White Hat Hackers Earn $500,000 on First Day of Pwn2Own Ireland 2024

October 23, 2024 at 03:58AM At Pwn2Own Ireland 2024, participants earned $500,000 on the first day by successfully hacking NAS devices, cameras, speakers, and printers. The event highlights the ongoing efforts and skills of white hat hackers in cybersecurity. The post appeared on SecurityWeek. **Meeting Takeaways:** 1. **Event Overview**: Pwn2Own Ireland 2024 is currently ongoing. … Read more

Microsoft Has Yet to Patch 7 Pwn2Own Zero-Days

May 17, 2024 at 08:09AM Seven Windows privilege escalation vulnerabilities discovered at Pwn2Own 2024 remain unpatched by Microsoft, with only one fix issued so far. Trend Micro’s Zero Day Initiative, which oversees Pwn2Own, notes the potential threat these bugs pose. Microsoft’s lag in resolving these issues contrasts with prompt actions by other tech companies, prompting … Read more

Third Chrome Zero-Day Patched by Google Within One Week

May 16, 2024 at 05:09AM Google released Chrome 125 with patches for nine vulnerabilities, including high-severity bugs CVE-2024-4947 and CVE-2024-4948. Exploitation of CVE-2024-4947 could allow remote code execution, and Google acknowledged its exploitation in the wild. Updates are advised due to recent zero-day vulnerabilities. Bug bounty details have not been disclosed. From the meeting notes, … Read more

VMware Patches Severe Security Flaws in Workstation and Fusion Products

May 14, 2024 at 12:18PM Multiple security flaws have been disclosed in VMware Workstation and Fusion products, impacting versions 17.x and 13.x. Exploitable by threat actors, these flaws allow access to sensitive information, DoS conditions, and code execution. Temporary workarounds are suggested until patches can be deployed, including turning off Bluetooth support and disabling 3D … Read more

VMware fixes three zero-day bugs exploited at Pwn2Own 2024

May 14, 2024 at 10:48AM VMware addressed four security vulnerabilities, including three zero-days exploited in the Pwn2Own Vancouver 2024 hacking contest. The most severe flaw, CVE-2024-22267, allows code execution as the virtual machine’s VMX process. Two other high-severity bugs (CVE-2024-22269 and CVE-2024-22270) enable information disclosure, and the fourth vulnerability (CVE-2024-22268) creates a denial of service … Read more

VMware Patches Vulnerabilities Exploited at Pwn2Own 2024

May 14, 2024 at 09:48AM VMware, owned by Broadcom, issues security advisory for Workstation and Fusion, announcing patches for vulnerabilities exploited at Pwn2Own hacking competition. Advisories are now available on Broadcom’s support website. The latest advisory details four vulnerabilities, with three reported at Pwn2Own Vancouver 2024 and the fourth by a researcher outside the competition. … Read more

Google Patches Second Chrome Zero-Day in One Week

May 14, 2024 at 07:40AM Google has patched a second zero-day vulnerability, CVE-2024-4761, in Chrome just days after fixing CVE-2024-4671. Both flaws were exploited in attacks, with CVE-2024-4761 described as a high-severity issue. An anonymous researcher reported the vulnerability, and an exploit for it has been developed, but its effectiveness is unknown. Eight zero-days targeted … Read more

Google fixes one more Chrome zero-day exploited at Pwn2Own

April 3, 2024 at 12:40PM Google has resolved a zero-day vulnerability in Chrome, tracked as CVE-2024-3159, stemming from an out-of-bounds read weakness in the Chrome V8 JavaScript engine. The flaw allowed remote attackers to gain unauthorized access to data or trigger a crash. Google also addressed two other Chrome zero-days and two Android zero-days, underscoring … Read more

Google Patches Chrome Flaw That Earned Hackers $42,500 at Pwn2Own

April 3, 2024 at 07:12AM Google announced a new Chrome update addressing a high-severity CVE-2024-3159 bug, exploited at Pwn2Own 2024. The update also resolves two other vulnerabilities and follows last week’s update fixing CVE-2024-2886 and CVE-2024-2887 flaws. This latest iteration is now rolling out for Windows, macOS, and Linux, and users are advised to update … Read more

Google fixes Chrome zero-days exploited at Pwn2Own 2024

March 27, 2024 at 02:47PM Google fixed two zero-day security vulnerabilities in the Chrome web browser, including type confusion and use-after-free weaknesses exploited during the Pwn2Own Vancouver 2024 hacking competition. The vulnerabilities allowed for remote code execution via crafted HTML pages. The patches were released in Chrome version 123.0.6312.86/.87 for Windows and Mac and 123.0.6312.86 … Read more