Critical Vulnerabilities Leave Some Network-Attached Storage Devices Open to Attack
QNAP and Synology say flaws in the Netatalk fileserver allow remote code execution and information disclosure.
Stay informed on the latest in security disclosure practices. Keep your data safe with insights and updates on the newest disclosure trends in cybersecurity.
Search across headline titles and summaries.
Background for this topic.
Disclosure in information security means sharing details about vulnerabilities, breaches, or security incidents. This can be done privately with affected parties, coordinated to allow fixes before public release, or fully public, sometimes before patches exist. The method chosen affects how quickly risks are mitigated and how much attackers might exploit the information.
Proper disclosure helps organizations prioritize patching and reduces the window attackers have to exploit flaws. Poorly timed or incomplete disclosure can expose systems to increased risk, while transparent, coordinated disclosure supports effective vulnerability management and trust between researchers and defenders. Understanding disclosure practices is essential for assessing the urgency and reliability of security news.
QNAP and Synology say flaws in the Netatalk fileserver allow remote code execution and information disclosure.
Microsoft on Thursday disclosed that it addressed a pair of issues with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region
Cloudflare on Wednesday disclosed that it acted to mitigate a 15.3 million request-per-second (RPS) distributed denial-of-service (DDoS) attack. The web infrastructure and website security company called it one of the "largest HTTPS DDoS attacks on record." "HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS
A "logical flaw" has been disclosed in NPM, the default package manager for the Node.js JavaScript runtime environment, that enables malicious actors to pass off rogue libraries as legitimate and trick unsuspecting developers into installing them
Microsoft on Tuesday disclosed a set of two privilege escalation vulnerabilities in the Linux operating system that could potentially allow threat actors to carry out an array of nefarious activities
Four months after the Log4Shell vulnerability was disclosed, most affected open source components remain unpatched, and companies continue to use vulnerable versions of the logging tool.
Threat actor is using the flaw to deliver Core Impact backdoor on vulnerable systems, security vendor says.
Security researchers have disclosed a security vulnerability in the VirusTotal platform that could have been potentially weaponized to achieve remote code execution (RCE)
Thinking of another word for this US govt department's name The first bug bounty program by America's Homeland Security has led to the discovery and disclosure of 122 vulnerabilities, 27 of which were deemed critical.…
The GHT Coeur Grand Est. Hospitals and Health Care group comprising nine establishments with 3,370 beds across Northeast France has disclosed a cyberattack that resulted in the theft of sensitive administrative and patient data. [...]
A security vulnerability has been disclosed in the web version of the Ever Surf wallet that, if successfully weaponized, could allow an attacker to gain full control over a victim's wallet