Zero-day broker: Stop sending us Apple bugs, we have enough already

A company that pays hackers to submit serious security vulnerabilities says it’s made aware of so many flaws in various Apple operating systems that it will temporarily stop acquiring new attack techniques. In a tweet Wednesday, Zerodium said it will stop accepting Apple iOS bugs that lead to “local privilege escalation,” which attackers use to dig deeper into an infected device, remote code execution bugs in the the company’s Safari web browser, or “sandbox escape” tools, which enable attackers to move from an app to other areas of a device. We will NOT be acquiring any new Apple iOS LPE, Safari RCE, or sandbox escapes for the next 2 to 3 months due to a high number of submissions related to these vectors. Prices for iOS one-click chains (e.g. via Safari) without persistence will likely drop in the near future. — Zerodium (@Zerodium) May 13, 2020 In a follow-up tweet, […]

The post Zero-day broker: Stop sending us Apple bugs, we have enough already appeared first on CyberScoop.

Continue reading Zero-day broker: Stop sending us Apple bugs, we have enough already

Idaho National Lab researcher shines a light on the market for ICS zero-days

The market for previously unknown, or zero-day, software exploits has come out of the shadows in recent years as exploit brokers openly advertise million-dollar payouts. But while zero-day brokers like Zerodium and Crowdfense sometimes outline the types of exploits they buy — whether for mobile or desktop devices — much less has been said about the market for exploits that affect industrial control systems (ICS), which support critical infrastructure sectors like energy and transportation. Sarah Freeman, an analyst at the Department of Energy’s Idaho National Laboratory, is trying to help fill that void in data and, in the process, show how the ICS exploit market can be a bellwether for threats. Freeman’s hypothesis was that “if you track these bounties, you can use them as precursors or tripwires for future adversary activity.” She argues that current tallies of zero-day exploits with ICS implications are undercounted. In the first quarter of 2019, […]

The post Idaho National Lab researcher shines a light on the market for ICS zero-days appeared first on CyberScoop.

Continue reading Idaho National Lab researcher shines a light on the market for ICS zero-days

Zerodium to pay up to $2.5 million for reporting 0-day Android exploits

By Uzair Amir
Zero-Day Android exploits are now more valuable then iOS exploits.
This is a post from HackRead.com Read the original post: Zerodium to pay up to $2.5 million for reporting 0-day Android exploits
Continue reading Zerodium to pay up to $2.5 million for reporting 0-day Android exploits

Earn $2.5 million if you find a remote zero-day exploit for Android

A vulnerability broker is offering up to $2.5 million for zero-day remote exploits which would allow attackers to infect a remote Android smartphone with malware, with no user interaction required. But who will they then sell exploits to?
Continue reading Earn $2.5 million if you find a remote zero-day exploit for Android

Zerodium offers $2.5 million for Android zero-days, in keeping with market rates

For the first time, exploit sellers who provide Zerodium with fresh break-in techniques for Android devices can now earn more money from those tools than they would for similar hacks of iOS devices, the company announced Tuesday. The Washington, D.C., firm just updated its price list, promising to pay $2.5 million to hackers who demonstrate a zero-click exploit chain, a powerful tool that requires no user interaction, for Android devices. Compare that to the $1 million reward available for a one-click iOS full chain exploit against iOS, knocked down today from $1.5 million. Zerodium, founded in 2015, is dedicated to purchasing unpatched security vulnerabilities then re-selling those zero-days to corporate and government clients. It didn’t offer any specific explanations for the latest price changes. A security researcher who pays attention to the market said this round of updates might be pointing to some shifts in how Zerodium’s customers view iOS devices. “The change in exploit prices is […]

The post Zerodium offers $2.5 million for Android zero-days, in keeping with market rates appeared first on CyberScoop.

Continue reading Zerodium offers $2.5 million for Android zero-days, in keeping with market rates

As Phones Get Harder to Hack, Zero Day Vendors Hunt for Router Exploits

Obtaining vulnerabilities for fully up-to-date mobile phones is getting harder. So companies that sell exploits to governments are increasingly looking for attacks that target internet routers instead, with one company paying up to $100,000. Continue reading As Phones Get Harder to Hack, Zero Day Vendors Hunt for Router Exploits

Smashing Security #110: What? You can get paid to leave Facebook?

Twitter and the not-so-ethical hacking of celebrity accounts, study discovers how you can pay someone to quit Facebook for a year, and the millions of dollars you can make from uncovering software vulnerabilities.
All this and much more is discussed i… Continue reading Smashing Security #110: What? You can get paid to leave Facebook?

Etherium, Zerodium, Containers – Hack Naked News #202

    Etherium hit by Double Spend attack, NSA to release reverse engineering tool for free, a Skype Glitch allowed Android Authentication Bypass, Zerodium offers $2Million for remote iOS jailbreaks, and Tens of Thousands of Hot Tubs are exposed to hack!… Continue reading Etherium, Zerodium, Containers – Hack Naked News #202