NAS

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) 2024-11-04 at 16:04 By Zeljka Zorz Synology has released fixes for an unauthenticated “zero-click” remote code execution flaw (CVE-2024-10443, aka RISK:STATION) affecting its popular DiskStation and BeeStation network attached storage (NAS) devices. About CVE-2024-10443 CVE-2024-10443 was discovered by Rick de Jager, a security researcher at […]

React to this headline:

Loading spinner

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) Read More »

FBI forced Flax Typhoon to abandon its botnet

FBI forced Flax Typhoon to abandon its botnet 2024-09-19 at 14:16 By Zeljka Zorz A botnet operated by the Chinese state-sponsored threat actor known as Flax Typhoon has been disrupted by the law enforcement agency and abandoned by the group, FBI Director Chris Wray confirmed on Wednesday. “We executed court-authorized operations to take control of

React to this headline:

Loading spinner

FBI forced Flax Typhoon to abandon its botnet Read More »

Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)

Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342) 2024-09-10 at 12:02 By Zeljka Zorz Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability (CVE-2024-6342). About CVE-2024-6342 Zyxel NAS devices are generally used by small to medium-sized businesses (SMBs) for data

React to this headline:

Loading spinner

Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342) Read More »

Zyxel patches critical flaws in EOL NAS devices

Zyxel patches critical flaws in EOL NAS devices 2024-06-06 at 14:46 By Zeljka Zorz Zyxel has released patches for three critical vulnerabilities (CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974) affecting two network-attached storage (NAS) devices that have recently reached end-of-vulnerability-support. About the vulnerabilities The three vulnerabilities are: A command injection vulnerability in the CGI program that could allow

React to this headline:

Loading spinner

Zyxel patches critical flaws in EOL NAS devices Read More »

‘NsaRescueAngel’ Backdoor Account Again Discovered in Zyxel Products

‘NsaRescueAngel’ Backdoor Account Again Discovered in Zyxel Products 2024-06-05 at 15:03 By Ionut Arghire Critical vulnerabilities in discontinued Zyxel NAS products allow unauthenticated attackers to execute arbitrary code and OS commands. The post ‘NsaRescueAngel’ Backdoor Account Again Discovered in Zyxel Products appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

‘NsaRescueAngel’ Backdoor Account Again Discovered in Zyxel Products Read More »

QNAP Rushes Patch for Code Execution Flaw in NAS Devices

QNAP Rushes Patch for Code Execution Flaw in NAS Devices 2024-05-21 at 19:46 By Ionut Arghire QNAP rolls out patches for multiple vulnerabilities after proof-of-concept exploit published for a remote code execution vulnerability. The post QNAP Rushes Patch for Code Execution Flaw in NAS Devices appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

QNAP Rushes Patch for Code Execution Flaw in NAS Devices Read More »

15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130)

15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130) 2024-05-21 at 17:31 By Zeljka Zorz Researchers have found 15 vulnerabilities in QNAP’s network attached storage (NAS) devices, and have released a proof-of-concept for one: an unauthenticated stack overflow vulnerability (CVE-2024-27130) that may be leveraged for remote code execution. The vulnerabilities and the CVE-2024-27130

React to this headline:

Loading spinner

15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130) Read More »

Exploitation Attempts Target Unpatched Flaw Affecting Many D-Link NAS Devices

Exploitation Attempts Target Unpatched Flaw Affecting Many D-Link NAS Devices 2024-04-09 at 13:16 By Eduard Kovacs Unpatched D-Link NAS device vulnerability CVE-2024-3273, potentially affecting many devices, is being exploited in the wild. The post Exploitation Attempts Target Unpatched Flaw Affecting Many D-Link NAS Devices appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Exploitation Attempts Target Unpatched Flaw Affecting Many D-Link NAS Devices Read More »

92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273)

92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273) 2024-04-08 at 12:01 By Zeljka Zorz A vulnerability (CVE-2024-3273) in four old D-Link NAS models could be exploited to compromise internet-facing devices, a threat researcher has found. The existence of the flaw was confirmed by D-Link last week, and an exploit for opening an interactive

React to this headline:

Loading spinner

92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273) Read More »

QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358)

QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358) 2024-02-14 at 12:46 By Zeljka Zorz QNAP Systems has patched two unauthenticated OS command injection vulnerabilities (CVE-2023-47218, CVE-2023-50358) in various versions of the operating systems embedded in the firmware of their popular network-attached storage (NAS) devices. About the vulnerabilities (CVE-2023-47218, CVE-2023-50358) Both vulnerabilities

React to this headline:

Loading spinner

QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358) Read More »

Akira ransomware attackers are wiping NAS and tape backups

Akira ransomware attackers are wiping NAS and tape backups 2024-01-12 at 16:17 By Helga Labus “The Akira ransomware malware, which was first detected in Finland in June 2023, has been particularly active at the end of the year,” the Finnish National Cybersecurity Center (NCSC-FI) has shared on Wednesday. NCSC-FI has received 12 reports of Akira

React to this headline:

Loading spinner

Akira ransomware attackers are wiping NAS and tape backups Read More »

Critical Zyxel NAS vulnerabilities patched, update quickly!

Critical Zyxel NAS vulnerabilities patched, update quickly! 01/12/2023 at 14:33 By Zeljka Zorz Zyxel has patched six vulnerabilities affecting its network attached storage (NAS) devices, including several (OS) command injection flaws that can be easily exploited by unauthenticated attackers. The vulnerabilities in Zyxel NAS devices One of the six plugged security holes is an improper

React to this headline:

Loading spinner

Critical Zyxel NAS vulnerabilities patched, update quickly! Read More »

Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices

Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices 30/11/2023 at 20:18 By Ryan Naraine Zyxel patches at least 15 security flaws that expose users to authentication bypass, command injection and denial-of-service attacks. The post Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices Read More »

Western Digital, Synology NAS Vulnerabilities Exposed Millions of Users’ Files

Western Digital, Synology NAS Vulnerabilities Exposed Millions of Users’ Files 09/08/2023 at 21:03 By Eduard Kovacs Critical vulnerabilities discovered in WD and Synology NAS devices could have exposed the files of millions of users. The post Western Digital, Synology NAS Vulnerabilities Exposed Millions of Users’ Files appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Western Digital, Synology NAS Vulnerabilities Exposed Millions of Users’ Files Read More »

Zyxel patches critical vulnerability in NAS devices (CVE-2023-27992)

Zyxel patches critical vulnerability in NAS devices (CVE-2023-27992) 20/06/2023 at 13:05 By Zeljka Zorz Zyxel has released firmware patches for a critical vulnerability (CVE-2023-27992) in some of its consumer network attached storage (NAS) devices. About CVE-2023-27992 CVE-2023-27992 is an OS command injection flaw that could be triggered remotely by an unauthenticated attacker, via a specially

React to this headline:

Loading spinner

Zyxel patches critical vulnerability in NAS devices (CVE-2023-27992) Read More »

Zyxel patches vulnerability in NAS devices (CVE-2023-27988)

Zyxel patches vulnerability in NAS devices (CVE-2023-27988) 31/05/2023 at 14:51 By Helga Labus Zyxel has patched a high-severity authenticated command injection vulnerability (CVE-2023-27988) in some of its network attached storage (NAS) devices aimed at home users. About the vulnerability (CVE-2023-27988) The vulnerability was discovered in the devices’ web management interface. “An authenticated attacker with administrator

React to this headline:

Loading spinner

Zyxel patches vulnerability in NAS devices (CVE-2023-27988) Read More »

Scroll to Top