CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability

March 27, 2024 at 10:09AM The US Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Microsoft SharePoint Server, CVE-2023-24955, to its Known Exploited Vulnerabilities catalog. The flaw allows authenticated attackers with Site Owner privileges to execute arbitrary code. Federal agencies must apply the fixes by April 16, 2024, to secure … Read more

Mozilla fixes $100,000 Firefox zero-days following two-day hackathon

March 25, 2024 at 11:04AM Mozilla quickly patched two critical Firefox zero-day vulnerabilities after they were demonstrated by researcher Manfred Paul at the Pwn2Own event in Vancouver. The bugs, rated “critical,” allowed for out-of-bounds read/write and privileged code execution. Mozilla released Firefox 124.0.1 to address the vulnerabilities, with some users encountering upgrade issues. Paul earned … Read more

Mozilla Patches Firefox Zero-Days Exploited at Pwn2Own

March 25, 2024 at 06:18AM Mozilla has released updates for the Firefox browser to fix two zero-day vulnerabilities that were exploited at the Pwn2Own Vancouver 2024 hacking contest. The first vulnerability allows for bypass of range analysis, while the second issue leads to a sandbox escape. Both vulnerabilities are considered critical and were patched in … Read more

Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own

March 22, 2024 at 01:52PM Mozilla released security updates to fix two zero-day vulnerabilities in the Firefox web browser exploited during the Pwn2Own Vancouver 2024 hacking competition. Manfred Paul earned $100,000 and 10 Master of Pwn points after exploiting the flaws. Mozilla quickly patched the vulnerabilities in Firefox 124.0.1 and Firefox ESR 115.9.1 to prevent … Read more

Tesla, OS, Software Exploits Earn Hackers $1.1 Million at Pwn2Own 2024

March 22, 2024 at 06:30AM Participants at Pwn2Own Vancouver 2024 earned over $1.1 million, finding 29 zero-day vulnerabilities in Tesla cars, Windows, Ubuntu, Oracle VirtualBox, VMware Workstation, Chrome, Edge, and Adobe Reader. Notably, a team won $200,000 and a Tesla Model 3 for hacking a Tesla car’s electronic control unit. In total, nearly $3.5 million … Read more

Hackers earn $1,132,500 for 29 zero-days at Pwn2Own Vancouver

March 22, 2024 at 01:13AM Pwn2Own Vancouver 2024 concluded with security researchers earning $1,132,500 by demonstrating 29 zero-day vulnerabilities across various categories, including web browsers, cloud-native/container, virtualization, enterprise applications, and automotive products. Notably, Manfred Paul and Team Synacktiv emerged as top performers by exploiting various software and winning cash prizes and a Tesla Model 3. … Read more

$200,000 Awarded at Pwn2Own 2024 for Tesla Hack

March 21, 2024 at 05:51AM At Pwn2Own Vancouver 2024, participants earned over $700,000 on the first day by successfully demonstrating exploits against Tesla, Linux, Windows, and software. The Synacktiv team secured $200,000 and a Tesla Model 3 for an exploit targeting a Tesla ECU. Other significant rewards were earned for exploits involving VMware Workstation, Oracle … Read more

Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver

March 21, 2024 at 03:14AM At Pwn2Own Vancouver 2024, contestants exploited zero-day vulnerabilities, earning over $1.3 million and a Tesla Model 3 car. The exploits targeted various platforms including Windows 11, Tesla, Ubuntu Linux, and web browsers. Vendors have 90 days to create security patches for reported flaws before public disclosure by Trend Micro’s Zero … Read more

Tesla hacks make big bank at Pwn2Own’s first automotive-focused event

January 28, 2024 at 08:35PM Trend Micro’s Zero Day Initiative held an automotive-focused Pwn2Own event in Tokyo, awarding over $1.3 million for 49 vehicle-related zero day vulnerabilities. Synacktiv secured $450,000 for demonstrating six successful exploits, including gaining root access to a Tesla Modem. Additionally, critical vulnerabilities in various products were reported, urging prompt installation of … Read more

Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice

January 26, 2024 at 07:37AM Pwn2Own Automotive’s first edition ended with competitors earning $1,323,750, hacking Tesla twice, and demonstrating 49 zero-day bugs in electric car systems at the Tokyo, Japan contest. Team Synacktiv won $450,000, fuzzware.io $177,500, and Midnight Blue/PHP Hooligans $80,000. The next competition is scheduled for March 20th in Vancouver. Further details can … Read more