Breaking
December 23, 2024

TrueNAS device vulnerabilities exposed during hacking competition udinmwenefosa@gmail.com (Efosa Udinmwen) | usagoldmines.com

  • TrueNAS recommends hardening systems to mitigate risks
  • Pwn2Own showcases diverse attack vectors on NAS systems
  • Cybersecurity teams earn over $1 million by finding in exploits

At the recent Pwn2Own Ireland 2024 event, security researchers identified vulnerabilities in various high-use devices, including network-attached storage NAS devices, cameras, and other connected products.

TrueNAS was one of the companies whose products were successfully targeted during the event, with vulnerabilities found in its products with default, non-hardened configurations.

Following the competition, TrueNAS have started implementing updates to secure their products against these newly discovered vulnerabilities.

Security gaps across multiple devices

During the competition, multiple teams successfully exploited TrueNAS Mini X devices, demonstrating the potential for attackers to leverage interconnected vulnerabilities between different network devices. Notably, the Viettel Cyber Security team earned $50,000 and 10 Master of Pwn points by chaining SQL injection and authentication bypass vulnerabilities from a QNAP router to the TrueNAS device.

Furthermore, the Computest Sector 7 team also executed a successful attack by exploiting both a QNAP router and a TrueNAS Mini X using four vulnerabilities. The types of vulnerabilities included command injection, SQL injection, authentication bypass, improper certificate validation, and hardcoded cryptographic keys.

TrueNAS responded to the results by releasing an advisory for its users, acknowledging the vulnerabilities and emphasizing the importance of following security recommendations to protect data storage systems against potential exploits.

By adhering to these guidelines, users can increase their defences, making it harder for attackers to leverage known vulnerabilities.

TrueNAS informed customers that the vulnerabilities affected default, non-hardened installations, meaning that users who follow recommended security practices are already at a reduced risk.

TrueNAS has advised all users to review its security guidance and implement best practices, which can significantly minimize exposure to potential threats until the patches are fully rolled out.

Via SecurityWeek

You might also like

​ 

This articles is written by : Nermeen Nabil Khear Abdelmalak

All rights reserved to : USAGOLDMIES . www.usagoldmines.com

You can Enjoy surfing our website categories and read more content in many fields you may like .

Why USAGoldMines ?

USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.

Recent:

