SecurityWeek
$2.5 Million Offered at Upcoming 'Matrix Cup' Chinese Hacking Contest
Chinese hacking contest Matrix Cup is offering rewards for exploits targeting OS, smartphones, enterprise software, and security products.
SecurityWeek
Exploitation of Unpatched D-Link NAS Device Vulnerabilities Soars
Second identifier, CVE-2024-3272, assigned to unpatched D-Link NAS device vulnerabilities, just as exploitation attempts soar.
The Hacker News
Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included
Microsoft releases a massive patch for April 2024, fixing a record 149 flaws. Two vulnerabilities are ALREADY under attack.
SecurityWeek
Exploitation Attempts Target Unpatched Flaw Affecting Many D-Link NAS Devices
Unpatched D-Link NAS device vulnerability CVE-2024-3273, potentially affecting many devices, is being exploited in the wild.
Bleeping Computer
New AcidPour data wiper targets Linux x86 network devices
A new destructive malware named AcidPour was spotted in the wild, featuring data-wiper functionality and targeting Linux x86 IoT and networking devices.
The Hacker News
Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws
Microsoft releases Patch Tuesday updates to patch 61 new vulnerabilities, including privilege escalation flaws in Azure, Windows, & Authenticator.
The Hacker News
Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days
Microsoft's latest Patch Tuesday tackles 73 vulnerabilities, including actively exploited zero-days.
HACKRead
New Malware Exploits 9Hits, Turns Docker Servers into Traffic Boosted Crypto Miners
Cybercriminals are targeting vulnerable Docker servers by deploying two containers: a standard XMRig miner and the 9Hits viewer application—an automated traffic exchange system.
CyberScoop
Sandworm probably wasn’t behind Danish critical infrastructure cyberattack, report says
A hacking campaign thought to be attributed to the infamous Russian hacking group may have been the work of a different hacking group, Forescout researchers said in a new report.
The Hacker News
Microsoft's January 2024 Windows Update Patches 48 New Vulnerabilities
Microsoft's latest update tackles a whopping 48 security vulnerabilities! Stay protected with their January 2024 Patch Tuesday fixes
Security Affairs
Top 2023 Security Affairs cybersecurity stories
These are the Top 2023 Security Affairs cybersecurity stories ... enjoy it. ................................................................
Bleeping Computer
Hackers earn over $1 million for 58 zero-days at Pwn2Own Toronto
The Pwn2Own Toronto 2023 hacking competition has ended with security researchers earning $1,038,500 for 58 zero-day exploits (and multiple bug collisions) targeting consumer products between October 24 and October 27.
SecurityWeek
Hackers Earn $350k on Second Day at Pwn2Own Toronto 2023
Smart speakers, printers, routers, NAS devices, and mobile phones were hacked on the second day at Pwn2Own Toronto 2023.
Cyber Security News
TP-Link, HP Printer, Samsung Galaxy S23 Hacked At Pwn2Own 2023 - Day Two
At Pwn2Own 2023 in Toronto on day two, vulnerabilities in printers, routers, smart speakers, and Samsung Galaxy S23s were exploited by cybersecurity experts.
Bleeping Computer
Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto
Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada.
SecurityWeek
Hackers Earn $400k on First Day at Pwn2Own Toronto 2023
NAS devices, printers, IP cameras, speakers, and mobile phones were hacked on the first day at Pwn2Own Toronto 2023.
Bleeping Computer
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto
Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada.
Bleeping Computer
QNAP takes down server behind widespread brute-force attacks
QNAP took down a malicious server used in widespread brute-force attacks targeting Internet-exposed NAS (network-attached storage) devices with weak passwords.
SecurityWeek
In Other News: Energy Services Firm Hacked, Tech CEO Gets Prison Time, X Glitch Leads to CIA Channel Hijack
Summary of notable cybersecurity news stories that may be top headlines, but are important for the week of October 16, 2023.
The Hacker News
New Admin Takeover Vulnerability Exposed in Synology's DiskStation Manager
A vulnerability in Synology's DSM has been revealed, allowing attackers to remotely hijack admin accounts.
The Hacker News
High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security
Multiple high-severity vulnerabilities discovered in ConnectedIO's routers and cloud platform could let hackers execute malicious code.
