InfoSecBulletin Cybersecurity for mankind
White hat hackers at the Pwn2Own Ireland 2024 contest by Trend Micro’s Zero Day Initiative earned $500,000 on the first day by exploiting NAS devices, cameras, printers, and smart speakers.
Sina Kheirkhah from Summoning Team earned the top reward of $100,000 by exploiting nine vulnerabilities in an attack from a QNAP QHora-322 router to a TrueNAS Mini X storage device.
WhatsApp banned on all US House of Representatives devices
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform
Hackers Bypass Gmail MFA With App-Specific Password Reuse
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
Viettel Cyber Security demonstrated an exploit chain involving QNAP QHora-322 and TrueNAS Mini X products, earning $50,000.
Jack Dates from RET2 Systems earned a $60,000 reward for hacking a Sonos Era 300 smart speaker.
Two different teams earned $40,000 each for exploiting the QNAP TS-464 and Synology DiskStation DS1823XS+ NAS devices.
Participants successfully exploited the Lorex 2K WiFi, Ubiquity AI Bullet, and Synology TC500 cameras, as well as HP Color LaserJet Pro MFP 3301fdw and Canon imageCLASS MF656Cdw printers, earning hackers between $11,000 and $30,000.
ZDI reported that $516,250 was awarded on the first day of Pwn2Own Ireland for over 50 unique vulnerabilities.
In the coming days, contestants will showcase exploits targeting a Samsung Galaxy S24 phone and an Aeotec Smart Home Hub, along with cameras, NAS devices, smart speakers, and printers.
Pwn2Own Ireland 2024 features a messaging app category, offering up to $300,000 for a zero-click WhatsApp exploit. Up to $250,000 is available for exploits targeting the Pixel 8 and iPhone 15, but no entries have been submitted for these devices.
