SecurityWeek
$2.5 Million Offered at Upcoming 'Matrix Cup' Chinese Hacking Contest
Chinese hacking contest Matrix Cup is offering rewards for exploits targeting OS, smartphones, enterprise software, and security products.
SecurityWeek
Chinese hacking contest Matrix Cup is offering rewards for exploits targeting OS, smartphones, enterprise software, and security products.
SecurityWeek
Second identifier, CVE-2024-3272, assigned to unpatched D-Link NAS device vulnerabilities, just as exploitation attempts soar.
The Hacker News
Microsoft releases a massive patch for April 2024, fixing a record 149 flaws. Two vulnerabilities are ALREADY under attack.
SecurityWeek
Unpatched D-Link NAS device vulnerability CVE-2024-3273, potentially affecting many devices, is being exploited in the wild.
Bleeping Computer
A new destructive malware named AcidPour was spotted in the wild, featuring data-wiper functionality and targeting Linux x86 IoT and networking devices.
The Hacker News
Microsoft releases Patch Tuesday updates to patch 61 new vulnerabilities, including privilege escalation flaws in Azure, Windows, & Authenticator.
The Hacker News
Microsoft's latest Patch Tuesday tackles 73 vulnerabilities, including actively exploited zero-days.
HACKRead
Cybercriminals are targeting vulnerable Docker servers by deploying two containers: a standard XMRig miner and the 9Hits viewer application—an automated traffic exchange system.
CyberScoop
A hacking campaign thought to be attributed to the infamous Russian hacking group may have been the work of a different hacking group, Forescout researchers said in a new report.
The Hacker News
Microsoft's latest update tackles a whopping 48 security vulnerabilities! Stay protected with their January 2024 Patch Tuesday fixes
Security Affairs
These are the Top 2023 Security Affairs cybersecurity stories ... enjoy it. ................................................................
Bleeping Computer
The Pwn2Own Toronto 2023 hacking competition has ended with security researchers earning $1,038,500 for 58 zero-day exploits (and multiple bug collisions) targeting consumer products between October 24 and October 27.
SecurityWeek
Smart speakers, printers, routers, NAS devices, and mobile phones were hacked on the second day at Pwn2Own Toronto 2023.
Cyber Security News
At Pwn2Own 2023 in Toronto on day two, vulnerabilities in printers, routers, smart speakers, and Samsung Galaxy S23s were exploited by cybersecurity experts.
Bleeping Computer
Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada.
SecurityWeek
NAS devices, printers, IP cameras, speakers, and mobile phones were hacked on the first day at Pwn2Own Toronto 2023.
Bleeping Computer
Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada.
Bleeping Computer
QNAP took down a malicious server used in widespread brute-force attacks targeting Internet-exposed NAS (network-attached storage) devices with weak passwords.
SecurityWeek
Summary of notable cybersecurity news stories that may be top headlines, but are important for the week of October 16, 2023.
The Hacker News
A vulnerability in Synology's DSM has been revealed, allowing attackers to remotely hijack admin accounts.
The Hacker News
Multiple high-severity vulnerabilities discovered in ConnectedIO's routers and cloud platform could let hackers execute malicious code.
The Hacker News
September 2023 Patch Tuesday — Microsoft addresses 59 bugs, including actively exploited zero-day flaws
SecurityWeek
Critical vulnerabilities discovered in WD and Synology NAS devices could have exposed the files of millions of users.
The Hacker News
Microsoft's Patch Tuesday for August 2023 addresses 74 vulnerabilities in its software, including 6 Critical and 67 Important security flaws.
SecurityWeek
Dozens of critical and high-severity vulnerabilities in the Milesight UR32L industrial router leading to code execution
The Hacker News
Heads up, everyone! Microsoft has released updates to fix 130 security flaws, including 6 zero-day vulnerabilities being actively exploited.
Bleeping Computer
Zyxel is warning its NAS (Network Attached Storage) devices users to update their firmware to fix a critical severity command injection vulnerability.
The Hacker News
Microsoft just released software updates to fix over 70 security vulnerabilities.