The Apple Vision Pro’s Ultrawide Mac Virtual Display is something you have to see to believe jacob.k...
NYT Strands today — my hints, answers and spangram for Monday, December 23 (game #295) | usagoldmin...
NYT Connections today — my hints and answers for Monday, December 23 (game #561) | usagoldmines.com
Quordle today – my hints and answers for Monday, December 23 (game #1064) | usagoldmines.com
From lab to life - atomic-scale memristors pave the way for brain-like AI and next-gen computing pow...
New Androxgh0st botnet targets vulnerabilities in IoT devices and web applications via Mozi integrat...
Could this be Dell's fastest laptop ever built? Dell Pro Max 18 Plus set to have 'RTX 5000 class' GP...
Google TV users are getting even more free channels in time for the holidays | usagoldmines.com
Apple 'Not' Working on New AirPort, But Apple TV and HomePod Provide Glimmer of Hope Joe Rossignol |...
iOS 19 Rumored to Be Compatible With These iPhones Joe Rossignol | usagoldmines.com
Need a last-minute gift card? 20 compelling options for tech and beyond | usagoldmines.com
How to know if a USB cable is hiding malicious hacker hardware | usagoldmines.com
Samsung’s gigantic 8TB portable SSD just dropped to its best price | usagoldmines.com
Apple Rumored to Launch Smart Home Doorbell With Face ID and More Joe Rossignol | usagoldmines.com
Apple Reportedly Working on AirPods Pro 3 With Heart Rate Feature Joe Rossignol | usagoldmines.com
Open source machine learning systems are highly vulnerable to security threats udinmwenefosa@gmail.c...
New leak says if your iPhone can run iOS 18, it should be able to run iOS 19 too | usagoldmines.com
Leaders pushing for AI investment are gaining competitive advantages udinmwenefosa@gmail.com (Efosa ...
Ars Technica’s top 20 video games of 2024 Kyle Orland | usagoldmines.com
Human versus autonomous car race ends before it begins Roberto Baldwin | usagoldmines.com
European data centers are having to delay carbon reduction goals and rethink sustainability plans ud...
Everything new on Netflix in January 2025 rowan.davies@futurenet.com (Rowan Davies) | usagoldmines.c...
Google Whisk is a new way to create AI visuals using image prompts –here's how to try it | usagoldm...
New Year, new Microsoft Office! Last chance to save 20% | usagoldmines.com
Stop squinting at your tiny screen and get this gorgeous portable monitor | usagoldmines.com
These are the companies using AI-driven dynamic pricing the most - and the top users probably won't ...
Synology patches critical vulnerabilities, urges users to update devices against zero-click attacks ...
Apple Now Offering Free Two-Hour Delivery on Last-Minute Gifts Joe Rossignol | usagoldmines.com
Apple Preparing iOS 18.2.1 Update for iPhone Joe Rossignol | usagoldmines.com
NYT Strands today — my hints, answers and spangram for Sunday, December 22 (game #294) | usagoldmin...
NYT Connections today — my hints and answers for Sunday, December 22 (game #560) | usagoldmines.com
Quordle today – my hints and answers for Sunday, December 22 (game #1063) | usagoldmines.com
OnePlus Watch 3: Upgrades Include Rotating Bezel and ECG Support Tim | usagoldmines.com
New 'HomePod' With 7-Inch Display, A18 Chip, and More Reportedly Launching Next Year Joe Rossignol |...
This new compact mini PC can support Intel 12th to 14th Gen processors and up to 96 GB DDR5 RAM udin...
CAMM2 memory modules promise significant advancements in memory technology with impressive read and ...
We may have to wait longer for the OnePlus Open 2 than we thought | usagoldmines.com
'Copper’s time has run out': Nvidia, AMD and TSMC have invested millions in a startup which may hold...
Popular Microsoft Office rival targets billion user milestone as it brings together office software,...
Fake parcel delivery texts are the fastest-growing phishing scam this holiday season – here’s how to...
Apple TV Plus: how to sign up, price, TV shows, movies, devices, and more tom.power@futurenet.com (T...
Today's the Last Day to Order From Apple for December 24th Delivery in the U.S. Juli Clover | usagol...
Best Apple Deals of the Week: Record Low Prices Return for AirTag, iPad, and MacBook Air Mitchel Bro...
More Galaxy S25 specs leak – and we might know just how thin the S25 Slim version is | usagoldmines...
Top Stories: iPhone 17 Designs, Foldable iPad or MacBook, and More MacRumors Staff | usagoldmines.co...
Green sea turtle gets relief from “bubble butt” syndrome thanks to 3D printing Jacek Krywko | usagol...
Samsung's rival has debuted new storage tech that offers a super-fast, high-capacity flash memory fo...
Exploring an undersea terrain sculpted by glaciers and volcanoes Ashley Balzer Vigil | usagoldmines....
Yellowjackets season 3: release date, cast, trailer and more news and rumors about the hit Paramount...
