SecurityWeek
ZDI Discusses First Automotive Pwn2Own
The Zero Day Initiative (ZDI) will host a new Automotive Pwn2Own at the Automotive World Conference in Tokyo, January 24 to 26, 2024.
Security Affairs
The Pwn2Own Vancouver 2022: Trend Micro and ZDI awarded $1,155,000
The Pwn2Own Vancouver 2022 hacking contest ended, Trend Micro and ZDI awarded a total of $1,155,000 for successful attempts! During the third day of the Pwn2Own Vancouver 2022 hacking competition, white hat hackers demonstrated a working exploit against Microsoft Windows 11 OS. nghiadt12 from Viettel Cyber Security demonstrated an exploit for an escalation of privilege via Integer […]
Trend Micro
Trend Micro’s Bug Bounty Program ZDI 2023 Performance
Trend Micro's bug bounty program Zero Day Initiative 2023 performance gives a glimpse inside the world of threat-hunting and cyber risk prevention
Security Affairs
A new Mirai botnet variant targets TP-Link Archer A21
Mirai botnet started exploiting the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451) in TP-Link Archer A21 in recent attacks. Last week, the Zero Day Initiative (ZDI) threat-hunting team observed the Mirai botnet attempting to exploit the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451, CVSS v3: 8.8) in TP-Link Archer AX21 Wi-Fi routers. The CVE-2023-1389 flaw is an unauthenticated command injection vulnerability […]
SecurityWeek
Over $1 Million Offered at New Pwn2Own Automotive Hacking Contest
ZDI is offering more than $1 million at the Pwn2Own Automotive hacking contest, hosted in January at the Automotive World conference in Tokyo.
DarkReading
Microsoft Has Yet to Patch 7 Pwn2Own Zero-Days
A number of serious Windows bugs still haven't made their way into criminal circles, but that won't remain the case forever — and time is running short before ZDI releases exploit details.
Bleeping Computer
Exim patches three of six zero-day bugs disclosed last week
Exim developers have released patches for three of the zero-days disclosed last week through Trend Micro's Zero Day Initiative (ZDI), one of them allowing unauthenticated attackers to gain remote code execution.
DarkReading
Patch Madness: Vendor Bug Advisories Are Broken, So Broken
Duston Childs and Brian Gorenc of ZDI take the opportunity at Black Hat USA to break down the many vulnerability disclosure issues making patch prioritization a nightmare scenario for many orgs.
Trend Micro
CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign
In addition to our Water Hydra APT zero day analysis, the Zero Day Initiative (ZDI) observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412.
Bleeping Computer
Pwn2Own: Printer plays AC/DC, Samsung Galaxy S21 hacked twice
Trend Micro's ZDI has awarded $1,081,250 for 61 zero-days exploited at Pwn2Own Austin 2021, with competitors successfully pwning the Samsung Galaxy S21 again and hacking an HP LaserJet printer to play AC/DC's Thunderstruck on the contest's third day.
Security Affairs
Pwn2Own Miami hacking contest awarded $400,000 for 26 unique ICS exploits
Which hat hackers that participated in the Pwn2Own Miami 2022 hacking contest earned a total of $400,000 for their ICS exploits. The Pwn2Own Miami 2022 is a hacking contest organized by Trend Micro’s Zero Day Initiative (ZDI) that focuses on demonstrating exploits for ICS systems belonging to the following categories: the OPC UA Server, Control […]
Security Affairs
December 2022 Patch Tuesday fixed 2 zero-day flaws
Microsoft released December 2022 Patch Tuesday security updates that fix 52 vulnerabilities across its products. Microsoft December 2022 Patch Tuesday security updates addressed 52 vulnerabilities in Microsoft Windows and Windows Components; Azure; Office and Office Components; SysInternals; Microsoft Edge (Chromium-based); SharePoint Server; and the .NET framework. 12 of these vulnerabilities were submitted through the ZDI program. Six vulnerabilities […]
Security Affairs
Pwn2Own Vancouver 2022 D1: MS Teams exploits received $450,000
White hat hackers earned a total of $800,000 on the first day of the Pwn2Own Vancouver 2022, $450,000 for exploits targeting Microsoft Teams. Pwn2Own Vancouver 2022 hacking contest has begun, it is the 15th edition of this important event organized by Trend Micro’s Zero Day Initiative (ZDI). This year, 17 contestants are attempting to exploit […]
.webp)
Cyber Security News
Hacking of Netgear Routers - PoC Disclosed for 5 Vulnerabilities
In March, the Zero Day Initiative (ZDI) organized a competition called “Pwn2Own.” Several vulnerabilities were discovered during this event across various technology brands, including NetGear routers. With the increasing threats targeting Internet of Things (IoT) devices, extensive research is being conducted to enhance their security measures. Participating in the competition, cybersecurity solutions firm Claroty’s team82 […]
Trend Micro
Defending the Supply Chain: Why the DDS Protocol is Critical in Industrial and Software Systems
In 2021, a team of researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
Trend Micro
Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
Infosecurity News
Bug Bounty Giant Slams Quality of Vendor Patching
Zero Day Initiative says incomplete or faulty patches now commonplace
Bleeping Computer
New Microsoft Exchange zero-days allow RCE, data theft attacks
Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations.
