Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
If you must use your Synology, I’d recommend something like Resilio Sync or Syncthing, which work well (Resilio is much better IMO, and the only one that supports selective sync), and they don’t require open firewall ports.
I’m a long time Synology user (since the DS-101j), and in my opinion you’d be better off using public cloud with Cryptomator or Boxcryptor on top. The first one is open source, and free for desktop usage, with a one time purchase for mobile use. The latter requires a subscription. They both encrypt your data before uploading it to the cloud, so you no longer have to trust your cloud provider.
From the date that the vulnerability is published, it is common knowledge, and automated scripts will start looking for vulnerable hosts. Manual exploitation is usually also possible through Metasploit. In August 2021, Synology warned about malware infecting Synology NAS boxes, and this was not the first time