If you have a Synology NAS drive, you’ll want to update your device as soon as possible. As first reported by Wired, a group of Dutch security researchers recently identified a zero-click vulnerability within the Synology Photos app.
For those unaware, such bugs allow hackers to compromise a system without the user having to do anything click first. To make matters worse, the app comes pre-installed and enabled by default on Synology’s consumer line of Bee network storage devices. It’s also a popular download among those using the company’s DiskStation system.
Midnight Blue, the cybersecurity firm that discovered the vulnerability, estimates that millions of Synology users may be at risk. Although the company released a security patch to address the bug, its NAS devices do not automatically download updates.
Carlo Meijer, one of the researchers, told Wired, “It’s not easy to independently discover [the vulnerability] on your own.” “But when the patch is actually released, it’s much easier to understand and connect the dots, and you reverse-engineer the patch.”
According to Midnight Blue, the zero-click is found in a part of the Synology Photos app that doesn’t require authentication. As a result, attackers can exploit the bug directly over the internet and without bypassing a gateway first.
They can then gain root access and install malicious code on the compromised device. At that point, there’s nothing a malicious person couldn’t do, the firm noted, adding that it would also be possible to turn the infected device into a botnet.
The possibility of ransomware gangs targeting Synology devices isn’t just theoretical. Earlier this year, DiskStation users reported they were the target of a ransomware attack.
I think my inner hatred for NVIDIA’s ACE-powered AI boils down to this: there’s simply nothing charming about it. No joy, no warmth, no humanity.
Every ACE AI character feels like a developer cutting corners in the worst way possible, as if you can see their contempt for the audience as a boring NPC. I would love to scroll through some on-screen text, at least I wouldn’t have to interact with weird robot voices.