SecurityWeek
Unpatched Exim Vulnerabilities Expose Many Mail Servers to Attacks
Patches are being developed for serious Exim vulnerabilities that could expose many mail servers to attacks.
Bleeping Computer
Millions of Exim mail servers exposed to zero-day RCE attacks
A critical zero-day vulnerability in all versions of Exim mail transfer agent (MTA) software can let unauthenticated attackers gain remote code execution (RCE) on Internet-exposed servers.
Bleeping Computer
Hackers earn $400K for zero-day ICS exploits demoed at Pwn2Own
Pwn2Own Miami 2022 has ended with competitors earning $400,000 for 26 zero-day exploits (and several bug collisions) targeting ICS and SCADA products demoed during the contest between April 19 and April 21.
SecurityWeek
SolarWinds Patches High-Severity Flaws in Access Rights Manager
SolarWinds patches high-severity flaws in its Access Rights Manager product, including three unauthenticated remote code execution issues.
Bleeping Computer
TP-Link Archer WiFi router flaw exploited by Mirai malware
The Mirai malware botnet is actively exploiting a TP-Link Archer A21 (AX1800) WiFi router vulnerability tracked as CVE-2023-1389 to incorporate devices into DDoS (distributed denial of service) swarms.
Bleeping Computer
New Microsoft Exchange zero-days reportedly exploited in attacks
Threat actors are exploiting yet-to-be-disclosed Microsoft Exchange zero-day bugs allowing for remote code execution, according to claims made by security researchers at Vietnamese cybersecurity outfit GTSC, who first spotted and reported the attacks.
Ars Technica
Critical vulnerabilities in Exim threaten over 250k email servers worldwide
Remote code execution requiring no authentication fixed. 2 other RCEs remain unpatched.
SecurityWeek
Vulnerability Broker Applies Pressure on Software Vendors Shipping Faulty, Incomplete Patches
Trend Micro's Zero Day Initiative is ramping up the pressure on software vendors that consistently ship faulty, problematic security patches.
Bleeping Computer
New Microsoft Exchange zero-day actively exploited in attacks
Threat actors are exploiting yet-to-be-disclosed Microsoft Exchange zero-day bugs allowing for remote code execution, according to claims made by security researchers at Vietnamese cybersecurity outfit GTSC, who first spotted and reported the attacks.
Bleeping Computer
New Microsoft Exchange zero-days actively exploited in attacks
Threat actors are exploiting yet-to-be-disclosed Microsoft Exchange zero-day bugs allowing for remote code execution, according to claims made by security researchers at Vietnamese cybersecurity outfit GTSC, who first spotted and reported the attacks.
Cyber Security News
4 Zero-Day Bug in Microsoft Exchange Let Attackers Execute Arbitrary Code
Four new zero-day vulnerabilities have been identified in Microsoft Exchange with server-side request forgery and remote code execution.
