SecurityWeek
ZDI Discusses First Automotive Pwn2Own
The Zero Day Initiative (ZDI) will host a new Automotive Pwn2Own at the Automotive World Conference in Tokyo, January 24 to 26, 2024.
SecurityWeek
The Zero Day Initiative (ZDI) will host a new Automotive Pwn2Own at the Automotive World Conference in Tokyo, January 24 to 26, 2024.
Security Affairs
The Pwn2Own Vancouver 2022 hacking contest ended, Trend Micro and ZDI awarded a total of $1,155,000 for successful attempts! During the third day of the Pwn2Own Vancouver 2022 hacking competition, white hat hackers demonstrated a working exploit against Microsoft Windows 11 OS. nghiadt12 from Viettel Cyber Security demonstrated an exploit for an escalation of privilege via Integer […]
Trend Micro
Trend Micro's bug bounty program Zero Day Initiative 2023 performance gives a glimpse inside the world of threat-hunting and cyber risk prevention
Security Affairs
Mirai botnet started exploiting the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451) in TP-Link Archer A21 in recent attacks. Last week, the Zero Day Initiative (ZDI) threat-hunting team observed the Mirai botnet attempting to exploit the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451, CVSS v3: 8.8) in TP-Link Archer AX21 Wi-Fi routers. The CVE-2023-1389 flaw is an unauthenticated command injection vulnerability […]
SecurityWeek
ZDI is offering more than $1 million at the Pwn2Own Automotive hacking contest, hosted in January at the Automotive World conference in Tokyo.
DarkReading
A number of serious Windows bugs still haven't made their way into criminal circles, but that won't remain the case forever — and time is running short before ZDI releases exploit details.
Bleeping Computer
Exim developers have released patches for three of the zero-days disclosed last week through Trend Micro's Zero Day Initiative (ZDI), one of them allowing unauthenticated attackers to gain remote code execution.
DarkReading
Duston Childs and Brian Gorenc of ZDI take the opportunity at Black Hat USA to break down the many vulnerability disclosure issues making patch prioritization a nightmare scenario for many orgs.
Trend Micro
In addition to our Water Hydra APT zero day analysis, the Zero Day Initiative (ZDI) observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412.
Bleeping Computer
Trend Micro's ZDI has awarded $1,081,250 for 61 zero-days exploited at Pwn2Own Austin 2021, with competitors successfully pwning the Samsung Galaxy S21 again and hacking an HP LaserJet printer to play AC/DC's Thunderstruck on the contest's third day.
Security Affairs
Which hat hackers that participated in the Pwn2Own Miami 2022 hacking contest earned a total of $400,000 for their ICS exploits. The Pwn2Own Miami 2022 is a hacking contest organized by Trend Micro’s Zero Day Initiative (ZDI) that focuses on demonstrating exploits for ICS systems belonging to the following categories: the OPC UA Server, Control […]
Security Affairs
Microsoft released December 2022 Patch Tuesday security updates that fix 52 vulnerabilities across its products. Microsoft December 2022 Patch Tuesday security updates addressed 52 vulnerabilities in Microsoft Windows and Windows Components; Azure; Office and Office Components; SysInternals; Microsoft Edge (Chromium-based); SharePoint Server; and the .NET framework. 12 of these vulnerabilities were submitted through the ZDI program. Six vulnerabilities […]
Security Affairs
White hat hackers earned a total of $800,000 on the first day of the Pwn2Own Vancouver 2022, $450,000 for exploits targeting Microsoft Teams. Pwn2Own Vancouver 2022 hacking contest has begun, it is the 15th edition of this important event organized by Trend Micro’s Zero Day Initiative (ZDI). This year, 17 contestants are attempting to exploit […]
Cyber Security News
In March, the Zero Day Initiative (ZDI) organized a competition called “Pwn2Own.” Several vulnerabilities were discovered during this event across various technology brands, including NetGear routers. With the increasing threats targeting Internet of Things (IoT) devices, extensive research is being conducted to enhance their security measures. Participating in the competition, cybersecurity solutions firm Claroty’s team82 […]
Trend Micro
In 2021, a team of researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
Trend Micro
Researchers from Trend Micro Research, TXOne, ADLINK, Alias Robotics, and ZDI looked into the Data Distribution Service (DDS) standard and its implementations from a security angle. The full findings of this research will be presented in the S4X22 Conference in April 2022.
Infosecurity News
Zero Day Initiative says incomplete or faulty patches now commonplace
Bleeping Computer
Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations.
SecurityWeek
Patches are being developed for serious Exim vulnerabilities that could expose many mail servers to attacks.
