Developments in the C2C market. Cyberespionage against Westminster. Notes from Russia’s hybrid war. And don’t take that typo to Timbuktu.
WormGPT is a new AI threat. TeamTNT seems to be back. Chinese intelligence services actively pursue British MPs. Gamaredon’s quick info theft. Russia’s FSB bans Apple devices. The troll farmers of the Internet Research Agency may not yet be down for the count. Anonymous Sudan claims a “demonstration” attack against PayPal, with more to come. Carole Theriault looks at popular email lures. My conversation with N2K president Simone Petrella on the White House’s National Cybersecurity Strategy Implementation Plan. And, friends, don’t take this typo to Timbuktu. Read More
$20M Offered By Russian Zero-Day Seller To Hack Android And iPhone Devices
The Russian company Operation Zero is currently offering researchers $20 million in exchange for hacking tools that would enable its customers to take control of Android and iPhone devices.
“By increasing the premium and providing competitive plans and bonuses for contract works, we encourage the developer teams to work with our platform,” the company said.
The company declared that it was raising compensation for zero-days in those platforms from $200,000 to $20 million on its Telegram accounts and on its official account on X, formerly Twitter.
Due to high demand on the market, we’re increasing payouts for top-tier mobile exploits. In the scope:
— iOS RCE/LPE/SBX/full chain — From $200,000 up to $20,000,000 (twenty millions). — Android RCE/LPE/SBX/full chain — The same.
The 2021-launched Russian-based Operation Zero further stated, “as always, the end user is a non-NATO country.”
The business states on its official website that “our clients are Russian private and government organizations only.”
Reports say that CEO Sergey Zelenyuk of Operation Zero refused to explain why they only sell to non-NATO nations. “No reasons other than the obvious ones,” he replied.
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
Specifics of the New Regulation
Zelenyuk stated that the bounties the company is now offering may be temporary and reflect a certain time in the market and the difficulties of hacking iOS and Android, reads TechCrunch report.
“The price formation of specific items is heavily dependent on the availability of the product on the zero-day market,” in an email, Zelenyuk stated.
“Full chain exploits for mobile phones are the most expensive products right now and they’re used mostly by government actors. When an actor needs a product, sometimes they’re ready to pay as much as possible to possess it before it gets into the hands of other parties.”
The 2015-founded startup Zerodium is willing to pay up to $2.5 million for a series of flaws that let users break into an Android smartphone without the target’s involvement—without the target clicking on a phishing link. According to its website, Zerodium will pay up to $2 million for the same kind of chain on iOS.
With better security mitigations and protections on newer mobile devices, hackers may require several zero-day vulnerabilities to completely compromise and seize control of a targeted device.
A rival company, Crowdfense, with headquarters in the United Arab Emirates, promises up to $3 million for similar iOS and Android bugs.
Zelenyuk stated that he doesn’t think the bounties offered by Zerodium and Crowdfense will ever fall so low.
“The Zerodium price sheet is outdated, but it doesn’t mean the company still buys for such low prices. They just don’t need to update them, the zero-day business works fine regardless of that,” said Zelenyuk.
The market for zero days is mainly unregulated. However, in other nations, businesses might need to ask their own governments for export licenses.
This process comprises requesting authorization to sell to restricted countries. As a result, the market is now fragmented and increasingly influenced by politics.
“This new regulation might enable elements in the Chinese government to stockpile reported vulnerabilities toward weaponizing them,” Microsoft said in a report from last year.
Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.
DeFi exchange dYdX v3 website hacked in DNS hijack attack
Decentralized finance (DeFi) crypto exchange dYdX announced on Tuesday that the website for its older v3 trading platform has been compromised. […] Read More