The Hacker News
Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws
September 2023 Patch Tuesday — Microsoft addresses 59 bugs, including actively exploited zero-day flaws
SecurityWeek
Western Digital, Synology NAS Vulnerabilities Exposed Millions of Users' Files
Critical vulnerabilities discovered in WD and Synology NAS devices could have exposed the files of millions of users.
The Hacker News
Microsoft Releases Patches for 74 New Vulnerabilities in August Update
Microsoft's Patch Tuesday for August 2023 addresses 74 vulnerabilities in its software, including 6 Critical and 67 Important security flaws.
SecurityWeek
Dozens of RCE Vulnerabilities Impact Milesight Industrial Router
Dozens of critical and high-severity vulnerabilities in the Milesight UR32L industrial router leading to code execution
The Hacker News
Microsoft Releases Patches for 130 Vulnerabilities, Including 6 Under Active Attack
Heads up, everyone! Microsoft has released updates to fix 130 security flaws, including 6 zero-day vulnerabilities being actively exploited.
Bleeping Computer
Zyxel warns of critical command injection flaw in NAS devices
Zyxel is warning its NAS (Network Attached Storage) devices users to update their firmware to fix a critical severity command injection vulnerability.
The Hacker News
Microsoft Releases Updates to Patch Critical Flaws in Windows and Other Software
Microsoft just released software updates to fix over 70 security vulnerabilities.
The Hacker News
Microsoft's May Patch Tuesday Fixes 38 Flaws, Including Active Zero-Day Bug
Microsoft's May Patch Tuesday includes fixes for 38 security flaws, including a zero-day bug under active exploitation.
The Hacker News
Microsoft Rolls Out Patches for 80 New Security Flaws — Two Under Active Attack
Microsoft's latest Patch Tuesday update for March 2023 is here with fixes for 80 security flaws, including two actively exploited vulnerabilities.
ZDNet
Optimize Mac Storage can make your files go poof. Ask me how I know
Optimize Mac Storage has a dark side. Here's what you need to know if you rely on it.
The Hacker News
Update Now: Microsoft Releases Patches for 3 Actively Exploited Windows Vulnerabilities
Attention all Windows users: Microsoft has released 75 new software security updates, including fixes for 3 actively exploited vulnerabilities.
ZDNet
The dark side of Optimize Mac Storage: What you need to know if you rely on it
Optimize Mac Storage is dangerous. Turns out that in concert with iCloud and Time Machine, it can make your files go poof. Ask me how I know.
ZDNet
The 5 best VPN routers of 2023
The best routers for VPN installation will combine safety, speed, and reliable connectivity. Here are ZDNET's top picks for VPN routers in 2023.
The Hacker News
Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit
Microsoft's January 2023 Patch Tuesday updates are out! Keep your systems secure by downloading the latest patches and fixes.
Bleeping Computer
Microsoft January 2023 Patch Tuesday fixes 98 flaws, 1 zero-day
Today is Microsoft's January 2023 Patch Tuesday, and with it comes fixes for an actively exploited zero-day vulnerability and a total of 98 flaws.
Cyber Security News
Synology VPN Plus Server Vulnerability Let Attackers Execute Arbitrary Code
In response to a vulnerability with maximum severity that affects routers configured to run as VPN servers, the Taiwan-based NAS maker, Synology has recently released an update to address it.
The Hacker News
Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers
Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems.
Security Affairs
Synology fixes multiple critical vulnerabilities in its routers
Synology fixed several critical flaws in its routers, including flaws likely demonstrated at the Pwn2Own 2022 hacking contest. Taiwanese NAS maker Synology published two new critical advisories in December. The first advisory is related to the most severe vulnerability addressed by the company, which is a critical out-of-bounds write issue, tracked as CVE-2022-43931 (CVSS3 Base Score10). […]
Bleeping Computer
Synology fixes maximum severity vulnerability in VPN routers
Taiwan-based NAS maker Synology has addressed a maximum (10/10) severity vulnerability affecting routers configured to run as VPN servers.
SecurityWeek
Critical Vulnerabilities Patched in Synology Routers
Synology has patched several critical vulnerabilities in its routers, including flaws likely exploited recently at the Pwn2Own hacking contest.
DarkReading
Hackers Score Nearly $1M at Device-Focused Pwn2Own Contest
Offensive security researchers found 63 previously unreported vulnerabilities in printers, phones, and network-attached storage devices in the Zero Day Initiative's latest hackathon.
