker, patched two critical zero-days exploited during last week's Pwn2Own hacking competition within days. [...]

QNAP, Synology, Lexmark devices hacked on Pwn2Own Day 3
2024-10-25 06:57

The third day of Pwn2Own Ireland 2024 continued to showcase the expertise of white hat hackers as they exposed 11 zero-day vulnerabilities, adding $124,750 to the total prize pool, which now...

New Admin Takeover Vulnerability Exposed in Synology's DiskStation Manager
2023-10-18 06:48

A medium-severity flaw has been discovered in Synology's DiskStation Manager (DSM) that could be exploited to decipher an administrator's password and remotely hijack the account. "Under some rare...

Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers
2023-01-04 04:28

Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems.Tracked as CVE-2022-43931, the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has been described as an out-of-bounds write bug in the remote desktop functionality in Synology VPN Plus Server.

Synology fixes maximum severity vulnerability in VPN routers
2023-01-03 15:36

Taiwan-based NAS maker Synology has addressed a maximum severity vulnerability affecting routers configured to run as VPN servers. VPN Plus Server is a virtual private network server that allows administrators to set up Synology routers as a VPN server to allow remote access to resources behind the router.