Tag Archive for: AC/DC

HP LaserJet Pwned By Hackers Gets Turned Into An AC/DC Cranking Boombox

/in


hero laserjet acdc
It’s easy to think of hackers in the colloquial sense as being the enemies of society. People who break into computer systems and sabotage electronics to gain control of them or steal data; how could someone like that be of benefit to society at large? The answer is that a great many so-called “hackers” are in fact security experts who know from experience where to look for security holes, and are also often consulted for help in closing them.

These “white hat” hackers hunt for security holes and application exploits, then report them to vendors to claim bug bounties, but some vendors are either unwilling to pay for such services or are simply difficult to contact. Back in 2005, Trend Micro set up the Zero Day Initiative for exactly that reason. It’s a group that works with security researchers to identify “zero-day” vulnerabilities in tech products and then act as an intermediary with the vendors to see them fixed.

The Zero Day Initiative sponsors multiple yearly events called Pwn2Own, where hackers gather to make time-limited attempts to exploit specific products. This year’s event in Austin was the largest-ever, with 58 total entries from 22 different security teams. Contestants have 30 minutes to deploy their exploit and gain unapproved privileges, remote code execution, or other unauthorized access to their targets.

The Initiative has a list up on its blog of all of the entries and their results, and there’s some good stuff in there, but by far the most entertaining result has to be F-Secure Labs’ 11:00 submission on Thursday where the three experts hacked an HP Color Laserjet Pro MFP M283fdw and turned it into a jukebox, playing AC/DC’s “Thunderstruck” through its tiny (and tinny) speaker. You can see/hear a brief clip of that in action, in the tweet below…
Other targeted devices at this year’s Pwn2Own event include NAS devices from WD, routers and home gateways from Netgear, Cisco, and TP-Link, printers from Canon and Lexmark, the Sonos One speaker, and notably, Samsung’s Galaxy S21 smartphone. All of these devices were running the latest firmware and security patches, yet all of them were hacked.

Not to worry, though; the ZDI doesn’t disclose or publish the exploits…

Source…

Printer plays AC/DC, Samsung Galaxy S21 hacked twice

/in


Pwn2Own: Printer plays AC/DC, Samsung Galaxy S21 hacked twice

Trend Micro’s ZDI has awarded $1,081,250 for 61 zero-days exploited at Pwn2Own Austin 2021, with competitors successfully pwning the Samsung Galaxy S21 again and hacking an HP LaserJet printer to play AC/DC’s Thunderstruck on the contest’s third day.

Contestants earned $70,000 during the fourth day, $238,750 on the third day, $415,000 on the second, and $362,500 during the first day.

The Synacktiv team won the contest after getting $197,000 in cash for their zero-days and 20 Master of Pwn points, with a six-point lead over the DEVCORE team, which finished with 14 points and earned a total of $140,000.

Over the four days of competition, the contestants compromised printers, routers, NAS devices, and speakers from Canon, HP, Western Digital, Cisco, Sonos, TP-Link, and NETGEAR after exploiting 61 previously unknown security flaws known as zero-day vulnerabilities.

The full Pwn2Own Austin 2021 schedule and the results following each challenge are available here.

Pwn2Own Austin 2021 final leaderboard
Pwn2Own Austin 2021 final leaderboard (ZDI)

Sam Thomas (@_s_n_t) from team Pentest Limited (@pentestltd) was the one who compromised the Samsung Galaxy S21 running the latest Android 11 security updates on the third day using a unique three-bug chain and earning $50,000.

The Samsung Galaxy S21 escaped a hacking attempt on the first day after F-Secure Labs’ Ken Gannon didn’t get his zero-day exploit to work within the allotted time.

Mr L and Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss) of STARLabs were able to get code execution on the Samsung Galaxy S21 on the second day of Pwn2Own.

However, despite their success and winning $25,000, their attempt was tagged as a “collision” after it was revealed that they used a bug known to the vendor. 

The third day of Pwn2Own also saw the F-Secure Labs team turning an HP LaserJet printer into a jukebox using a stack-based buffer overflow to play AC/DC’s Thunderstruck. 

At this edition of…

Source…

Report suggests malware hits Iran atomic organization, blasts AC/DC at night – VentureBeat

/in

VentureBeat

Report suggests malware hits Iran atomic organization, blasts AC/DC at night
VentureBeat
Iran has been the target of quite a few new pieces of malware this year, including the latest Flame malware that many describe as one of the biggest advancements in cyber espionage to date. The virus comes with 20 different modules that, when unpacked,
Minister Stresses Iran's Ability to Confront All Spy MalwaresFars News Agency
Iranian nuke plants rocked in midnight 'heavy metal blast'Register

all 3 news articles »

flame malware – read more