Security Affairs
Expert published PoC exploit code for macOS sandbox escape flaw
A researcher published details and proof-of-concept (PoC) code for High-Severity macOS Sandbox escape vulnerability tracked as CVE-2022-26696. Researcher Wojciech Reguła (@_r3ggi) of SecuRing published technical details and proof-of-concept (PoC) code for a macOS sandbox escape vulnerability tracked as CVE-2022-26696 (CVSS score of 7.8). In a wrap-up published by Regula, the researcher observed that the problem is caused […]
Security Affairs
CISA adds TP-Link, Apache, and Oracle bugs to its Known Exploited Vulnerabilities catalog
US Cybersecurity and Infrastructure Security Agency (CISA) added TP-Link, Apache, and Oracle vulnerabilities to its Known Exploited Vulnerabilities catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the following three new issues to its Known Exploited Vulnerabilities Catalog: CVE-2023-1389 (CVSS score: 8.8) – TP-Link Archer AX-21 Command Injection Vulnerability. The CVE-2023-1389 flaw is an unauthenticated […]
Security Affairs
Microsoft fixed two zero-day flaws exploited in malware attacks
Microsoft addressed two zero-day vulnerabilities (CVE-2024-29988 and CVE-2024-26234) actively exploited by threat actors to deliver malware
Infosecurity News
Pwn2Own Competition Unearths Dozens of Zero-Day Vulnerabilities
The Zero Day Initiative’s first Pwn2Own Automotive competition has handed out over $1m for 24 zero-days
Bleeping Computer
Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice
The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26.
Infosecurity News
Water Hydra’s Zero-Day Attack Chain Targets Financial Traders
CVE-2024-21412 was used to evade Microsoft Defender SmartScreen and implant victims with DarkMe
SecurityWeek
Pwn2Own Offers $100,000 for Home Office Hacking Scenario
Pwn2Own Toronto 2022 is offering more than $1 million in cash and prizes, including $100,000 for a new SOHO attack scenario.
Trend Micro
Update Now PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation
Two vulnerabilities in PaperCut have been found, and one of them is being actively exploited in the wild. This blog entry provides a summary of the vulnerabilities, and includes security guidance for IT and SOC professionals.
Trend Micro
Cybersecurity Reflections from 26 Years at Trend
Trend Micro is one of the few cybersecurity vendors today that can protect your entire world, whether it is your home office and family, your drive to work, or your work environment.
Trend Micro
Pwn2Own Vancouver 2023 to Put Tesla to the Test
Contestants gather at Pwn2Own Vancouver to showcase their skills and uncover vulnerabilities
DarkReading
Tesla Hack Team Wins $200K and a New Car
Zero Day Initiative awarded a total of $732,000 to researchers who found 19 unique cybersecurity vulnerabilities during the first day of Pwn2Own.
Security Affairs
Microsoft Patch Tuesday for October 2022 doesn’t fix Exchange Server flaws
Microsoft Patch Tuesday security updates for October 2022 addressed a total of 85 security vulnerabilities, including an actively exploited zero-day. Microsoft Patch Tuesday security updates for October 2022 addressed 85 new vulnerabilities in multiple products, including Microsoft Windows and Windows Components; Azure, Azure Arc, and Azure DevOps; Microsoft Edge (Chromium-based); Office and Office Components; Visual Studio […]
SecurityWeek
Serious Vulnerability Exploited at Hacking Contest Impacts Over 200 HP Printers
HP says more than 200 printer models are impacted by a severe remote code execution vulnerability that was exploited by researchers at the Pwn2Own hacking contest last year.
Bleeping Computer
Hackers earn over $1 million for 58 zero-days at Pwn2Own Toronto
The Pwn2Own Toronto 2023 hacking competition has ended with security researchers earning $1,038,500 for 58 zero-day exploits (and multiple bug collisions) targeting consumer products between October 24 and October 27.
SecurityWeek
ICS Exploits Earn Hackers $400,000 at Pwn2Own Miami 2022
Pwn2Own Miami 2022, a hacking contest focusing on industrial control systems (ICS), has come to an end, with contestants earning a total of $400,000 for their exploits.
Security Affairs
Recent DarkGate campaign exploited Microsoft Windows zero-day
Researchers recently uncovered a DarkGate campaign in mid-January 2024, which exploited Microsoft zero-day vulnerability
HACKRead
Pwn2Own 2024 Awards $700k as Hackers Pwn Tesla, Browsers, and More
Pwn2Own is back!