Bleeping Computer
A critical zero-day vulnerability in all versions of Exim mail transfer agent (MTA) software can let unauthenticated attackers gain remote code execution (RCE) on Internet-exposed servers.
Bleeping Computer
Pwn2Own Miami 2022 has ended with competitors earning $400,000 for 26 zero-day exploits (and several bug collisions) targeting ICS and SCADA products demoed during the contest between April 19 and April 21.
SecurityWeek
SolarWinds patches high-severity flaws in its Access Rights Manager product, including three unauthenticated remote code execution issues.
Bleeping Computer
The Mirai malware botnet is actively exploiting a TP-Link Archer A21 (AX1800) WiFi router vulnerability tracked as CVE-2023-1389 to incorporate devices into DDoS (distributed denial of service) swarms.
Bleeping Computer
Threat actors are exploiting yet-to-be-disclosed Microsoft Exchange zero-day bugs allowing for remote code execution, according to claims made by security researchers at Vietnamese cybersecurity outfit GTSC, who first spotted and reported the attacks.
Ars Technica
Remote code execution requiring no authentication fixed. 2 other RCEs remain unpatched.
SecurityWeek
Trend Micro's Zero Day Initiative is ramping up the pressure on software vendors that consistently ship faulty, problematic security patches.
Bleeping Computer
Threat actors are exploiting yet-to-be-disclosed Microsoft Exchange zero-day bugs allowing for remote code execution, according to claims made by security researchers at Vietnamese cybersecurity outfit GTSC, who first spotted and reported the attacks.
Bleeping Computer
Threat actors are exploiting yet-to-be-disclosed Microsoft Exchange zero-day bugs allowing for remote code execution, according to claims made by security researchers at Vietnamese cybersecurity outfit GTSC, who first spotted and reported the attacks.
Cyber Security News
Four new zero-day vulnerabilities have been identified in Microsoft Exchange with server-side request forgery and remote code execution.
Security Affairs
A researcher published details and proof-of-concept (PoC) code for High-Severity macOS Sandbox escape vulnerability tracked as CVE-2022-26696. Researcher Wojciech Reguła (@_r3ggi) of SecuRing published technical details and proof-of-concept (PoC) code for a macOS sandbox escape vulnerability tracked as CVE-2022-26696 (CVSS score of 7.8). In a wrap-up published by Regula, the researcher observed that the problem is caused […]
Security Affairs
US Cybersecurity and Infrastructure Security Agency (CISA) added TP-Link, Apache, and Oracle vulnerabilities to its Known Exploited Vulnerabilities catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the following three new issues to its Known Exploited Vulnerabilities Catalog: CVE-2023-1389 (CVSS score: 8.8) – TP-Link Archer AX-21 Command Injection Vulnerability. The CVE-2023-1389 flaw is an unauthenticated […]
Security Affairs
Microsoft addressed two zero-day vulnerabilities (CVE-2024-29988 and CVE-2024-26234) actively exploited by threat actors to deliver malware
Infosecurity News
The Zero Day Initiative’s first Pwn2Own Automotive competition has handed out over $1m for 24 zero-days
Bleeping Computer
The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26.
Infosecurity News
CVE-2024-21412 was used to evade Microsoft Defender SmartScreen and implant victims with DarkMe
SecurityWeek
Pwn2Own Toronto 2022 is offering more than $1 million in cash and prizes, including $100,000 for a new SOHO attack scenario.
Trend Micro
Two vulnerabilities in PaperCut have been found, and one of them is being actively exploited in the wild. This blog entry provides a summary of the vulnerabilities, and includes security guidance for IT and SOC professionals.
Trend Micro
Trend Micro is one of the few cybersecurity vendors today that can protect your entire world, whether it is your home office and family, your drive to work, or your work environment.
Trend Micro
Contestants gather at Pwn2Own Vancouver to showcase their skills and uncover vulnerabilities
DarkReading
Zero Day Initiative awarded a total of $732,000 to researchers who found 19 unique cybersecurity vulnerabilities during the first day of Pwn2Own.
Security Affairs
Microsoft Patch Tuesday security updates for October 2022 addressed a total of 85 security vulnerabilities, including an actively exploited zero-day. Microsoft Patch Tuesday security updates for October 2022 addressed 85 new vulnerabilities in multiple products, including Microsoft Windows and Windows Components; Azure, Azure Arc, and Azure DevOps; Microsoft Edge (Chromium-based); Office and Office Components; Visual Studio […]
SecurityWeek
HP says more than 200 printer models are impacted by a severe remote code execution vulnerability that was exploited by researchers at the Pwn2Own hacking contest last year.
