CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
Related Posts
Instagram’s Twitter Alternative ‘Threads’ Launch Halted in Europe Over Privacy Concerns
Instagram’s Twitter Alternative ‘Threads’ Launch Halted in Europe Over Privacy Concerns
Instagram Threads, the upcoming Twitter competitor from Meta, will not be launched in the European Union due to privacy concerns, according to Ireland’s Data Protection Commission (DPC).
The development was reported by the Irish Independent, which said the watchdog has been in contact with the social media giant about the new product and confirmed the release won’t extend to the E.U. "at this Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Kansas courts IT systems offline after ‘security incident’
Kansas courts IT systems offline after ‘security incident’
Information systems of state courts across Kansas are still offline after they’ve been disrupted in what the Kansas judicial branch described last Thursday as a “security incident.” […] Read More
BleepingComputer
$20M Offered By Russian Zero-Day Seller To Hack Android And iPhone Devices
$20M Offered By Russian Zero-Day Seller To Hack Android And iPhone Devices
The Russian company Operation Zero is currently offering researchers $20 million in exchange for hacking tools that would enable its customers to take control of Android and iPhone devices.
“By increasing the premium and providing competitive plans and bonuses for contract works, we encourage the developer teams to work with our platform,” the company said.
The company declared that it was raising compensation for zero-days in those platforms from $200,000 to $20 million on its Telegram accounts and on its official account on X, formerly Twitter.
Due to high demand on the market, we’re increasing payouts for top-tier mobile exploits. In the scope:
— iOS RCE/LPE/SBX/full chain — From $200,000 up to $20,000,000 (twenty millions).
— Android RCE/LPE/SBX/full chain — The same.
As always, the end user is a non-NATO country.
— Operation Zero (@opzero_en) September 26, 2023
The 2021-launched Russian-based Operation Zero further stated, “as always, the end user is a non-NATO country.”
The business states on its official website that “our clients are Russian private and government organizations only.”
Reports say that CEO Sergey Zelenyuk of Operation Zero refused to explain why they only sell to non-NATO nations. “No reasons other than the obvious ones,” he replied.
Document
FREE Demo
Deploy Advanced AI-Powered Email Security Solution
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
Specifics of the New Regulation
Zelenyuk stated that the bounties the company is now offering may be temporary and reflect a certain time in the market and the difficulties of hacking iOS and Android, reads TechCrunch report.
“The price formation of specific items is heavily dependent on the availability of the product on the zero-day market,” in an email, Zelenyuk stated.
“Full chain exploits for mobile phones are the most expensive products right now and they’re used mostly by government actors. When an actor needs a product, sometimes they’re ready to pay as much as possible to possess it before it gets into the hands of other parties.”
The 2015-founded startup Zerodium is willing to pay up to $2.5 million for a series of flaws that let users break into an Android smartphone without the target’s involvement—without the target clicking on a phishing link. According to its website, Zerodium will pay up to $2 million for the same kind of chain on iOS.
With better security mitigations and protections on newer mobile devices, hackers may require several zero-day vulnerabilities to completely compromise and seize control of a targeted device.
A rival company, Crowdfense, with headquarters in the United Arab Emirates, promises up to $3 million for similar iOS and Android bugs.
Zelenyuk stated that he doesn’t think the bounties offered by Zerodium and Crowdfense will ever fall so low.
“The Zerodium price sheet is outdated, but it doesn’t mean the company still buys for such low prices. They just don’t need to update them, the zero-day business works fine regardless of that,” said Zelenyuk.
The market for zero days is mainly unregulated. However, in other nations, businesses might need to ask their own governments for export licenses.
This process comprises requesting authorization to sell to restricted countries. As a result, the market is now fragmented and increasingly influenced by politics.
“This new regulation might enable elements in the Chinese government to stockpile reported vulnerabilities toward weaponizing them,” Microsoft said in a report from last year.
Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.
The post $20M Offered By Russian Zero-Day Seller To Hack Android And iPhone Devices appeared first on Cyber Security News.
Cyber Security News