Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Pwn2Own 2021 Day 1 – participants earned more than $500k

The Pwn2Own 2021 hacking competition has begun and white hat hackers participants earned more than $500000 on the first day. The Pwn2Own 2021 has begun, this year the formula for the popular hacking competition sees the distribution of the participants amongst various locations. The competition’s organizer, Trend Micro’s Zero Day Initiative (ZDI), describes this year’s […]

Pwn2Own 2021 2

The Pwn2Own 2021 hacking competition has begun and white hat hackers participants earned more than $500000 on the first day.

The Pwn2Own 2021 has begun, this year the formula for the popular hacking competition sees the distribution of the participants amongst various locations. The competition’s organizer, Trend Micro’s Zero Day Initiative (ZDI), describes this year’s event as one of the largest in Pwn2Own history, with 23 separate entries targeting 10 different products in the categories of Web Browsers, Virtualization, Servers, Local Escalation of Privilege, and – our newest category – Enterprise Communications. The overall payout pool for Pwn2Own 2021 exceeds $1.5 million in cash and other prizes.

On the first day of the competition, participants earned more than half a million dollars for demonstrating to five working exploits out of seven attempts.

One of the biggest payouts was obtained by the Devcore team that earned $200,000 for taking over a Microsoft Exchange server by chaining authentication bypass and local privilege escalation vulnerabilities. The team also received 20 Master of Pwn points.

“The Devcore team combined an authentication bypass and a local privilege escalation to complete take over the Exchange server. They earn $200,000 and 20 Master of Pwn points.” reads the post published by ZDI.

Another researcher who uses the handle OV earned $200,000 for a Microsoft Teams code execution exploit and received 20 Master of Pwn points for his findings.

Then Jack Dates from RET2 Systems chained an integer overflow in Safari and an out-of-bounds Write issue to achieve kernel code execution. He earned $100K and received 10 Master of Pwn points to start the contest off right!

The Team Viettel also earned $40,000 for a local privilege escalation vulnerability in Windows 10, while the white hat hacker Ryota Shiga of Flatt Security earned $30,000 for a privilege escalation vulnerability in Ubuntu Desktop.

There were also two failed attempts, the STAR Labs team of Billy, Calvin and Ramdhan targeting Parallels Desktop in the Virtualization category were not able to get their exploit to work within the time allotted.

The same team failed in targeting Oracle VirtualBox in the Virtualization category because they were not able to get their exploit to work within the time allotted.

At the time of this writing the second day has just begun, with a succes.

This year Tesla is offering up to $600K and a car for hacking a Testa vehicle under the automotive category, but no one has signed up for this category.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Pwn2Own 2021)

[adrotate banner=”5″]

[adrotate banner=”13″]