Crowdfense – WindowsTechs.com

Idaho National Lab researcher shines a light on the market for ICS zero-days

Posted on January 22, 2020 by Sean Lyngaas

The market for previously unknown, or zero-day, software exploits has come out of the shadows in recent years as exploit brokers openly advertise million-dollar payouts. But while zero-day brokers like Zerodium and Crowdfense sometimes outline the types of exploits they buy — whether for mobile or desktop devices — much less has been said about the market for exploits that affect industrial control systems (ICS), which support critical infrastructure sectors like energy and transportation. Sarah Freeman, an analyst at the Department of Energy’s Idaho National Laboratory, is trying to help fill that void in data and, in the process, show how the ICS exploit market can be a bellwether for threats. Freeman’s hypothesis was that “if you track these bounties, you can use them as precursors or tripwires for future adversary activity.” She argues that current tallies of zero-day exploits with ICS implications are undercounted. In the first quarter of 2019, […]

The post Idaho National Lab researcher shines a light on the market for ICS zero-days appeared first on CyberScoop.

Continue reading Idaho National Lab researcher shines a light on the market for ICS zero-days→

Iranian APT, Equifax, & Crowdfense – Hack Naked News #210

Posted on March 12, 2019 by Security Weekly Productions

Severe RCE vulnerability affected popular StackStorm Automation software, Crowdfense is willing to pay $3 Million for iOS and Android Zero-Days, Equifax neglected cyber security prior to breach, Google launches new Cloud Security services, and an u… Continue reading Iranian APT, Equifax, & Crowdfense – Hack Naked News #210→

Crowdfense launches $15M 0-day 2019 global Acquisition Program

Posted on March 11, 2019 by Industry News

Crowdfense announces the launch of a $15M global Acquisition Program dedicated to the purchase and further refinement of zero-day vulnerabilities for the most popular software platforms, including Windows, MacOS, iOS and Android. The company, which lau… Continue reading Crowdfense launches $15M 0-day 2019 global Acquisition Program→

As Phones Get Harder to Hack, Zero Day Vendors Hunt for Router Exploits

Posted on March 7, 2019 by Joseph Cox

Obtaining vulnerabilities for fully up-to-date mobile phones is getting harder. So companies that sell exploits to governments are increasingly looking for attacks that target internet routers instead, with one company paying up to $100,000. Continue reading As Phones Get Harder to Hack, Zero Day Vendors Hunt for Router Exploits→

Photos: HITBSecConf2018 Dubai

Posted on November 27, 2018 by Mirko Zorz

After an 8-year gap, the Hack In The Box conference once again opened its doors in Dubai. The conference features a Capture the Flag competition, a technology exhibition with a focus area on IoT and blockchain related tech, a car hacking village, hardw… Continue reading Photos: HITBSecConf2018 Dubai→

New infosec products of the week: September 28, 2018

Posted on September 28, 2018 by Mirko Zorz

Chronicle announces VirusTotal Enterprise with greater search and analysis capabilities Chronicle, the cybersecurity subsidiary of Google’s parent company Alphabet, has announced VirusTotal Enterprise, which is aimed at helping enterprises protect thei… Continue reading New infosec products of the week: September 28, 2018→

Crowdfense launches Vulnerability Research Hub for top security researchers

Posted on September 26, 2018 by Industry News

Crowdfense officially launched the Vulnerability Research Hub out of beta. After being internally developed and fine-tuned for several months, Crowdfense opened their process-oriented platform to a wider audience of researchers and brokers interested i… Continue reading Crowdfense launches Vulnerability Research Hub for top security researchers→

Crowdfense platform to allow researchers to safely submit, discuss and sell 0day exploits

Posted on August 10, 2018 by Industry News

Crowdfense announced the launch of their Vulnerability Research Platform (VRP). This web-based collaboration platform allows vulnerability researchers to safely submit, discuss and quickly sell single 0day exploits and chains of exploits. The VRP will … Continue reading Crowdfense platform to allow researchers to safely submit, discuss and sell 0day exploits→

Zero-Day Shop Opens the Floodgates for People to Sell Exploits to Governments

Posted on August 9, 2018 by Joseph Cox

Dubai-based Crowdfense, which buys zero day exploits for iOS and a variety of other platforms, is trying to streamline the process of sourcing vulnerabilities. Continue reading Zero-Day Shop Opens the Floodgates for People to Sell Exploits to Governments→

The zero-day industry tries ‘transparency’ in Dubai

Posted on June 4, 2018 by Patrick Howell O'Neill

In an industry that tends to be quiet by design, a new international firm is deliberately making noise. Headquartered in the United Arab Emirates, Crowdfense first attracted attention in April when it announced a $10 million fund to pay enterprising hackers for zero-day exploits that the company then turns around to sell to government customers. The payouts include up to $3 million for hackers who break into iOS and Android devices. The big money comes paired with an earnest promise of “transparency” that is unique in an industry where secrecy is standard operating procedure. Crowdfense director Andrea Zapparoli Manzoni told CyberScoop that he wants to “do things differently.” The zero-day industry uncovers — through research or by purchase — exploits in computer systems and then sells them to the highest bidder. Many governments and even some private companies are involved in the business. Crowdfense shares a lot in common with its closest competitor […]

The post The zero-day industry tries ‘transparency’ in Dubai appeared first on Cyberscoop.

Continue reading The zero-day industry tries ‘transparency’ in Dubai→