The Hacker News
Microsoft's May Patch Tuesday includes fixes for 38 security flaws, including a zero-day bug under active exploitation.
The Hacker News
Microsoft's latest Patch Tuesday update for March 2023 is here with fixes for 80 security flaws, including two actively exploited vulnerabilities.
ZDNet
Optimize Mac Storage has a dark side. Here's what you need to know if you rely on it.
The Hacker News
Attention all Windows users: Microsoft has released 75 new software security updates, including fixes for 3 actively exploited vulnerabilities.
ZDNet
Optimize Mac Storage is dangerous. Turns out that in concert with iCloud and Time Machine, it can make your files go poof. Ask me how I know.
ZDNet
The best routers for VPN installation will combine safety, speed, and reliable connectivity. Here are ZDNET's top picks for VPN routers in 2023.
The Hacker News
Microsoft's January 2023 Patch Tuesday updates are out! Keep your systems secure by downloading the latest patches and fixes.
Bleeping Computer
Today is Microsoft's January 2023 Patch Tuesday, and with it comes fixes for an actively exploited zero-day vulnerability and a total of 98 flaws.
Cyber Security News
In response to a vulnerability with maximum severity that affects routers configured to run as VPN servers, the Taiwan-based NAS maker, Synology has recently released an update to address it.
The Hacker News
Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems.
Security Affairs
Synology fixed several critical flaws in its routers, including flaws likely demonstrated at the Pwn2Own 2022 hacking contest. Taiwanese NAS maker Synology published two new critical advisories in December. The first advisory is related to the most severe vulnerability addressed by the company, which is a critical out-of-bounds write issue, tracked as CVE-2022-43931 (CVSS3 Base Score10). […]
Bleeping Computer
Taiwan-based NAS maker Synology has addressed a maximum (10/10) severity vulnerability affecting routers configured to run as VPN servers.
SecurityWeek
Synology has patched several critical vulnerabilities in its routers, including flaws likely exploited recently at the Pwn2Own hacking contest.
DarkReading
Offensive security researchers found 63 previously unreported vulnerabilities in printers, phones, and network-attached storage devices in the Zero Day Initiative's latest hackathon.
Naked Security
That’s a mean average of $15,710 per bug… and 63 fewer bugs out there for crooks and rogues to find.
Bleeping Computer
Pwn2Own Toronto 2022 has ended with competitors earning $989,750 for 63 zero-day exploits (and multiple bug collisions) targeting consumer products between December 6th and December 9th.
Bleeping Computer
On the third day of Pwn2Own, contestants hacked the Samsung Galaxy S22 a fourth time since the start of the competition, and this time they did it in just 55 seconds.
Bleeping Computer
On the third day of Pwn2Own, contestants hacked the Samsung Galaxy S22 a fourth time since the start of the competition, and this time they did it in just 55 seconds.
Security Affairs
On the third day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned more than $250,000. On the third day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned more than $250,000 for demonstrating zero-day attacks against NAS devices, printers, smart speakers, routers, and smartphones. In the two days, participants earned […]
SecurityWeek
Exploits simulating a real world SOHO attack earned participants well over $100,000 on the third day of Pwn2Own Toronto 2022.
Security Affairs
Pwn2Own Toronto 2022 Day Two – Participants demonstrated exploits for smart speaker, smartphone, printer, router, and NAS. On the first day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition participants earned $400,000 for 26 unique zero-day exploits. On the second day of the competition, participants earned more $281,000 for smart speaker, smartphone, printer, […]
Bleeping Computer
Contestants hacked the Samsung Galaxy S22 again during the second day of the consumer-focused Pwn2Own 2022 competition in Toronto, Canada.
SecurityWeek
On the second day of Pwn2Own Toronto 2022, participants earned more than $280,000 for smart speaker, printer, router, smartphone and NAS exploits.
Cyber Security News
Pwn2Own Day 2 - Researchers have received $400,000 for 26 distinct 0-day flaws in the Toronto Pwn2Own hacking competition.
Cyber Security News
The Pwn2Own Toronto 2022 hacking contest has started; this year marks the 10th anniversary of the consumer-oriented competition. On the first day of Pwn2Own Toronto 2022, reports of the Samsung Galaxy S22 hack made a splash.
