Initiatives for
    
    As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
      
     
                  Reference:
Advisory #2024-257
Version:
1.0
Affected software:
BeePhotos for BeeStation OS 1.0: Before to 1.0.2-10026
BeePhotos for BeeStation OS 1.1: Before to 1.1.0-10053
Synology Photos 1.6 for DSM 7.2: before to 1.6.2-0720
Synology Photos 1.7 for DSM 7.2: Before to 1.7.0-0795
Type:
Remote Code Execution (RCE)
CVE/CVSS:
CVE-2024-10443: CVSS 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Synology: https://www.synology.com/en-us/security/advisory/Synology_SA_24_19
Synology: https://www.synology.com/en-us/security/advisory/Synology_SA_24_18
An unauthenticated remote code execution vulnerability was found in the Synology Photos and BeePhotos apps. This vulnerability could allow an attacker to compromise your NAS device by running malicious code as root. This CVE was dubbed RISK:STATION by the researchers.
A compromised NAS device can be used to steal your data, pivot deeper into your network, and deploy ransomware. Historically we have seen that ransomware actors target these kinds of devices because they are the perfect target to exfiltrate and encrypt data.
The details of the vulnerability are still under embargo. This advisory will be updated when we have more detailed information.
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Update to the following version:
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
Bleeping Computer: https://www.bleepingcomputer.com/news/security/synology-fixed-two-critical-zero-days-exploited-at-pwn2own-within-days/
MidnightBlue: https://www.midnightblue.nl/research/riskstation