Real Excel pros master these fundamentals | usagoldmines.com
This $33 lifetime VPN won’t be available much longer | usagoldmines.com
ICYMI: the week's 7 biggest tech stories, from Meta smart glasses leaks to Superman's dog and ChatGP...
Chinese researchers repurpose Meta's Llama model for military intelligence applications udinmwenefos...
Microsoft Copilot Vision is the perfect holiday shopping buddy, and it’s finally here erichs211@gmai...
Four-Packs of AirTags Are $30 Off Right Now Daniel Oropeza | usagoldmines.com
Bluesky’s Latest Update Makes It Harder for Someone to Take Your Name Pranay Parab | usagoldmines.co...
12 Days of OpenAI ends with a new model for the new year erichs211@gmail.com (Eric Hal Schwartz) | u...
Only 15% of Steam users have played games released in 2024, but why? allisa.james@futurenet.com (All...
Going to Disney World? Don’t miss this free, immersive Star Wars Galaxy’s Edge experience jacob.krol...
NYT Strands today — my hints, answers and spangram for Saturday, December 21 (game #293) | usagoldm...
NYT Connections today — my hints and answers for Saturday, December 21 (game #559) | usagoldmines.c...
Quordle today – my hints and answers for Saturday, December 21 (game #1062) | usagoldmines.com
These Are My Favorite (Edible and Non-Edible) Food Discoveries of 2024 Allie Chanthorn Reinmann | us...
Google Is Working on AI-Powered Scam Detection for Chrome Jake Peterson | usagoldmines.com
Samsung Is Giving You a Lot of Control Over Your Galaxy's Display Jake Peterson | usagoldmines.com
Seven Services You (Probably) Don’t Need to Pay Someone to Do Jeff Somers | usagoldmines.com
Top 5 Apple Products to Look Forward to in 2025 Juli Clover | usagoldmines.com
12 days of OpenAI: The Ars Technica recap Benj Edwards | usagoldmines.com
Best live TV streaming service: YouTube TV vs Sling TV vs Hulu + Live TV and the rest | usagoldmine...
Best USB-C cables 2024: Get quality charging and data transfers | usagoldmines.com
Best laptops for engineering students 2024: Expert picks and advice | usagoldmines.com
My Favorite Cookies Come From Baking Scraps Beth Skwarecki | usagoldmines.com
Google Has a Hidden 'Squid Game' You Can Play Right Now Jake Peterson | usagoldmines.com
How to Blanch Vegetables (and Why You'll Want To) Allie Chanthorn Reinmann | usagoldmines.com
OpenAI announces o3 and o3-mini, its next simulated reasoning models Benj Edwards | usagoldmines.com
Rocket Report: ULA has a wild idea; Starliner crew will stay in orbit even longer Stephen Clark | us...
Horizon: Zero Dawn gets the graphical remaster a modern classic deserves Nate Anderson | usagoldmine...
Best monitor deals: Sweet holiday sales on OLED, gaming displays, and more | usagoldmines.com
Best holiday tech deals on Amazon: Save big with expert-curated picks | usagoldmines.com
Last-Minute Gift Ideas If Your Only Option Is the Drug Store Meredith Dietz | usagoldmines.com
The Ikarao Shell S1 Is Almost the Perfect Portable Karaoke Speaker Daniel Oropeza | usagoldmines.com
Amazon Discounts USB-C AirPods Max to $499.99 ($49 Off) Mitchel Broussard | usagoldmines.com
Asus just launched two business monitors with a unique feature I think all display manufacturers sho...
Man who claims he invented bitcoin faces prison after filing $1.1 trillion suit Jon Brodkin | usagol...
Startup set to brick $800 kids robot is trying to open source it first Scharon Harding | usagoldmine...
The Best Gifts for Avid Readers (That Aren't Books) Lindsey Ellefson | usagoldmines.com
15 Christmas Movies You Definitely Shouldn't Watch With Your Family Ross Johnson | usagoldmines.com
Lenovo's upcoming Legion Go S is likely using SteamOS, as Valve is coming to its CES 2025 event alli...
Google Chrome is testing a new AI tool that scans for scams to help save you from online trickery |...
The next two FIFA Women’s World Cups will only air on Netflix Scharon Harding | usagoldmines.com
Samsung’s pro-speed 512GB microSD card is now 50% off | usagoldmines.com
Level up your parties with this PartyBox speaker, now 33% off | usagoldmines.com
Next Galaxy Unpacked Event Appears Scheduled for January 22 Tim | usagoldmines.com
DEAL: Galaxy Tab S10 Ultra Just $199 After Heavy Discounts ($1000 Off!) Tim | usagoldmines.com
Meta Ray-Ban's Celebrity Voices, Rated from Least to Most Annoying Stephen Johnson | usagoldmines.co...
The Microsoft Surface Pro 11 Is Almost the Perfect Tablet-Laptop Hybrid David Nield | usagoldmines.c...
The MacRumors Show: Every Apple Product Coming in 2025 Hartley Charlton | usagoldmines.com
'Ice Dive' Apple Vision Pro Immersive Video Now Available Juli Clover | usagoldmines.com
It's been a huge year for criminals stealing cryptocurrency - and North Korea was largely to blame ...
Bluesky just made it harder for someone to steal your name, but verification is still a challenge la...

Leave a Reply