Naked Security
Pwn2Own Toronto: 54 hacks, 63 new bugs, $1 million in bounties
That’s a mean average of $15,710 per bug… and 63 fewer bugs out there for crooks and rogues to find.
Bleeping Computer
Hackers earn $989,750 for 63 zero-days exploited at Pwn2Own Toronto
Pwn2Own Toronto 2022 has ended with competitors earning $989,750 for 63 zero-day exploits (and multiple bug collisions) targeting consumer products between December 6th and December 9th.
Bleeping Computer
Samsung Galaxy S22 gets hacked in 55 seconds at Pwn2Own Toronto
On the third day of Pwn2Own, contestants hacked the Samsung Galaxy S22 a fourth time since the start of the competition, and this time they did it in just 55 seconds.
Bleeping Computer
Samsung Galaxy S22 hacked in 55 seconds on Pwn2Own Day 3
On the third day of Pwn2Own, contestants hacked the Samsung Galaxy S22 a fourth time since the start of the competition, and this time they did it in just 55 seconds.
Security Affairs
Pwn2Own Toronto 2022 Day 3: Participants earned nearly $1 million
On the third day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned more than $250,000. On the third day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned more than $250,000 for demonstrating zero-day attacks against NAS devices, printers, smart speakers, routers, and smartphones. In the two days, participants earned […]
SecurityWeek
SOHO Exploits Earn Hackers Over $100,000 on Day 3 of Pwn2Own Toronto 2022
Exploits simulating a real world SOHO attack earned participants well over $100,000 on the third day of Pwn2Own Toronto 2022.
Security Affairs
Pwn2Own Toronto 2022 Day 2: Participants earned $281K
Pwn2Own Toronto 2022 Day Two – Participants demonstrated exploits for smart speaker, smartphone, printer, router, and NAS. On the first day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition participants earned $400,000 for 26 unique zero-day exploits. On the second day of the competition, participants earned more $281,000 for smart speaker, smartphone, printer, […]
Bleeping Computer
Samsung Galaxy S22 hacked again on second day of Pwn2Own
Contestants hacked the Samsung Galaxy S22 again during the second day of the consumer-focused Pwn2Own 2022 competition in Toronto, Canada.
SecurityWeek
Pwn2Own Toronto 2022, Day 2: Smart Speaker Exploits Earn Big Chunk of $280,000 Total
On the second day of Pwn2Own Toronto 2022, participants earned more than $280,000 for smart speaker, printer, router, smartphone and NAS exploits.
Cyber Security News
Pwn2Own Day 2 - Researchers Earn $400,000 for 26 Unique 0-days Exploits
Pwn2Own Day 2 - Researchers have received $400,000 for 26 distinct 0-day flaws in the Toronto Pwn2Own hacking competition.
Cyber Security News
Samsung Galaxy S22 Hacked Multiple Times At Pwn2Own Hacking Contest - Day 1
The Pwn2Own Toronto 2022 hacking contest has started; this year marks the 10th anniversary of the consumer-oriented competition. On the first day of Pwn2Own Toronto 2022, reports of the Samsung Galaxy S22 hack made a splash.
SecurityWeek
Pwn2Own Toronto 2022, Day 1: Hackers Earn $400,000 for Galaxy S22, SOHO Exploits
On the first day of Pwn2Own Toronto 2022, participants earned $400,000 for hacking printers, routers, phones and NAS devices.
Security Affairs
Pwn2Own Toronto 2022 hacking competition. Samsung S22 hacked
The Pwn2Own Toronto 2022 hacking competition has begun, this is the 10th anniversary of the consumer-focused version of the contest. The news of the Samsung Galaxy S22 hack on the first day of Pwn2Own Toronto 2022 made the headlines. White hat hackers that participated in the competition hacked the Samsung Galaxy S22 smartphone twice during […]
Bleeping Computer
Samsung Galaxy S22 hacked twice on first day of Pwn2Own Toronto
Contestants have hacked the Samsung Galaxy S22 smartphone twice during the first day of the Pwn2Own Toronto 2022 hacking competition, the 10th edition of the consumer-focused event.
The Record
Colonial Pipeline hackers add startling new capabilities to ransomware operation
The ransomware gang behind the Colonial Pipeline hack added a startling slate of new tactics, tools, and procedures to its operation.
