Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Zerodium offers up to $500,000 for Linux Zero-Day exploits

The sale of Zero-day exploits is a prolific business, zero-day broker Zerodium offers rewards of up to $500,000 FreeBSD, OpenBSD, NetBSD, Linux Zero-Days. The sale of Zero-day exploits is a prolific business that most people totally ignore, to better understand its evolution let’s analyze together the offer of the popular exploit broker Zerodium. To have […]

Microsoft Outlook

The sale of Zero-day exploits is a prolific business, zero-day broker Zerodium offers rewards of up to $500,000 FreeBSD, OpenBSD, NetBSD, Linux Zero-Days.

The sale of Zero-day exploits is a prolific business that most people totally ignore, to better understand its evolution let’s analyze together the offer of the popular exploit broker Zerodium. To have a clear idea about the company mission let’s visit the website.

ZERODIUM pays premium bounties and rewards to security researchers to acquire their original and previously unreported zero-day research affecting major operating systems, software, and devices.” reads the company web sites. “While the majority of existing bug bounty programs accept almost any kind of vulnerabilities and PoCs but pay very low rewards, at ZERODIUM we focus on high-risk vulnerabilities with fully functional exploits, and we pay the highest rewards on the market.”

Zerodium, like other zero-day brokers, buys zero-days and sell them to government agencies and law enforcement, but many privacy advocates fear that these flaws could be used by surveillance firms that sell their products to authoritarian regimes.

The company is offering rewards of up to $500,000 for zero-day exploits in UNIX-based operating systems, including OpenBSD, FreeBSD, NetBSD. The same offer is for exploits developed form popular Linux distros such as Ubuntu, CentOS, Debian, and Tails.

Prices for zero-day vary for several factors, including the market shares of the affected platforms/systems (Windows zero-day exploits for Windows are usually more valuable than Linux ones) and level of user interaction requested for the exploitation of the flaws (no click, one click, two clicks, etc.).

Other factors include the reliability for the zero-day exploit, the number of vulnerabilities that attackers need to chain to exploit the flaw, the success rate, and the OS configuration that it is necessary for the exploitation.

The rewards for Linux zero-days continues to increase, a trend already observed since February, when rewards going as high as $45,000.

The company shared the latest zero-day acquisition drive as part of its ordinary zero-day acquisition program.

The acquisition drive includes special offers, usually associated with higher fees, for specific zero-day exploits.

Zerodium is still looking for remote code execution or local privilege escalation Linux and BSD systems, it offers variable rewards that can go up to $500,000.

The firm payouts for Linux privilege escalation zero-day exploits range from $10,000 to $30,000, while a local privilege escalation (LPE) in Linux could be paid up to $100,000.

Rewards for Linux remote code execution exploits can range from $50,000 to $500,000, zero-days for CentOS and Ubuntu are most wanted.

Across the months, Zerodium published several drive searching for zero-day exploits targeting iOS,  Adobe Flash Player, the Tor Browsermobile IM apps, and Android.

zerodium Zero-day exploits

In the past Zerodium offered up to $1.5 million for an iOS zero-day exploit.

Looking at the price-list for zero-days we can notice that exploit codes for server environments, Linux have high rewards, but mobile exploits remain the most expensive in the zero-day market.

Recently a new player emerged in the zero-day market, it is Crowdfense who launched an acquisition program with prizes of $10 million.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Cybersecurity, Zero-day exploits)

[adrotate banner=”5″]

[adrotate banner=”13″]