zero days – Page 8 – WindowsTechs.com

Apple, Oracle, VMware products successfully hacked at Pwn2Own

Posted on March 21, 2019 by Joe Warminsky

The white-hat hacking team of Amat Cama and Richard Zhu, together known as “Flouroacetate,” took home the majority of the prize money available on the first day of this year’s Pwn2Own competition in Vancouver, demonstrating zero-day exploits against Apple’s Safari browser as well as virtualization software from Oracle and VMware. Other winners on Wednesday included “anhdaden,” also known as Phạm Hồng Phi of Singapore-based cybersecurity company STAR Labs, who targeted the Oracle software; and the phoenhex & qwerty team — Bruno Keith, Niklas Baumstark and Luca Todesco — which targeted Safari. Flouracetate won $160,000 total, while anhdaden earned $35,000 and phoenhex & qwerty claimed $45,000 in prize money. Confirmed! @fluoroacetate leveraged a race condition leading to an out-of-bounds write to escalate from a #VMware client to execute code on the host OS. The effort brings them another $70,000 and 7 more Master of Pwn points. Their Day 1 total is $160,000 […]

The post Apple, Oracle, VMware products successfully hacked at Pwn2Own appeared first on CyberScoop.

Continue reading Apple, Oracle, VMware products successfully hacked at Pwn2Own→

Zero-Days in Counter-Strike Client Used to Build Major Botnet

Posted on March 14, 2019 by Tara Seals

A full 39 percent of Counter-Strike 1.6 game servers on Steam were found to be malicious. Continue reading Zero-Days in Counter-Strike Client Used to Build Major Botnet→

Microsoft patches two zero-days exploited by FruityArmor, SandCat hacking groups

Posted on March 13, 2019 by Jeff Stone

Microsoft has released security updates for two vulnerabilities that researchers say have been exploited by suspected nation-state hacking groups dubbed FruityArmor and SandCat. The March edition of Microsoft’s Patch Tuesday — when the company introduces fixes for reported security problems — includes 64 updates, 17 of which were rated as “critical.” Attackers already have leveraged at least two of the bugs, CVE-2019-0808 and CVE-2019-0797, according to researchers from Google and Russian security vendor Kaspersky Lab. Both bugs are known as elevation of privilege vulnerabilities, and could allow outsiders to manipulate Windows machines into authorizing an action that should not be allowed. “An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode,” Microsoft wrote in a security bulletin about the vulnerabilities. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” The warning is not just theoretical. Kaspersky […]

The post Microsoft patches two zero-days exploited by FruityArmor, SandCat hacking groups appeared first on CyberScoop.

Continue reading Microsoft patches two zero-days exploited by FruityArmor, SandCat hacking groups→

Iranian APT, Equifax, & Crowdfense – Hack Naked News #210

Posted on March 12, 2019 by Security Weekly Productions

Severe RCE vulnerability affected popular StackStorm Automation software, Crowdfense is willing to pay $3 Million for iOS and Android Zero-Days, Equifax neglected cyber security prior to breach, Google launches new Cloud Security services, and an u… Continue reading Iranian APT, Equifax, & Crowdfense – Hack Naked News #210→

Obtaining vulnerabilities for fully up-to-date mobile phones is getting harder. So companies that sell exploits to governments are increasingly looking for attacks that target internet routers instead, with one company paying up to $100,000. Continue reading As Phones Get Harder to Hack, Zero Day Vendors Hunt for Router Exploits→

The Prototype iPhones That Hackers Use to Research Apple’s Most Sensitive Code

Posted on March 6, 2019 by Lorenzo Franceschi-Bicchierai

Very few people have heard of them, but “dev-fused” iPhones sold on the grey market are one of the most important tools for the best iOS hackers in the world. Continue reading The Prototype iPhones That Hackers Use to Research Apple’s Most Sensitive Code→

You Can Now Get $1 Million for Hacking WhatsApp and iMessage

Posted on January 7, 2019 by Lorenzo Franceschi-Bicchierai

Companies that buy and sell exploits, or zero-days, are now willing to offer seven figures for hacks that allow spies and cops to steal WhatsApp, iMessage and other chat app messages. Continue reading You Can Now Get $1 Million for Hacking WhatsApp and iMessage→

They Got ‘Everything’: Inside a Demo of NSO Group’s Powerful iPhone Malware

Posted on September 20, 2018 by Lorenzo Franceschi-Bicchierai

A source managed to see Israeli surveillance vendor NSO Group’s powerful iPhone malware up close. Despite a wave of highly controversial customers, the company appears to be popular worldwide. Continue reading They Got ‘Everything’: Inside a Demo of NSO Group’s Powerful iPhone Malware→

Category Archives: zero days