DataBreaches
ALPHV/BlackCat ransomware family becoming more dangerous
Alex Scroxton reports: The developer or developers behind the ransomware-as-a-service (RaaS) family known variously as ALPHV, BlackCat and Noberus, have been...
SecurityWeek
Pwn2Own Offers $100,000 for Home Office Hacking Scenario
Pwn2Own Toronto 2022 is offering more than $1 million in cash and prizes, including $100,000 for a new SOHO attack scenario.
Computerworld
For SMBs, Microsoft offers a new layer of server protection
Microsoft this month unveiled a preview of server protection aimed at small and mid-sized businesses, bundling the added security with Microsoft Defender for Business.
Security Affairs
Synology and QNAP warn of critical Netatalk flaws in some of their products
Synology warns customers that some of its NAS devices are affected by multiple critical Netatalk vulnerabilities. Synology has warned customers that multiple critical Netatalk vulnerabilities affect some of its network-attached storage (NAS) devices. Netatalk is a free, open-source implementation of the Apple Filing Protocol that allows Unix-like operating systems to serve as a file server for macOS computers. QNAP NAS devices support the AFP protocol to […]
DarkReading
Critical Vulnerabilities Leave Some Network-Attached Storage Devices Open to Attack
QNAP and Synology say flaws in the Netatalk fileserver allow remote code execution and information disclosure.
SecurityWeek
Synology, QNAP, WD Warn Users About Vulnerabilities Exploited at Hacking Contest
Synology, QNAP and WD have warned their customers about several critical Netatalk vulnerabilities that have been exploited at a recent hacking contest.
Bleeping Computer
Synology warns of critical Netatalk bugs in multiple products
Synology has warned customers that some of its network-attached storage (NAS) appliances are exposed to attacks exploiting multiple critical Netatalk vulnerabilities.
Trend Micro
Defending Users’ NAS Devices From Evolving Threats
In our latest research, we analyze the threats targeting well-known brands of network-attached storage (NAS) devices.
Bleeping Computer
QNAP NAS devices hit in surge of ech0raix ransomware attacks
Users of QNAP network-attached storage (NAS) devices are reporting attacks on their systems with the eCh0raix ransomware, also known as QNAPCrypt.
Bleeping Computer
ALPHV BlackCat - This year's most sophisticated ransomware
The new ALPHV ransomware operation, aka BlackCat, launched last month and could be the most sophisticated ransomware of the year, with a highly-customizable feature set allowing for attacks on a wide range of corporate environments.
The DFIR Report
From Zero to Domain Admin
This report will go through an intrusion from July that began with an email, which included a link to Google's Feed Proxy service that was used to download a malicious Word document. Upon the user enabling macros, a Hancitor dll was executed, which called the usual suspect, Cobalt Strike.
Bleeping Computer
Researchers compile list of vulnerabilities abused by ransomware gangs
Security researchers are working on compiling an easy to follow list of initial access attack vectors ransomware gangs and their affiliates are using to breach victims' networks.
Bleeping Computer
QNAP works on patches for OpenSSL bugs impacting its NAS devices
Network-attached storage (NAS) maker QNAP is investigating and working on security updates to address remote code execution (RCE) and denial-of-service (DoS) vulnerabilities patched by OpenSSL last week.
Bleeping Computer
Synology: Multiple products impacted by OpenSSL RCE vulnerability
Taiwan-based NAS maker Synology has revealed that recently disclosed remote code execution (RCE) and denial-of-service (DoS) OpenSSL vulnerabilities impact some of its products.
Bleeping Computer
The Week in Ransomware - August 13th 2021 - The rise of LockBit
This week we saw an existing operation rise in attacks while existing ransomware operations turn to Windows vulnerabilities to elevate their privileges.
Bleeping Computer
eCh0raix ransomware now targets both QNAP and Synology NAS devices
A newly discovered eCh0raix ransomware variant has added support for encrypting both QNAP and Synology Network-Attached Storage (NAS) devices.
Bleeping Computer
Synology warns of malware infecting NAS devices with ransomware
Taiwan-based NAS maker Synology has warned customers that the StealthWorker botnet is targeting their network-attached storage devices in ongoing brute-force attacks.
Bleeping Computer
BlackMatter ransomware gang rises from the ashes of DarkSide, REvil
A new ransomware gang named BlackMatter is purchasing access to corporate networks while claiming to include the best features from the notorious and now-defunct REvil and DarkSide operations.