9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
NAS devices, Synology applications and the new BeeStation product are all vulnerable to newly discovered and dangerous bugs. The key is to patch quickly, although this sometimes requires
NAS devices, Synology applications and the new BeeStation product are all vulnerable to newly discovered and dangerous bugs. The key is to patch quickly, although this sometimes requires manual intervention.
Synology is sending out an unusual email to warn users about a series of critical errors. At the Pwn2Own Ireland 2024 event, which took place at the end of October, security researchers discovered a number of vulnerabilities that hackers can widely exploit.
Synology claims in the email that the flaws are not currently being actively exploited, but advises users to install patches immediately given the severity of the risk.
After all, the beetles are not the least. They allow attackers to remotely view files or execute their own code and thus take over a NAS or hijack it with ransomware. The dangerous ability to execute malicious code runs like a common thread through all vulnerabilities.
The most critical bugs affect the operating systems of both Synology NAS devices and consumer-oriented BeeStation products. All newer versions of the operating system are vulnerable. It is a matter of:
Here Synology shares the status of the situation for DSM and DSMUC and here for BeeStation.
In addition, the security experts found leaks in individual Synology applications that hackers can also exploit. The following applications must be kept up to date:
Despite the severity of the situation, Synology has not yet released patches for all versions of the affected software. For example, at the time of writing there is a patch for DSM 7.2.2. Anyone who updates to 7.2.2 – Update 1 is on the safe side. There is currently no patch for DSM 7.2.1, DSM 7.1 and DSMUC 3.1.
You can update the DSM versions to 7.2.2 – Update 1, but as of 7.2.2, Synology no longer supports the HVEC codec and Video Station no longer works. For those who rely on this functionality and do not yet have a solution, upgrading to 7.2.2 is not a good solution.
Additionally, Synology does not automatically provide the necessary updates to all devices. We were able to secure our test device DS1522+ at the push of a button, but our test device model DS 923+ was marked as completely up-to-date, even though it was still running the (vulnerable) version DSM 7.1.
In this case, administrators can update the operating system manually via the Synology Download Center. This process sometimes involves multiple steps, with upgrades to an intermediate version before the final update to the secure operating system.
Synology also appears to prioritize updates for vulnerable apps on the most modern versions of its operating systems. Anyone who has upgraded to DSM 7.2.2 should be there Parcel center Nevertheless, check that all applications are up to date.
NAS devices are popular targets for hackers. Ransomware attacks on small servers can bring SMBs to their knees. Even consumers who, for example, manage their entire photo library on a NAS can easily be persuaded to pay a ransom. Now that the bugs are public knowledge, there should be no doubt that exploitation in the wild is only a matter of time. Are you managing a Synology NAS? Then get started right away.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
