QNAP patches second zero-day exploited at Pwn2Own to get root

October 30, 2024 at 01:43PM QNAP released security patches for two critical zero-day vulnerabilities, CVE-2024-50387 and another in HBS 3 Hybrid Backup Sync, exploited during Pwn2Own 2024. These patches were issued quickly, highlighting QNAP devices’ susceptibility to cyberattacks. Users are urged to update their software promptly to protect sensitive data. ### Meeting Takeaways 1. **Recent … Read more

QNAP fixes NAS backup software zero-day exploited at Pwn2Own

October 29, 2024 at 01:37PM QNAP addressed a critical zero-day vulnerability (CVE-2024-50388) in HBS 3 Hybrid Backup Sync, exploited at Pwn2Own Ireland 2024. The patch is available in version 25.1.1.673 and later. This follows a history of security challenges for QNAP devices, often targeted by ransomware gangs due to sensitive file storage. ### Meeting Takeaways: … Read more

White Hat Hackers Earn $500,000 on First Day of Pwn2Own Ireland 2024

October 23, 2024 at 03:58AM At Pwn2Own Ireland 2024, participants earned $500,000 on the first day by successfully hacking NAS devices, cameras, speakers, and printers. The event highlights the ongoing efforts and skills of white hat hackers in cybersecurity. The post appeared on SecurityWeek. **Meeting Takeaways:** 1. **Event Overview**: Pwn2Own Ireland 2024 is currently ongoing. … Read more

QNAP adds NAS ransomware protection to latest QTS version

August 21, 2024 at 02:18PM QNAP, a Taiwanese hardware vendor, has integrated a Security Center with ransomware protection into the newest QTS operating system for NAS devices. This enhancement aims to bolster security for network-attached storage systems. Based on the meeting notes, the key takeaway is that QNAP, a Taiwanese hardware vendor, has incorporated a … Read more

Recent Zyxel NAS Vulnerability Exploited by Botnet

June 25, 2024 at 09:44AM A critical vulnerability in discontinued Zyxel NAS devices, tracked as CVE-2024-29973, allows for remote code execution through crafted HTTP POST requests. Exploited by a Mirai-like botnet, the flaw was discovered by security researcher Timothy Hjort. Zyxel released patches for the vulnerability, urging users to update devices or consider replacing them. … Read more

‘Mirai-like’ botnet observed attacking EOL Zyxel NAS devices

June 24, 2024 at 10:41AM Early attacks are targeting end-of-life Zyxel NAS boxes following the disclosure of three critical vulnerabilities. The Shadowserver Foundation observed attempts of remote command execution by a botnet and advised users to check for compromise signs. It’s recommended to patch affected devices or consider upgrading for enhanced security, given the lack … Read more

Exploitation Attempts Target Unpatched Flaw Affecting Many D-Link NAS Devices

April 9, 2024 at 06:06AM An unpatched vulnerability affecting D-Link NAS devices (CVE-2024-3273) is being exploited in the wild. The vulnerability allows unauthenticated attackers to execute arbitrary commands, potentially leading to information theft or system configuration alteration. D-Link confirmed affected models, with exploitation attempts already observed. CISA is aware of 16 D-Link product vulnerabilities exploited … Read more

Hackers Earn $400k on First Day at Pwn2Own Toronto 2023

October 25, 2023 at 12:16PM The Pwn2Own Toronto 2023 hacking contest started and participants successfully hacked various devices, earning over $400,000 on the first day. Team Orca of Sea Security earned the highest reward of $60,000 by exploiting vulnerabilities in the Sonos Era 100 speaker. Other devices targeted included the Samsung Galaxy S23, Western Digital’s … Read more