Pwn2Own Archives - Cyber Security Minute

Synology fixes multiple critical vulnerabilities in its routers

Issued by: Security Affairs

Taiwanese NAS maker Synology published two new critical advisories in December. The first advisory is related to the most severe vulnerability addressed by the company, which is a critical out-of-bounds write issue, tracked as CVE-2022-43931 (CVSS3 Base Score10). The vulnerability resides in the Remote Desktop Functionality of Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635….

Mobile Security, Vulnerabilities

Pwn2Own Offers $100,000 for Home Office Hacking Scenario

Issued by: Security Week

The next Pwn2Own will take place December 6-8, 2022, at ZDI’s office in Toronto, Canada. The registration deadline is December 2. The event will not take place alongside a conference so ZDI has decided to reimburse $3,000 for travel expenses to encourage hackers to participate in person. Bug bounty hunters can also compete remotely, with…

Vulnerabilities

Details Disclosed for OPC UA Vulnerabilities Exploited at ICS Hacking Competition

Issued by: Security Week

OPC UA (Open Platform Communications United Architecture) is a machine-to-machine communication protocol that is used by many industrial solutions providers to ensure interoperability between various types of industrial control systems (ICS). JFrog’s researchers discovered several vulnerabilities in OPC UA and disclosed some of them at the Pwn2Own Miami 2022 competition in April, where participants earned…

Vulnerabilities

Known macOS Vulnerabilities Led Researcher to Root Out New Flaws

Issued by: Dark Reading

Sometimes all it takes to root out a new software vulnerability is to study and analyze previous bug reports. That’s how researcher Csaba Fitzl says he sniffed out some new Apple macOS vulnerabilities, one of which was a mirror image of a logic flaw that a group of researchers competing in the 2020 Pwn2Own contest…

Network Security

Targets and Prizes Announced for 2022 ICS-Themed Pwn2Own

Issued by: Security Week

Pwn2Own Miami 2022 is scheduled to take place on January 25-27, 2022, and it has four main target categories: control server, OPC UA server, data gateway, and human-machine interface (HMI). In the control server category, participants can earn up to $20,000 for hacking Iconics Genesis64 and Inductive Automation Ignition products. In the OPC UA category,…

Vulnerabilities

PoC Exploit Released for Unpatched Flaw Affecting Chromium-Based Browsers

Issued by: Security Week

On April 7, at the Pwn2Own 2021 hacking competition, Bruno Keith and Niklas Baumstark of Dataflow Security earned $100,000 for a remote code execution exploit that works against web browsers that are based on Google’s open source Chromium project. The researchers demonstrated the exploit against both Chrome and Microsoft Edge. Visiting a specially crafted website…