Hackers Crack 29 Automotive Zero-Days in One Day
Fully patched EV chargers and infotainment systems fell to dozens of zero-days at Pwn2Own Automotive, exposing systemic vehicle security gaps.
Source: BleepingComputer
Read more: CyberSecBrief
seen from Russia

seen from United States
seen from United Kingdom
seen from United States
seen from China

seen from United States
seen from Germany
seen from Canada

seen from Russia
seen from Germany
seen from Russia
seen from Singapore
seen from United States

seen from Germany
seen from Russia
seen from China
seen from United States

seen from United States
seen from United States
seen from United States
Hackers Crack 29 Automotive Zero-Days in One Day
Fully patched EV chargers and infotainment systems fell to dozens of zero-days at Pwn2Own Automotive, exposing systemic vehicle security gaps.
Source: BleepingComputer
Read more: CyberSecBrief
Sunday Roundup: 26th of March 2017
Sunday Round up for the week ending the 26th of March, As stated last weeks still looking for feedback on how I can tweak this posts format - let me know:
Articles:
How to Get Started Using Java Cryptography Securely: http://www.veracode.com/blog/research/how-get-started-using-java-cryptography-securely
Strange But True Application Security Failures: https://img.readitlater.com/i/www.veracode.com/sites-default-files-styles-media_responsive_widest-public-strange-but-true-application-security-failures-image-png-itok-m3Tnnv_P/RS/w1408.png?url=http%3A%2F%2Fwww.veracode.com%2Fsites%2Fdefault%2Ffiles%2Fstyles%2Fmedia_responsive_widest%2Fpublic%2Fstrange-but-true-application-security-failures-image.png%3Fitok%3Dm3Tnnv_P
Ransomware operators are hiding malware deeper in installer packages: https://blogs.technet.microsoft.com/mmpc/2017/03/15/ransomware-operators-are-hiding-malware-deeper-in-installer-packages/
Wellcome to revfirmware.ml: https://revfirmware.ml/
That Is Not My Child Process!: https://blog.didierstevens.com/2017/03/20/that-is-not-my-child-process/amp/
.NET Reverse Enginering - Part 2: http://codepool.me/NET-Reverse-Enginering-Part-2/
Combining Responder and PsExec for Internal Penetration Tests: https://community.rapid7.com/community/infosec/blog/2017/03/21/combining-responder-and-psexec-for-internal-penetration-tests
Tracking Online Counterfeiters: https://www.sans.org/reading-room/whitepapers/detection/tracking-online-counterfeiters-37697
An Android Phone Makes A Better Server Than You’d Think: http://hackaday.com/2017/03/22/an-android-phone-makes-a-better-server-than-youd-think/
Twitter:
"Virtual machine escape fetches $105,000 at Pwn2Own hacking contest [updated]" #informationsecurity #feedly https://t.co/L7lJISXHQK
— The Security Sleuth (@Security_Sleuth) March 19, 2017
"European Data Protection Supervisor Publishes Priorities for 2017" #privacy #feedly https://t.co/K6K7mkh9t7
— The Security Sleuth (@Security_Sleuth) March 19, 2017
"A simple command allows the CIA to commandeer 318 models of Cisco switches" #informationsecurity #feedly https://t.co/0o8hLTIXCJ
— The Security Sleuth (@Security_Sleuth) March 20, 2017
"Your Next Steps if Your AppSec Program Is in the Expanded Stage" #informationsecurity #feedly https://t.co/228tas6Nkt
— The Security Sleuth (@Security_Sleuth) March 20, 2017
"Phill Moore's Round-Up Of This Month In Forensics" #forensics #feedly https://t.co/0gCa7fT1ag
— The Security Sleuth (@Security_Sleuth) March 21, 2017
"Why American Farmers Are Hacking Their Tractors With Ukrainian Firmware" #tech #feedly https://t.co/RdW5IpkKwv
— The Security Sleuth (@Security_Sleuth) March 21, 2017
"Strategies for Rapid Adoption of a Security Programme Within a Large Enterprise" #informationsecurity #feedly https://t.co/oDgjcFMhVW
— The Security Sleuth (@Security_Sleuth) March 22, 2017
"Hackers Using Fake Cellphone Towers to Spread Android Banking Trojan" #infosec #feedly https://t.co/12huZuGw2b
— The Security Sleuth (@Security_Sleuth) March 22, 2017
"Shielding MAC addresses from stalkers is hard and Android fails miserably at it" #informationsecurity #feedly https://t.co/uUOyQu9LjS
— The Security Sleuth (@Security_Sleuth) March 23, 2017
"Breaking: Wikileaks reveals CIA's Apple MacOS and iPhone Hacking Techniques" #infosec #feedly https://t.co/TzA9vgz9b8
— The Security Sleuth (@Security_Sleuth) March 23, 2017
Read last weeks round up here
If you found some other interesting stuff this week feel free to leave a link to it in the comments section.
Swipe your card, own the charger. Plug in the cable, own the car. The road to the future is paved with zero-days and nobody bothered to fill the potholes. #Pwn2Own
Security researchers exploited dozens of vulnerabilities in vehicle infotainment systems and EV chargers in the latest Pwn2Own at Automotive World 2026.
$1M WhatsApp hack fizzles out at major security contest
A much-hyped WhatsApp exploit meant to earn $1 million at Pwn2Own Ireland was withdrawn at the last minute, with Meta later confirming it contained only low-risk bugs and no working remote code execution flaw.
Source: SecurityWeek
Read more: CyberSecBrief
Pwn2Own Comes Back to Ireland with a Massive WhatsApp Bug Bounty
Researchers will compete in Cork to find zero-click WhatsApp exploits and attack mobile devices via USB ports, testing the limits of device security with a $1 million prize on the line.
Source: Zero Day Initiative
Read more: CyberSecBrief
Synology Issues a Critical Security Alert for Photographers
After the major exodus from Drobo that photographers took years ago, many went to Synology. And if you’re one of the photographers who have their products, you should know that the company recently issued a security alert. In an email to users this week, Synology told photographers about their findings at this year’s Pwn2Own Ireland 2024 event — which took place in late October 2024. From the…
ICYMI: Security researchers from around the globe gathered for the Pwn2Own Ireland 2024 competition, unveiling over 70 zero-day vulnerabilities across devices, including the Samsung Galaxy S24 and popular network storage systems (NAS). #CyberSecurity http://dlvr.it/TFrVWw
Security researchers from around the globe gathered for the Pwn2Own Ireland 2024 competition, unveiling over 70 zero-day vulnerabilities across devices, including the Samsung Galaxy S24 and popular network storage systems (NAS). #CyberSecurity http://dlvr.it/TFpbn3