Secure Bytes Insight IT by Edi Rimkus

Synology Rushes to Patch Zero-Days Exploited at Pwn2Own In the fast-paced world of cybersecurity, staying ahead of threats is paramount. This was highlighted once again at the recent Pwn2Own hacking competition in Ireland, where researchers uncovered critical vulnerabilities in Synology's popular network-attached storage (NAS) devices. Here’s what you need to know: The Discovery During the competition, security researcher Rick de Jager from Midnight Blue discovered two zero-click vulnerabilities in Synology Photos and BeePhotos for BeeStation software. These vulnerabilities were particularly concerning because they allowed remote attackers to execute arbitrary code on vulnerable NAS appliances—without any user interaction. The Immediate Response Synology acted swiftly to address these vulnerabilities. Within days of their discovery, the company released patches to protect users from potential exploits. The affected versions were: Synology Photos 1.7 for DSM 7.2: Users should upgra...

New Cyber Attack Warning—Confirming You Are Not A Robot Can Be Dangerous Google's reCAPTCHA bot protection has been [-] weaponised getty In the ever-evolving landscape of cyber threats, a new and particularly insidious attack has been identified by researchers at Qualys. This attack takes advantage of a common and seemingly harmless security measure: CAPTCHA verification. Here's what you need to know to stay safe. The Anatomy of the Attack Cybercriminals have devised a method to use fake CAPTCHAs to trick users into running malicious code. Here’s how it works: Fake CAPTCHA Prompt: Users are redirected to a website that asks them to "Verify You Are Human" by performing a task. This might involve deleting a system file or running a command prompt. Malicious Script: The prompt copies a malicious script to the user's clipboard and instructs them to paste it into the terminal window. This makes the process appear as a standard verification step. Execution of Malware:...