SecurityWeek
Microsoft Patches 128 Windows Flaws, New Zero-Day Reported by NSA
Microsoft drops a massive Patch Tuesday bundle and warns of an in-the-wild zero-day attack hitting Windows users.
Bleeping Computer
Microsoft Exchange servers hacked to deploy LockBit ransomware
Lockbit ransomware affiliates are encrypting victims via Microsoft Exchange servers hacked using exploits targeting unpatched vulnerabilities.
SecurityWeek
Tesla Infotainment Hack Earns Researchers $100,000 at Pwn2Own Automotive
Over $1 million paid out in the first two days of Pwn2Own Automotive for Tesla, infotainment and EV charger hacks.
Infosecurity News
Researchers Find 63 Zero-Day Bugs at Latest Pwn2Own
Competition awards winning participants nearly $1m
SecurityWeek
Pwn2Own Toronto 2022, Day 1: Hackers Earn $400,000 for Galaxy S22, SOHO Exploits
On the first day of Pwn2Own Toronto 2022, participants earned $400,000 for hacking printers, routers, phones and NAS devices.
SecurityWeek
Pwn2Own Toronto 2022, Day 2: Smart Speaker Exploits Earn Big Chunk of $280,000 Total
On the second day of Pwn2Own Toronto 2022, participants earned more than $280,000 for smart speaker, printer, router, smartphone and NAS exploits.
SecurityWeek
Over $1.1 Million Awarded at Pwn2Own Vancouver 2022 for 25 Zero-Day Vulnerabilities
Over $1.15 million was awarded at Pwn2Own Vancouver 2022 for exploits targeting Tesla Model 3, Windows 11, Ubuntu, Microsoft Teams, Safari, Firefox and Oracle VirtualBox.
SecurityWeek
Hackers Earn $1.3M for Tesla, EV Charger, Infotainment Exploits at Pwn2Own Automotive
Participants have earned more than $1.3 million for hacking Teslas, EV chargers and infotainment systems at Pwn2Own Automotive.
SecurityWeek
Tesla, OS, Software Exploits Earn Hackers $1.1 Million at Pwn2Own 2024
Exploits targeting Tesla cars, operating systems, and popular software earned participants over $1.1 million at Pwn2Own Vancouver 2024.
Bleeping Computer
Hackers actively exploit critical RCE bug in PaperCut servers
Print management software developer PaperCut is warning customers to update their software immediately, as hackers are actively exploiting flaws to gain access to vulnerable servers.
SecurityWeek
Microsoft Fixes Exploited Zero-Days in WordPad, Skype for Business
Microsoft patches more than 100 vulnerabilities across the Windows ecosystem and warned that three are already being exploited in the wild.
Bleeping Computer
Microsoft Exchange ProxyToken bug can let hackers steal user email
Technical details have emerged on a serious vulnerability in Microsoft Exchange Server dubbed ProxyToken that does not require authentication to access emails from a target account.
Trend Micro
Stay Ahead of Cyber Threats
Going further and faster with high-performance network security
Security Affairs
Microsoft Patch Tuesday updates fix 6 actively exploited zero-days
Microsoft Patch Tuesday updates for November 2022 addressed 64 vulnerabilities, including six actively exploited zero-days. Microsoft Patch Tuesday updates for November 2022 addressed 64 new vulnerabilities in Microsoft Windows and Windows Components; Azure and Azure Real Time Operating System; Microsoft Dynamics; Exchange Server; Office and Office Components; SysInternals; Visual Studio; SharePoint Server; Network Policy Server […]
Bleeping Computer
Hackers earn $989,750 for 63 zero-days exploited at Pwn2Own Toronto
Pwn2Own Toronto 2022 has ended with competitors earning $989,750 for 63 zero-day exploits (and multiple bug collisions) targeting consumer products between December 6th and December 9th.
SecurityWeek
Hackers Earn $350k on Second Day at Pwn2Own Toronto 2023
Smart speakers, printers, routers, NAS devices, and mobile phones were hacked on the second day at Pwn2Own Toronto 2023.
