A Beijing-aligned hacker group has been spotted targeting a diplomatic organization in the European Union for the first time. The attack used a Japanese-themed lure.
The Record from Recorded Future News – Read More
Establishing realistic, practitioner-driven processes prevents employee burnout, standardizes experiences, and closes many of the gaps exposed by repeated one-offs.
darkreading – Read More
A recently discovered high-severity vulnerability, tracked as CVE-2024-10443 and dubbed “RISK:STATION,” poses a significant threat to Synology NAS users worldwide.
The vulnerability, affecting Synology DiskStation and BeeStation models, allows remote code execution without user interaction, heightening the potential for malicious exploitation.
CERT-In has released an advisory urging Synology users to apply critical security patches immediately to secure their devices and prevent unauthorized access.
The flaw specifically impacts Synology Photos and BeePhotos components, which come pre-installed on many Synology NAS products. Vulnerable versions include:
Given that NAS devices are highly valuable targets in ransomware attacks, the risks associated with this vulnerability are extensive, including data theft, malware installation, and unauthorized system access.
System owners using affected versions are encouraged to upgrade to secure versions immediately.
The “RISK:STATION” vulnerability represents an “unauthenticated zero-click” attack vector. Attackers exploiting this flaw can gain root-level control without any user interaction.
Synology’s QuickConnect feature, a remote-access service, further increases device exposure, as it allows attackers to reach NAS devices even behind firewalls. According to the researchers who were credited with finding this zero-click bug, this flaw carries a high potential for misuse and could impact an estimated one to two million devices globally.
The vulnerability’s severity is amplified by Synology’s QuickConnect feature’s extensive reach. This service provides devices with a unique subdomain that enables remote access, even bypassing firewalls and NAT configurations.
Due to the ease of obtaining these subdomains through Certificate Transparency logs, adversaries can readily enumerate exposed Synology devices. QuickConnect domains often contain identifiable names or locations, raising privacy concerns and potentially making it easier for attackers to prioritize targets.
Synology has issued patches that effectively neutralize this vulnerability, covering both the SynologyPhotos and BeePhotos applications. Users should ensure they apply the following updates:
Alternatively, users can mitigate exposure by disabling QuickConnect, blocking ports 5000 and 5001, and disabling the SynologyPhotos or BeePhotos components if not actively in use.
Although these actions prevent internet-based exploitation, they do not secure devices within local networks, so a firmware update remains the most effective solution.
The CVE-2024-10443 vulnerability in Synology NAS devices showcases the need for proactive patching, particularly for high-value, internet-exposed assets. Synology users are urged to follow the recommended upgrade steps or apply alternative mitigation measures to secure their devices from exploitation. By addressing these vulnerabilities promptly, organizations can reduce the likelihood of unauthorized access, ransomware attacks, and data breaches on their network-attached storage devices.
https://www.synology.com/en-global/security/advisory/Synology_SA_24_18
https://www.synology.com/en-global/security/advisory/Synology_SA_24_19
https://www.midnightblue.nl/research/riskstation
The post Critical Zero-Click Vulnerability in Synology NAS Devices Needs Urgent Patching appeared first on Cyble.
Blog – Cyble – Read More
Embed Security has raised $6 million in an early stage funding round led by Paladin Capital Group.
The post Embed Security Raises $6 Million to Help Overworked Analysts appeared first on SecurityWeek.
SecurityWeek – Read More
North Korean hackers are targeting cryptocurrency businesses with a sophisticated new malware campaign, dubbed “Hidden Risk.” Learn how…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
A threat actor with ties to the Democratic People’s Republic of Korea (DPRK) has been observed targeting cryptocurrency-related businesses with a multi-stage malware capable of infecting Apple macOS devices.
Cybersecurity company SentinelOne, which dubbed the campaign Hidden Risk, attributed it with high confidence to BlueNoroff, which has been previously linked to malware families such as
The Hacker News – Read More
Impersonating legitimate software such as Foxit PDF Editor and AutoCAD, the SteelFox crimeware bundle steals user information.
The post ‘SteelFox’ Miner and Information Stealer Bundle Emerges appeared first on SecurityWeek.
SecurityWeek – Read More
With all eyes on how a new Trump administration in the U.S. will interface with China Tech in the years ahead, its neighbor to the north has levelled a blow to one of the biggest apps to come out of the country. Canada has ordered the closure of ByteDance’s operations in Canada — specifically the […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Cisco has disclosed a severe vulnerability, tracked as CVE-2024-20418, in its Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul (URWB) Access Points. The flaw, rated with a maximum CVSS score of 10.0, affects multiple Cisco Catalyst Access Point models.
Attackers exploiting this vulnerability can gain root-level control, enabling unauthorized command execution on vulnerable devices.
This critical CVE-2024-20418 vulnerability stems from improper input validation within Cisco’s web-based management interface, which controls URWB Access Points. A remote attacker without authentication can exploit this flaw by sending specially crafted HTTP requests to vulnerable devices, thereby injecting commands with root privileges on the device’s operating system.
Cisco has responded by releasing updates to mitigate the risk, advising immediate software upgrades as there are no workarounds. Importantly, only devices operating in URWB mode are impacted.
According to the Office of Information Technology of the New York State, while government institutions and business are at high risk of the bug, home users could be the least affected.
RISK:
Government:
Businesses:
Home users: Low
Cisco’s URWB technology provides the robust, low-latency wireless connectivity essential for critical, high-stakes applications across industrial and mobile environments. Designed to replace costly and complex wired infrastructure, URWB enables seamless, multigigabit performance with minimal packet loss, making it invaluable for sectors relying on autonomous systems.
Industries including ports, railways, and manufacturing leverage URWB for real-time applications, such as video monitoring and remote machinery control, benefiting from reduced deployment costs and greater flexibility. The technology supports dual-mode capability, allowing devices to toggle between URWB and Wi-Fi 6/6E based on project needs, thereby optimizing infrastructure investments.
The following Cisco Catalyst Access Points running a vulnerable version of Cisco’s Unified Industrial Wireless Software are affected if URWB mode is enabled:
To determine if URWB mode is enabled, Cisco advises using the show mpls-config command. If available, URWB mode is active, and the device is vulnerable.
Cisco has confirmed that other products, including the 6300 Series Embedded Services Access Points, Aironet models, and Catalyst 9100 Series Access Points, are unaffected.
Cisco has issued free software updates addressing this vulnerability. However, users must ensure they are compliant with licensing and have sufficient memory and compatible configurations for successful upgrades.
Customers without service contracts should reach out directly to the Cisco Technical Assistance Center (TAC) for help obtaining the necessary updates. More details can be found on Cisco’s Security Advisory page.
For the Cisco Unified Industrial Wireless Software versions affected, the company has released the following fixed versions:
Security practitioners managing industrial or critical infrastructure networks are strongly urged to update vulnerable devices promptly. Failure to patch could expose systems to high-risk attacks due to the root-level access that this vulnerability permits.
Sources:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20418
The post Critical Bug in Cisco’s URWB Exposes Systems to Root Privilege Command Injection appeared first on Cyble.
Blog – Cyble – Read More
Vehicle tracking services for Serco, DHL, and other fleets were disrupted after Microlise fell victim to a cyberattack.
The post Cyberattack on Microlise Disables Tracking in Prison Vans, Courier Vehicles appeared first on SecurityWeek.
SecurityWeek – Read More