Network-Attached Storage | Breaking Cybersecurity News | The Hacker News

Taiwanese company QNAP has rolled out fixes for a set of medium-severity flaws impacting QTS and QuTS hero, some of which could be exploited to achieve code execution on its network-attached storage (NAS) appliances. The  issues , which impact QTS 5.1.x and QuTS hero h5.1.x, are listed below - CVE-2024-21902  - An incorrect permission assignment for critical resource vulnerability that could allow authenticated users to read or modify the resource via a network CVE-2024-27127  - A double free vulnerability that could allow authenticated users to execute arbitrary code via a network CVE-2024-27128, CVE-2024-27129, and CVE-2024-27130  - A set of buffer overflow vulnerabilities that could allow authenticated users to execute arbitrary code via a network All the shortcomings, that require a valid account on NAS devices, have been addressed in QTS 5.1.7.2770 build 20240520 and QuTS hero h5.1.7.2770 build 20240520. Aliz Hammond of watchTowr Labs has...

Zyxel has released patches to address 15 security issues impacting network-attached storage (NAS), firewall, and access point (AP) devices, including three critical flaws that could lead to authentication bypass and command injection. The  three vulnerabilities  are listed below - CVE-2023-35138  (CVSS score: 9.8) - A command injection vulnerability that could allow an unauthenticated attacker to execute some operating system commands by sending a crafted HTTP POST request. CVE-2023-4473  (CVSS score: 9.8) - A command injection vulnerability in the web server that could allow an unauthenticated attacker to execute some operating system commands by sending a crafted URL to a vulnerable device. CVE-2023-4474  (CVSS score: 9.8) - An improper neutralization of special elements vulnerability that could allow an unauthenticated attacker to execute some operating system commands by sending a crafted URL to a vulnerable device. Also patched by Zyxel are three hi...

Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity and credential misconfigurations caused 80% of security exposures. Subtle signs of a compromise get lost in the noise, and then multi-stage attacks unfold undetected due to siloed solutions. Think of an account takeover in Entra ID, then privilege escalation in GitHub, along with data exfiltration from Slack. Each seems unrelated when viewed in isolation, but in a connected timeline of events, it's a dangerous breach. Wing Security's SaaS platform is a multi-layered solution that combines posture management with real-time identity threat detection and response. This allows organizations to get a ...