Bleeping Computer
The Pwn2Own Toronto 2023 hacking competition has ended with security researchers earning $1,038,500 for 58 zero-day exploits (and multiple bug collisions) targeting consumer products between October 24 and October 27.
SecurityWeek
Pwn2Own Miami 2022, a hacking contest focusing on industrial control systems (ICS), has come to an end, with contestants earning a total of $400,000 for their exploits.
Security Affairs
Researchers recently uncovered a DarkGate campaign in mid-January 2024, which exploited Microsoft zero-day vulnerability
HACKRead
Pwn2Own is back!
SecurityWeek
Microsoft drops a massive Patch Tuesday bundle and warns of an in-the-wild zero-day attack hitting Windows users.
Bleeping Computer
Lockbit ransomware affiliates are encrypting victims via Microsoft Exchange servers hacked using exploits targeting unpatched vulnerabilities.
SecurityWeek
Over $1 million paid out in the first two days of Pwn2Own Automotive for Tesla, infotainment and EV charger hacks.
Infosecurity News
Competition awards winning participants nearly $1m
SecurityWeek
On the first day of Pwn2Own Toronto 2022, participants earned $400,000 for hacking printers, routers, phones and NAS devices.
SecurityWeek
On the second day of Pwn2Own Toronto 2022, participants earned more than $280,000 for smart speaker, printer, router, smartphone and NAS exploits.
SecurityWeek
Over $1.15 million was awarded at Pwn2Own Vancouver 2022 for exploits targeting Tesla Model 3, Windows 11, Ubuntu, Microsoft Teams, Safari, Firefox and Oracle VirtualBox.
SecurityWeek
Participants have earned more than $1.3 million for hacking Teslas, EV chargers and infotainment systems at Pwn2Own Automotive.
SecurityWeek
Exploits targeting Tesla cars, operating systems, and popular software earned participants over $1.1 million at Pwn2Own Vancouver 2024.
Bleeping Computer
Print management software developer PaperCut is warning customers to update their software immediately, as hackers are actively exploiting flaws to gain access to vulnerable servers.
SecurityWeek
Microsoft patches more than 100 vulnerabilities across the Windows ecosystem and warned that three are already being exploited in the wild.
Bleeping Computer
Technical details have emerged on a serious vulnerability in Microsoft Exchange Server dubbed ProxyToken that does not require authentication to access emails from a target account.
Trend Micro
Going further and faster with high-performance network security
Security Affairs
Microsoft Patch Tuesday updates for November 2022 addressed 64 vulnerabilities, including six actively exploited zero-days. Microsoft Patch Tuesday updates for November 2022 addressed 64 new vulnerabilities in Microsoft Windows and Windows Components; Azure and Azure Real Time Operating System; Microsoft Dynamics; Exchange Server; Office and Office Components; SysInternals; Visual Studio; SharePoint Server; Network Policy Server […]
Bleeping Computer
Pwn2Own Toronto 2022 has ended with competitors earning $989,750 for 63 zero-day exploits (and multiple bug collisions) targeting consumer products between December 6th and December 9th.
SecurityWeek
Smart speakers, printers, routers, NAS devices, and mobile phones were hacked on the second day at Pwn2Own Toronto 2023.
Infosecurity News
The Synacktiv team won its second Tesla car for finding one of 19 zero-day bugs on the first day of Pwn2Own Vancouver
Security Affairs
Microsoft Patches Tuesday security updates for April 2024 addressed three Critical vulnerabilities, none actively exploited in the wild. Microsoft Patches Tuesday security updates for April 2024 addressed 147 vulnerabilities in multiple products. This is the highest number of fixed issues from Microsoft this year and the largest since at least 2017. The issues impact Microsoft […]
SecurityWeek
On the first day of Pwn2Own Automotive participants earned over $700,000 for hacking Tesla, EV chargers and infotainment systems.
Latest Hacking News
Heads up, WinRAR users! It’s time to update your systems with the latest WinRAR version to avoid security risks. The developers have patched a severe security flaw in WinRAR that could allow remote code execution
Security Affairs
Microsoft Patches Tuesday security updates for April 2024 addressed three Critical vulnerabilities, none actively exploited in the wild.
SecurityWeek
VMware has patched three critical and high-severity vulnerabilities exploited earlier this year at the Pwn2Own hacking competition.
SecurityWeek
Ivanti has patched critical- and high-severity vulnerabilities with the latest release of Avalanche enterprise MDM solution
SecurityWeek
NAS devices, printers, IP cameras, speakers, and mobile phones were hacked on the first day at Pwn2Own Toronto 2023.
