QNAP Patches Vulnerabilities Exploited at Pwn2Own

December 9, 2024 at 08:29AM QNAP Systems announced security patches for vulnerabilities discovered at Pwn2Own Ireland 2024, including a severe command injection flaw (CVE-2024-50393) and a CRLF injection bug (CVE-2024-48868), both with CVSS scores of 8.7. Users are urged to update their systems to protect against potential attacks. ### Meeting Takeaways 1. **Vulnerability Patches Released**: … Read more

Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices

November 5, 2024 at 04:48AM Synology has addressed a critical zero-day vulnerability (CVE-2024-10443) called RISK:STATION, affecting millions of DiskStation and BeePhotos devices, allowing remote code execution without user interaction. Meanwhile, QNAP resolved three critical flaws in their products. Users are urged to apply patches promptly to protect against potential attacks. ### Meeting Takeaways – November … Read more

Synology hurries out patches for zero-days exploited at Pwn2Own

November 1, 2024 at 12:40PM Synology quickly addressed two critical zero-click vulnerabilities found in its Synology Photos and BeePhotos software during the Pwn2Own 2024 competition. Users are urged to update their systems to prevent remote code execution attacks. Similar vulnerabilities were also patched by QNAP, highlighting ongoing security risks for exposed NAS devices. **Meeting Takeaways:** … Read more

QNAP patches second zero-day exploited at Pwn2Own to get root

October 30, 2024 at 01:43PM QNAP released security patches for two critical zero-day vulnerabilities, CVE-2024-50387 and another in HBS 3 Hybrid Backup Sync, exploited during Pwn2Own 2024. These patches were issued quickly, highlighting QNAP devices’ susceptibility to cyberattacks. Users are urged to update their software promptly to protect sensitive data. ### Meeting Takeaways 1. **Recent … Read more

Synology, QNAP, TrueNAS Address Vulnerabilities Exploited at Pwn2Own Ireland

October 30, 2024 at 04:37AM Synology, QNAP, and TrueNAS are addressing vulnerabilities that were exploited at Pwn2Own Ireland 2024 by implementing patches and mitigation strategies. **Meeting Takeaways:** 1. **Recent Vulnerabilities**: Synology, QNAP, and TrueNAS have acknowledged vulnerabilities that were exploited during the Pwn2Own Ireland 2024 event. 2. **Action Taken**: Each company has begun implementing patches … Read more

Over 70 zero-day flaws get hackers $1 million at Pwn2Own Ireland

October 26, 2024 at 05:49AM Pwn2Own Ireland 2024 concluded with over $1 million awarded for 70+ zero-day vulnerabilities. Security researchers targeted devices across eight categories, earning $1,066,625. Viettel Cyber Security won the “Master of Pwn” title. The next event will be in Tokyo on January 22, 2025, focusing on the automotive industry. **Takeaways from Meeting … Read more

Over $1 Million Paid Out at Pwn2Own Ireland 2024

October 25, 2024 at 09:31AM Pwn2Own Ireland 2024 has awarded participants more than $1 million for successful exploits involving cameras, printers, NAS devices, smart speakers, and smartphones. **Meeting Notes Takeaways:** 1. **Event:** Pwn2Own Ireland 2024 2. **Financial Highlights:** Participants have earned over $1 million. 3. **Exploits Focus:** The earnings were related to successful exploits involving: … Read more

QNAP, Synology, Lexmark devices hacked on Pwn2Own Day 3

October 25, 2024 at 03:07AM On Day 3 of Pwn2Own Ireland 2024, white hat hackers exposed 11 more zero-day vulnerabilities, raising the prize pool to $874,875. Viettel Cyber Security excelled, securing significant rewards. By Day 3’s end, a total of 114 vulnerabilities had been revealed, highlighting the event’s importance in enhancing device security. **Meeting Takeaways … Read more

Samsung Galaxy S24 and Sonos Era hacked on Pwn2Own Ireland Day 2

October 24, 2024 at 10:04AM On day two of Pwn2Own Ireland 2024, white hat hackers exposed 51 zero-day vulnerabilities, winning $358,625. The Viettel Cyber Security team led the competition, with participants like Pham Tuan Son and Ken Gannon achieving significant points and payouts. Overall, 103 vulnerabilities have been exploited, totaling $847,875 in prizes. **Meeting Takeaways … Read more

Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland

October 23, 2024 at 10:03AM On the first day of Pwn2Own Ireland, participants showcased 52 zero-day vulnerabilities, earning $486,250 in prizes. Viettel Cyber Security led with 13 points, while notable exploits included a $100,000 success by Summoning Team. The event featured various challenges, with three days remaining for competitors to exploit patched SOHO devices. ### … Read more