Security News

Synology hurries out patches for zero-days exploited at Pwn2Own
2024-11-01 16:38

Synology, a Taiwanese network-attached storage (NAS) appliance maker, patched two critical zero-days exploited during last week's Pwn2Own hacking competition within days. [...]

QNAP, Synology, Lexmark devices hacked on Pwn2Own Day 3
2024-10-25 06:57

The third day of Pwn2Own Ireland 2024 continued to showcase the expertise of white hat hackers as they exposed 11 zero-day vulnerabilities, adding $124,750 to the total prize pool, which now...

New Admin Takeover Vulnerability Exposed in Synology's DiskStation Manager
2023-10-18 06:48

A medium-severity flaw has been discovered in Synology's DiskStation Manager (DSM) that could be exploited to decipher an administrator's password and remotely hijack the account. "Under some rare...

Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers
2023-01-04 04:28

Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems.Tracked as CVE-2022-43931, the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has been described as an out-of-bounds write bug in the remote desktop functionality in Synology VPN Plus Server.

Synology fixes maximum severity vulnerability in VPN routers
2023-01-03 15:36

Taiwan-based NAS maker Synology has addressed a maximum severity vulnerability affecting routers configured to run as VPN servers. VPN Plus Server is a virtual private network server that allows administrators to set up Synology routers as a VPN server to allow remote access to resources behind the router.