Collaborate Disseminate
Dubai-based Crowdfense, which buys zero day exploits for iOS and a variety of other platforms, is trying to streamline the process of sourcing vulnerabilities. Continue reading Zero-Day Shop Opens the Floodgates for People to Sell Exploits to Governments
Global software companies are increasingly turning to attackers for help identifying security vulnerabilities in their offerings – and they’re not the only ones. Conservative government agencies are even beginning to welcome bug bounty hunters. Just re… Continue reading Exploring the dynamics of the attacker economy
In an industry that tends to be quiet by design, a new international firm is deliberately making noise. Headquartered in the United Arab Emirates, Crowdfense first attracted attention in April when it announced a $10 million fund to pay enterprising hackers for zero-day exploits that the company then turns around to sell to government customers. The payouts include up to $3 million for hackers who break into iOS and Android devices. The big money comes paired with an earnest promise of “transparency” that is unique in an industry where secrecy is standard operating procedure. Crowdfense director Andrea Zapparoli Manzoni told CyberScoop that he wants to “do things differently.” The zero-day industry uncovers — through research or by purchase — exploits in computer systems and then sells them to the highest bidder. Many governments and even some private companies are involved in the business. Crowdfense shares a lot in common with its closest competitor […]
The post The zero-day industry tries ‘transparency’ in Dubai appeared first on Cyberscoop.
Continue reading The zero-day industry tries ‘transparency’ in Dubai
A startup that buys zero-day exploits will pay hackers $45,000 for Linux local privilege escalation exploits against popular operating systems like Ubuntu, Debian and Fedora. The company, Zerodium, is famous for its exploit-buying program. It pays bounties as high as $1.5 million bounty if the research is completely original and the target is right. The price depends on the security of the target and the demand in the market. The program might be widely known in the cybersecurity community, but the results are highly secret: Zerodium, based in Washington, D.C., sells its exploits to government customers who will pay for the ability to break virtually any kind of computer. Privilege escalation exploits are particularly valuable because they allow an attacker to gain access to parts of a computer that would otherwise be restricted from them. The new $45,000 bounty for Linux local privilege escalations is a $15,000 raise above Zerodium’s usual $30,000 price tag, suggesting a […]
The post $45,000 bounty offered for Linux zero days appeared first on Cyberscoop.
No excuses for Equifax, mixed reviews for Apple’s facial recognition, Adobe and Microsoft patch away, one MILLION dollars for Tor zero-days, and more security news! Paul’s Stories Windows 10 to Give More Control Over App-level Permissions Adobe Fixes Eight Vulnerabilities in Flash, RoboHelp, Flash Player Microsoft Patches .NET Zero Day Vulnerability in September Update Thousands […]
The post Windows 10, Zerodium, Linus Torvalds, and Equifax – Paul’s Security Weekly #530 appeared first on Security Weekly.
Continue reading Windows 10, Zerodium, Linus Torvalds, and Equifax – Paul’s Security Weekly #530
Zerodium, a hacking company that sells exploits to governments around the world, is now offering $1 million for previously undiscovered vulnerabilities in the Tor web browser. The top prize, a $250,000 bounty, requires a researcher to be able to demonstrate a remote code exploit against Tor while the browser is at its highest security settings on either Windows 10 or the security-focused operating systems TAILS. The attack vector has to be a website targeting the Tor Browser. The Tor browser anonymizes web traffic, encrypting it between computers known as nodes. The network’s architecture makes determining the origin of traffic extremely difficult. The section of the internet known as the “dark web” is only accessible via the Tor browser. The six-figure prize comes weeks after Zerodium placed $500,000 bounties on secure messenger applications, like Signal, Telegram and WhatsApp. The highest single bounty offered by the company is $1.5 million for an iPhone zero-day vulnerability […]
The post $1 million bounty offered for Tor Browser zero-day exploits appeared first on Cyberscoop.
Continue reading $1 million bounty offered for Tor Browser zero-day exploits
Exploit acquisition vendor Zerodium said Wednesday it will pay up to $1M for an unknown Tor Browser zero day. Continue reading Zerodium Offering $1M for Tor Browser Zero Days
It seems like Tor Browser zero-day exploits are in high demand right now—so much so that someone is ready to pay ONE MILLION dollars.
Zerodium—a company that specialises in acquiring and reselling zero-day exploits—just announced that it will pay up to USD 1,000,000 for working zero-day exploits for the popular Tor Browser on Tails Linux and Windows operating system.
Tor browser users should
The news of the week is discussed, including the AWS S3 leaks, Zerodium’s bounty on messaging app zero days, Ropemaker, and cobot vulnerabilities. Continue reading Threatpost News Wrap, August 25, 2017
Zerodium announced new $500,000 payouts for zero days in secure messaging apps such as Signal, WhatsApp and others. Continue reading Zerodium Offers $500K for Secure Messaging App Zero Days