Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack
A vulnerability categorized as “critical” in a photo app installed by default on Synology network-attached storage devices could give attackers the ability to steal data and worse.
A popular device and application used by millions of individuals and businesses around the world to store documents is vulnerable to a zero-click flaw, a group of Dutch researchers have discovered.
The vulnerability, which is called zero-click because it doesn’t require a user to click on anything to be infected, affects a photo application installed by default on popular network-attached storage (NAS) devices made by the Taiwanese firm Synology. The bug would allow attackers to gain access to the devices to steal personal and corporate files, plant a backdoor, or infect the systems with ransomware to prevent users from accessing their data.
See more: https://www.wired.com/story/synology-zero-click-vulnerability/
#cybersecurity #zeroclick
zCat
npub1zm…5pnd6
2024-11-01 19:59:21
Author Public Key
npub1zm7jduqq2nmxz5wxh4ujtm00g9vxzqa0r82yt7flvm67yje5gfaqa5pnd6Published at
2024-11-01 19:59:21Event JSON
{
"id": "0d270137e46ebe40a48918f7eee037114928ca3ae70aff5673bcec05e4b29c53",
"pubkey": "16fd26f00054f66151c6bd7925edef41586103af19d445f93f66f5e24b34427a",
"created_at": 1730491161,
"kind": 1,
"tags": [
[
"t",
"cybersecurity"
],
[
"t",
"zeroclick"
],
[
"r",
"https://www.wired.com/story/synology-zero-click-vulnerability/"
]
],
"content": "Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack\n\nA vulnerability categorized as “critical” in a photo app installed by default on Synology network-attached storage devices could give attackers the ability to steal data and worse.\n\nA popular device and application used by millions of individuals and businesses around the world to store documents is vulnerable to a zero-click flaw, a group of Dutch researchers have discovered.\n\nThe vulnerability, which is called zero-click because it doesn’t require a user to click on anything to be infected, affects a photo application installed by default on popular network-attached storage (NAS) devices made by the Taiwanese firm Synology. The bug would allow attackers to gain access to the devices to steal personal and corporate files, plant a backdoor, or infect the systems with ransomware to prevent users from accessing their data.\n\nSee more: https://www.wired.com/story/synology-zero-click-vulnerability/\n\n#cybersecurity #zeroclick",
"sig": "0252b335366dc39ce81c797026524bb15b881edef27feac80468aa2a4ab9baca365c24a0f2985f2ae728ceba8282c18a4a78545bae820ef23c82023640bb2b33"
}