Infosecurity News
Security Researchers Win Second Tesla At Pwn2Own
The Synacktiv team won its second Tesla car for finding one of 19 zero-day bugs on the first day of Pwn2Own Vancouver
Security Affairs
Microsoft Patches Tuesday security updates for April 2024 fixed hundreds of issues - Security Affairs
Microsoft Patches Tuesday security updates for April 2024 addressed three Critical vulnerabilities, none actively exploited in the wild. Microsoft Patches Tuesday security updates for April 2024 addressed 147 vulnerabilities in multiple products. This is the highest number of fixed issues from Microsoft this year and the largest since at least 2017. The issues impact Microsoft […]
SecurityWeek
Pwn2Own Automotive: Hackers Earn Over $700k for Tesla, EV Charger, Infotainment Exploits
On the first day of Pwn2Own Automotive participants earned over $700,000 for hacking Tesla, EV chargers and infotainment systems.
Latest Hacking News
WinRAR Security Flaw Could Allow Command Execution
Heads up, WinRAR users! It’s time to update your systems with the latest WinRAR version to avoid security risks. The developers have patched a severe security flaw in WinRAR that could allow remote code execution
Security Affairs
Microsoft Patches Tuesday security updates for April 2024 fixed hundreds of issues
Microsoft Patches Tuesday security updates for April 2024 addressed three Critical vulnerabilities, none actively exploited in the wild.
SecurityWeek
VMware Patches Vulnerabilities Exploited at Pwn2Own 2024
VMware has patched three critical and high-severity vulnerabilities exploited earlier this year at the Pwn2Own hacking competition.
SecurityWeek
Ivanti Patches Critical Vulnerability in Avalanche Enterprise MDM Solution
Ivanti has patched critical- and high-severity vulnerabilities with the latest release of Avalanche enterprise MDM solution
SecurityWeek
Hackers Earn $400k on First Day at Pwn2Own Toronto 2023
NAS devices, printers, IP cameras, speakers, and mobile phones were hacked on the first day at Pwn2Own Toronto 2023.
Bleeping Computer
D-Link fixes auth bypass and RCE flaws in D-View 8 software
D-Link has fixed two critical-severity vulnerabilities in its D-View 8 network management suite that could allow remote attackers to bypass authentication and execute arbitrary code.
DarkReading
Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover
SolarWinds' access controls contain five high and three critical-severity security vulnerabilities that need to be patched yesterday.
Bleeping Computer
Microsoft Teams, Virtualbox, Tesla zero-days exploited at Pwn2Own
During the second day of Pwn2Own Vancouver 2023, competitors were awarded $475,000 after successfully exploiting 10 zero-days in multiple products.
The Hacker News
New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks
📢 Attention IT Admins! Multiple vulnerabilities in Exim mail agent exposed. Find out how unauthenticated attackers could exploit these vulnerabilitie
SecurityWeek
Unpatched Loytec Building Automation Flaws Disclosed 2 Years After Discovery
The details of 10 unpatched Loytec building automation product vulnerabilities have been disclosed two years after their discovery.
The Hacker News
Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware
Microsoft has confirmed that hackers linked to Cl0p and LockBit ransomware families are actively exploiting PaperCut servers.
Bleeping Computer
Hackers earn $1,132,500 for 29 zero-days at Pwn2Own Vancouver
Pwn2Own Vancouver 2024 has ended with security researchers collecting $1,132,500 after demoing 29 zero-days (and some bug collisions).
The Hacker News
WARNING: New Unpatched Microsoft Exchange Zero-Day Under Active Exploitation
Researchers warn of a new unpatched zero-day vulnerability in Microsoft Exchange servers that is being exploited by attackers to achieve RCE.
Bleeping Computer
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto
Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada.
Trend Micro
CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day
The APT group Water Hydra has been exploiting the zero-day Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative.
Bleeping Computer
SolarWinds fixes critical RCE bugs in access rights audit solution
SolarWinds has patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities that allow unauthenticated exploitation.
Security Affairs
D-Link fixes two critical flaws in D-View 8 network management suite
D-Link fixed two critical flaws in its D-View 8 network management suite that could lead to authentication bypass and arbitrary code execution. D-Link has addressed two critical vulnerabilities (CVSS score: 9.8) in its D-View 8 network management suite that could be exploited by remote attackers to bypass authentication and execute arbitrary code. The D-View network […]
SecurityWeek
Microsoft Warns of Office Zero-Day Attacks, No Patch Available
Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.
