Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

White hat hackers earn over $1 Million at Pwn2Own Austin 2021

The Zero Day Initiative’s Pwn2Own Austin 2021 hacking contest has ended, and participants earned $1,081,250 for 61 zero-day flaws. Trend Micro’s Zero Day Initiative’s Pwn2Own Austin 2021 hacking contest has ended, the participants earned a total of $1,081,250 for 61 zero-day exploits. The participants compromised NAS devices, mobile phones, printers, routers, and speakers from Canon, Cisco, HP, NETGEAR, […]

Pwn2Own Austin 2021

The Zero Day Initiative’s Pwn2Own Austin 2021 hacking contest has ended, and participants earned $1,081,250 for 61 zero-day flaws.

Trend Micro’s Zero Day Initiative’s Pwn2Own Austin 2021 hacking contest has ended, the participants earned a total of $1,081,250 for 61 zero-day exploits. The participants compromised NAS devices, mobile phones, printers, routers, and speakers from Canon, Cisco, HP, NETGEAR, Samsung, Sonos, TP-Link, and Western Digital.

This edition is the largest Pwn2Own to date, the participants earned $362,500 on the first day of the contest, $415,000 on the second day, $238,750 on the third day, and $60,000 on the last day.

The highest bounties were paid out for zero-day exploits for Sonos One smart speaker, two teams earned $60,000 each for code execution issues.

Congratulation to the Synacktiv team that won the contest and earned $197,000 for their zero-days and 20 Master of Pwn points.

For the first time in the history of the hacking contest, white hat hackers demonstrated zero-day exploits for printers. The participants demonstrated 11 printer hacks, on the third day a team hacked an HP LaserJet printer to play the AC/DC’s Thunderstruck song.

In this edition participants also hacked the Samsun Galaxy S21, Sam Thomas (@_s_n_t) from team Pentest Limited (@pentestltd) demonstrated a zero-day exploit chain for the latest Android 11 earning $50,000.

There was also one partially successful attempt to hack the Samsung Galaxy S21, Mr L and Nguyễn Hoàng Thạch (@hi_im_d4rkn3ss) of STARLabs Team used an exploit chain that included a bug known by the vendor. They still earn $25,000 and 2.5 Master of Pwn points.

The day-by-day results for the Pwn2Own Austin 2021 are available here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, supply chain attack)

[adrotate banner=”5″]

[adrotate banner=”13″]