January 28, 2024 at 08:35PM
Trend Micro’s Zero Day Initiative held an automotive-focused Pwn2Own event in Tokyo, awarding over $1.3 million for 49 vehicle-related zero day vulnerabilities. Synacktiv secured $450,000 for demonstrating six successful exploits, including gaining root access to a Tesla Modem. Additionally, critical vulnerabilities in various products were reported, urging prompt installation of patches.
Based on the meeting notes, here are the key takeaways:
1. Trend Micro’s Zero Day Initiative (ZDI) held its first automotive-focused Pwn2Own event in Tokyo, awarding over $1.3 million to discoverers of 49 vehicle-related zero day vulnerabilities.
2. Synacktiv researchers won $450,000 by demonstrating successful exploits, including gaining root access to a Tesla Modem and finding a sandbox escape in Tesla’s infotainment system.
3. Attacks on EV chargers were successful, with multiple bounties awarded for exploits.
4. Critical vulnerabilities were reported in various products, including Cisco Unified Communications and Contact Center products, MachineSense FeverWarn temperature checking kiosks, SystemK network video recorders, Voltronic Power ViewPower Pro UPS management software, APsystems ECU-C power control software, Crestron AM-300 wireless presentation systems, and Westermo Lynx 206-F2G layer three industrial ethernet switches.
5. Apple has identified a zero day vulnerability in WebKit under active exploit and has released updates to fix the issue.
6. The SEC’s Twitter account was hijacked due to a SIM swap attack, highlighting the importance of multi-factor authentication and security training.
7. A large collection of stolen login credentials has been dumped online in an unprotected database.
8. New macOS malware hidden in cracked apps has been discovered, with a focus on stealing crypto wallet seed phrases and potential for other malicious activities.
Let me know if you need further details on any specific points.