SecurityWeek
On the first day of Pwn2Own Toronto 2022, participants earned $400,000 for hacking printers, routers, phones and NAS devices.
Security Affairs
The Pwn2Own Toronto 2022 hacking competition has begun, this is the 10th anniversary of the consumer-focused version of the contest. The news of the Samsung Galaxy S22 hack on the first day of Pwn2Own Toronto 2022 made the headlines. White hat hackers that participated in the competition hacked the Samsung Galaxy S22 smartphone twice during […]
Bleeping Computer
Contestants have hacked the Samsung Galaxy S22 smartphone twice during the first day of the Pwn2Own Toronto 2022 hacking competition, the 10th edition of the consumer-focused event.
The Record
The ransomware gang behind the Colonial Pipeline hack added a startling slate of new tactics, tools, and procedures to its operation.
DataBreaches
Alex Scroxton reports: The developer or developers behind the ransomware-as-a-service (RaaS) family known variously as ALPHV, BlackCat and Noberus, have been...
SecurityWeek
Pwn2Own Toronto 2022 is offering more than $1 million in cash and prizes, including $100,000 for a new SOHO attack scenario.
Computerworld
Microsoft this month unveiled a preview of server protection aimed at small and mid-sized businesses, bundling the added security with Microsoft Defender for Business.
Security Affairs
Synology warns customers that some of its NAS devices are affected by multiple critical Netatalk vulnerabilities. Synology has warned customers that multiple critical Netatalk vulnerabilities affect some of its network-attached storage (NAS) devices. Netatalk is a free, open-source implementation of the Apple Filing Protocol that allows Unix-like operating systems to serve as a file server for macOS computers. QNAP NAS devices support the AFP protocol to […]
DarkReading
QNAP and Synology say flaws in the Netatalk fileserver allow remote code execution and information disclosure.
SecurityWeek
Synology, QNAP and WD have warned their customers about several critical Netatalk vulnerabilities that have been exploited at a recent hacking contest.
Bleeping Computer
Synology has warned customers that some of its network-attached storage (NAS) appliances are exposed to attacks exploiting multiple critical Netatalk vulnerabilities.
Trend Micro
In our latest research, we analyze the threats targeting well-known brands of network-attached storage (NAS) devices.
Bleeping Computer
Users of QNAP network-attached storage (NAS) devices are reporting attacks on their systems with the eCh0raix ransomware, also known as QNAPCrypt.
Bleeping Computer
The new ALPHV ransomware operation, aka BlackCat, launched last month and could be the most sophisticated ransomware of the year, with a highly-customizable feature set allowing for attacks on a wide range of corporate environments.
The DFIR Report
This report will go through an intrusion from July that began with an email, which included a link to Google's Feed Proxy service that was used to download a malicious Word document. Upon the user enabling macros, a Hancitor dll was executed, which called the usual suspect, Cobalt Strike.
Bleeping Computer
Security researchers are working on compiling an easy to follow list of initial access attack vectors ransomware gangs and their affiliates are using to breach victims' networks.
Bleeping Computer
Network-attached storage (NAS) maker QNAP is investigating and working on security updates to address remote code execution (RCE) and denial-of-service (DoS) vulnerabilities patched by OpenSSL last week.
Bleeping Computer
Taiwan-based NAS maker Synology has revealed that recently disclosed remote code execution (RCE) and denial-of-service (DoS) OpenSSL vulnerabilities impact some of its products.
Bleeping Computer
This week we saw an existing operation rise in attacks while existing ransomware operations turn to Windows vulnerabilities to elevate their privileges.
Bleeping Computer
A newly discovered eCh0raix ransomware variant has added support for encrypting both QNAP and Synology Network-Attached Storage (NAS) devices.
Bleeping Computer
Taiwan-based NAS maker Synology has warned customers that the StealthWorker botnet is targeting their network-attached storage devices in ongoing brute-force attacks.
Bleeping Computer
A new ransomware gang named BlackMatter is purchasing access to corporate networks while claiming to include the best features from the notorious and now-defunct REvil and DarkSide operations.