NASty Flaws In Networked Storage, Patch Synology And QNAP ASAP
The Pwn2Own Hacking Competition Was Busy This Year
Last week at Pwn2Own there were serious flaws discovered in QNAP and Synology NAS software, and this week those companies have released patches for them. In Synology’s case, several versions of both BeePhotos for BeeStation and Synology Photos for DSM open you up to serious pain. The unpatched software would allow attackers to trigger remote code execution as root on vulnerable NAS appliances exposed online. For QNAP owners it is an SQL injection vulnerability which could ruin their day. The flaw is present in QNAP TS-464 NAS devices and in the HBS 3 Hybrid Backup Sync disaster recovery and data backup solution.
In both cases, the companies do not push the updates, you will need to update them manually. Please check the links to Bleeping Computer for steps on how to do that if you aren’t 100% sure of the process. The decision not to push updates is common with NAS device sellers, these devices need to remain up and running, so unexpected reboots or even software updates could impact the availability of the NAS devices. Check for outstanding updates and plan accordingly!
Midnight Blue security researcher Rick de Jager found the critical zero-click vulnerabilities (tracked together as CVE-2024-10443 and dubbed RISK:STATION) in the company's Synology Photos and BeePhotos for BeeStation software.
More Tech News From Around The Web
- Windows Themes zero-day bug exposes users to NTLM credential theft @ The Register
- Microsoft delays rollout of the Windows 11 Recall feature yet again @ Ars Technica
- 300 percent price hikes push disgruntled VMware customers toward Broadcom rivals @ Ars Technica
- Windows 10 given an extra year of supported life, for $30 @ The Register
- Intel’s Future Laptops Will Have Memory Sticks Again @ Slashdot
- LastPass warns of fake support centers trying to steal customer data @ Bleeping Computer
- Apple Intelligence – a full breakdown of Apple’s AI features in iOS 18.1 @ TweakTown
- Intel losses hit $16.6B in Q3 and Wall Street is … loving it? @ The Register
- More Than 60% of CEOs Are ‘Digitally Illiterate’, According To Their Own Employees @ Slashdot
- Sophos reveals 5-year battle with Chinese hackers attacking network devices @ Bleeping Computer
- Delta DC-90640 A Next-Gen 2025 102.4T Switch @ ServeTheHome