Bleeping Computer
D-Link has fixed two critical-severity vulnerabilities in its D-View 8 network management suite that could allow remote attackers to bypass authentication and execute arbitrary code.
DarkReading
SolarWinds' access controls contain five high and three critical-severity security vulnerabilities that need to be patched yesterday.
Bleeping Computer
During the second day of Pwn2Own Vancouver 2023, competitors were awarded $475,000 after successfully exploiting 10 zero-days in multiple products.
The Hacker News
📢 Attention IT Admins! Multiple vulnerabilities in Exim mail agent exposed. Find out how unauthenticated attackers could exploit these vulnerabilitie
SecurityWeek
The details of 10 unpatched Loytec building automation product vulnerabilities have been disclosed two years after their discovery.
The Hacker News
Microsoft has confirmed that hackers linked to Cl0p and LockBit ransomware families are actively exploiting PaperCut servers.
Bleeping Computer
Pwn2Own Vancouver 2024 has ended with security researchers collecting $1,132,500 after demoing 29 zero-days (and some bug collisions).
The Hacker News
Researchers warn of a new unpatched zero-day vulnerability in Microsoft Exchange servers that is being exploited by attackers to achieve RCE.
Bleeping Computer
Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada.
Trend Micro
The APT group Water Hydra has been exploiting the zero-day Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in its campaigns targeting financial market traders. This vulnerability, which has now been patched by Microsoft, was discovered and disclosed by the Trend Micro Zero Day Initiative.
Bleeping Computer
SolarWinds has patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities that allow unauthenticated exploitation.
Security Affairs
D-Link fixed two critical flaws in its D-View 8 network management suite that could lead to authentication bypass and arbitrary code execution. D-Link has addressed two critical vulnerabilities (CVSS score: 9.8) in its D-View 8 network management suite that could be exploited by remote attackers to bypass authentication and execute arbitrary code. The D-View network […]
SecurityWeek
Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.
DarkReading
Security vendors urge organizations to fix the actively exploited bugs, in Microsoft Outlook and the Mark of the Web feature, immediately.
ThreatPost
Feds urge U.S. agencies to patch a Microsoft July Patch Tuesday 2022 bug that is being exploited in the wild by August 2.
DarkReading
QNAP and Synology say flaws in the Netatalk fileserver allow remote code execution and information disclosure.
DarkReading
While Microsoft patched the issues in June, support for SketchUp appears to remain disabled in Microsoft 365.
Security Affairs
Security researchers are warning of a new Microsoft Exchange zero-day that are being exploited by malicious actors in the wild. Cybersecurity firm GTSC discovered two Microsoft Exchange zero-day vulnerabilities that are under active exploitation in attacks in the wild. Both flaws were discovered by the researchers as part of an incident response activity in August […]
Trend Micro
Information on the latest Samba vulnerability and how to protect systems against the threats that can exploit it.
Trend Micro
This entry aims to provide additional context to CVE-2024-21412, how it can be used by threat actors, and how Trend protects customers from this specific vulnerability.
ThreatPost
This batch had zero critical CVEs, which is unheard of. Most (50) of the patches are labeled Important, so don't delay to apply the patches, security experts said.
Naked Security
It’s serious, it’s critical, and you could call it severe… but in HHGttG terminology, it’s probably “mostly harmless”.
Security Affairs
Pwn2Own Toronto 2022 Day Two – Participants demonstrated exploits for smart speaker, smartphone, printer, router, and NAS. On the first day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition participants earned $400,000 for 26 unique zero-day exploits. On the second day of the competition, participants earned more $281,000 for smart speaker, smartphone, printer, […]
DarkReading
Offensive security researchers found 63 previously unreported vulnerabilities in printers, phones, and network-attached storage devices in the Zero Day Initiative's latest hackathon.
Bleeping Computer
Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to steal corporate data.
SC Magazine
The fixes were among 73 the software giant released in this February's Patch Tuesday.
SC Magazine
This month’s bumper crop of patches includes two Microsoft didn’t initially acknowledge were being exploited in the wild.
Bleeping Computer
Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to steal corporate data.
SecurityWeek
Exploits simulating a real world SOHO attack earned participants well over $100,000 on the third day of Pwn2Own Toronto 2022.
Security Affairs
The Pwn2Own Toronto 2022 is ended, and the participants earned a total of $989,750 for 63 unique zero-day exploits. The Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition has ended and these are the final numbers for the event: DEVCORE and @orange_8361 won Master of Pwn for Toronto 2022. “And we are finished! All of […]
Loading more articles....