Wow! @SinSinology of Summoning Team @SummoningTeam used a total of 9(!) different bugs to go from the QNAP QHora-322 through to the TrueNAS Mini X. His effort earns him $100,000 and 10 Master of Pwn points. #Pwn2Own #P2OIreland

Confirmed! phudq and namnp from Viettel Cyber Security (@vcslab) used a stack-based buffer overflow and an untrusted pointer deref to exploit the #Lorex 2K camera. They earn $30,000 and 3 Master of Pwn points. #Pwn2Own #P2OIreland

Sweet! It took two attempts, but Jack Dates of RET2 Systems (@ret2systems) succeeded in exploiting the Sonos Era 300 smart speaker. He's off to provide all the details to us and #Sonos now #Pwn2Own #P2OIreland

Here are the first attempts for #Pwn2Own Ireland:

@cryptax Maybe also "engineering", as in "we know this _should_ work, here's how to make it _actually_ work"

We need to differentiate talks between those which bring a scientific contribution (something new & inventive inside) and talks which are helpful to bring the audience up to speed on a given topic (e.g. overview of botnets in the wild, or status of obfuscation...)

[RSS] Browser Security Bugs that Aren't - #2: Web Attacks

https://microsoftedge.github.io/edgevr/posts/Browser-Security-Bugs-that-Aren-t-part-2/

[RSS] IBM Power10 server (shipping since September 2021) users say their organizations achieved eight nines--99.999999%--of uptime. This is 315 milliseconds of unplanned, per server, per annum outage time due to underlying system flaws or component failures.

https://www.itjungle.com/2024/10/21/ibm-nears-the-end-of-the-road-for-server-reliability-improvements/

Pretty impressive numbers (not just from IBM) here

The new Restricted Service type finally landed in WIP and now when running Windows Protected Print (WPP), the Spooler Worker process (which now does most of the work) runs as the new Account type. This means Print effectively no longer runs as SYSTEM. Customers running the 24H2 version of WPP will get the changes "soon"

Over time we hope to replace more SYSTEM services and move them to a similar model.

Big thanks to @tiraniddo who reviewed the design and gave us early feedback.

High level diff of iOS 18.1 beta 7 vs. iOS 18.1 RC 🎉

https://github.com/blacktop/ipsw-diffs/blob/main/18_1_22B5075a__vs_18_1_22B82/README.md

Halloween, Xmas, Valentines in retail...

Blockchain, AI and God knows what's coming next in IT...

Marketing rules the world.

@mainframed767 but now they can build 41 of those computers an we are DOOOOMED

The draw is complete and now the schedule is out! You can check out the full schedule showing all four days of #Pwn2Own Ireland madness at https://www.zerodayinitiative.com/blog/2024/10/22/pwn2own-ireland-the-full-schedule #P2OIreland

Here is my recent DEF CON talk on Anom, the encrypted phone secretly ran by the FBI. All about the phone, the network, how Anom was structured, who used it, what this means for Signal, Telegram, more https://www.youtube.com/watch?v=uFyk5UOyNqI

New Project Zero issue:

Linux: temporarily dangling PFN mapping on remap_pfn_range() failure in usbdev_mmap() (and elsewhere?)

https://project-zero.issues.chromium.org/issues/366053091

CVE-2024-47674

The next blog post in the Active Directory hardening series just posted, focusing on SMB signing. https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/active-directory-hardening-series-part-6-enforcing-smb-signing/ba-p/4272168. You can do this yourself and it makes a difference.

We can finally run Doom in Quake! https://www.youtube.com/watch?v=tVOYmYUWkmE #doom

Now that the drawing is complete, @TheDustinChilds and Zed have a few thoughts about the upcoming #Pwn2Own Ireland contest. https://youtube.com/shorts/6l3BW94xH8E #P2OIrleand

Fortinet's last security blog included a section called "A Call to the Industry: Doing the Right Thing for the Security of our Society", which is good. It talks about "transparent disclosure of discovered vulnerabilities" and "radical transparency".

In other news, Fortigate are almost two weeks into knowing they have a zero day which is actively exploited in one of their products, haven't issued a CVE, haven't done a public writeup, and have patch notes that don't mention the vulns.