430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Pwn2Own 2020 – Participants hacked Adobe Reader, Oracle VirtualBox, and Windows

Pwn2Own 2020 Day 2 -Participants earned a total of $90,000 for exploits targeting Oracle VirtualBox, Adobe Reader and Windows. The Coronavirus outbreak hasn’t stopped the Pwn2Own hacking conference, for the first time its organizer, the Zero Day Initiative (ZDI), has decided to arrange the event allowing the participants to remotely demonstrate their exploits. Day 2 […]

Pwn2Own 2020

Pwn2Own 2020 Day 2 -Participants earned a total of $90,000 for exploits targeting Oracle VirtualBox, Adobe Reader and Windows.

The Coronavirus outbreak hasn’t stopped the Pwn2Own hacking conference, for the first time its organizer, the Zero Day Initiative (ZDI), has decided to arrange the event allowing the participants to remotely demonstrate their exploits.

Day 2 begun with Phi Phạm Hồng of STAR Labs that demonstrated a working VirtualBox exploit that resulted in a guest OS escape and arbitrary code execution on the host. The exploit involved out-of-bounds read and uninitialized variable bugs.

“Phi Phạm Hồng (@4nhdaden) of STAR Labs (@starlabs_sg) targeting Oracle VirtualBox in the Virtualization category.” reads the page of the event.

SUCCESS – Day Two kicks off with 4nhdaden using an OOB Read for an info leak and an unitialized variable for code execution on the hypervisor. He earns himself $40,000 and 4 Master of Pwn points.

Later the popular duo Amat Cama and Richard Zhu of team Fluoroacetate earned $50,000 for hijacking a system by exploiting use-after-free vulnerabilities in Adobe Reader and the Windows kernel.

The white hat hackers used a pair of UAFs – one in Acrobat and one in the Windows kernel – to elevate privilieges and to over the system. They also received 5 points towards Master of Pwn.

On Day 2 of the Pwn2Own there ware also some failures, the Synacktiv team attempted to hack VMware Workstation without success.

At the end of the day, Lucas Leong of the Zero Day Initiative (ZDI) demonstrated a guest-to-host escape on VirtualBox.

During the first day of the Pwn2Own 2020 hacking competition, participants earned a total of $180,000 for exploits targeting Windows 10, Ubuntu Desktop and macOS.

The total amount paid out this year is half of what the participants received last year. Cama and Zhu won a total of $375,000 in cash in the three days for exploits against Safari, Oracle VirtualBox, VMware Workstation, Firefox, and Microsoft Edge.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Hacking, Pwn2Own 2020)

[adrotate banner=”5″]

[adrotate banner=”13″]