DarkReading
Microsoft Zero-Day Bugs Allow Security Feature Bypass
Security vendors urge organizations to fix the actively exploited bugs, in Microsoft Outlook and the Mark of the Web feature, immediately.
ThreatPost
CISA Urges Patch of Exploited Windows 11 Bug by Aug. 2
Feds urge U.S. agencies to patch a Microsoft July Patch Tuesday 2022 bug that is being exploited in the wild by August 2.
DarkReading
Critical Vulnerabilities Leave Some Network-Attached Storage Devices Open to Attack
QNAP and Synology say flaws in the Netatalk fileserver allow remote code execution and information disclosure.
DarkReading
More Than 100 Vulns in Microsoft 365 Tied to SketchUp 3D Library
While Microsoft patched the issues in June, support for SketchUp appears to remain disabled in Microsoft 365.
Security Affairs
Unpatched Microsoft Exchange Zero-Day actively exploited in the wild
Security researchers are warning of a new Microsoft Exchange zero-day that are being exploited by malicious actors in the wild. Cybersecurity firm GTSC discovered two Microsoft Exchange zero-day vulnerabilities that are under active exploitation in attacks in the wild. Both flaws were discovered by the researchers as part of an incident response activity in August […]
Trend Micro
The Samba Vulnerability: What is CVE-2021-44142 and How to Fix It
Information on the latest Samba vulnerability and how to protect systems against the threats that can exploit it.
Trend Micro
SmartScreen Vulnerability: CVE-2024-21412 Facts and Fixes
This entry aims to provide additional context to CVE-2024-21412, how it can be used by threat actors, and how Trend protects customers from this specific vulnerability.
ThreatPost
No Critical Bugs for Microsoft February 2022 Patch Tuesday, 1 Zero-Day
This batch had zero critical CVEs, which is unheard of. Most (50) of the patches are labeled Important, so don't delay to apply the patches, security experts said.
Naked Security
Critical “10-out-of-10” Linux kernel SMB hole – should you worry?
It’s serious, it’s critical, and you could call it severe… but in HHGttG terminology, it’s probably “mostly harmless”.
Security Affairs
Pwn2Own Toronto 2022 Day 2: Participants earned $281K
Pwn2Own Toronto 2022 Day Two – Participants demonstrated exploits for smart speaker, smartphone, printer, router, and NAS. On the first day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition participants earned $400,000 for 26 unique zero-day exploits. On the second day of the competition, participants earned more $281,000 for smart speaker, smartphone, printer, […]
DarkReading
Hackers Score Nearly $1M at Device-Focused Pwn2Own Contest
Offensive security researchers found 63 previously unreported vulnerabilities in printers, phones, and network-attached storage devices in the Zero Day Initiative's latest hackathon.
Bleeping Computer
Microsoft: Clop and LockBit ransomware behind PaperCut server hacks
Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to steal corporate data.
SC Magazine
Microsoft patches 2 exploited zero-days, 5 critical vulnerabilities
The fixes were among 73 the software giant released in this February's Patch Tuesday.
SC Magazine
Microsoft fixes a record 147 bugs in April release of Patch Tuesday
This month’s bumper crop of patches includes two Microsoft didn’t initially acknowledge were being exploited in the wild.
Bleeping Computer
Clop, LockBit ransomware gangs behind PaperCut server attacks
Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to steal corporate data.
SecurityWeek
SOHO Exploits Earn Hackers Over $100,000 on Day 3 of Pwn2Own Toronto 2022
Exploits simulating a real world SOHO attack earned participants well over $100,000 on the third day of Pwn2Own Toronto 2022.
Security Affairs
Pwn2Own Toronto 2022 Day 4: $989K awarded for 63 unique zero-days
The Pwn2Own Toronto 2022 is ended, and the participants earned a total of $989,750 for 63 unique zero-day exploits. The Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition has ended and these are the final numbers for the event: DEVCORE and @orange_8361 won Master of Pwn for Toronto 2022. “And we are finished! All of […]
Loading more articles....