FBI: RansomHub ransomware breached 210 victims since February
Since surfacing in February 2024, RansomHub ransomware affiliates have breached over 200 victims from a wide range of critical U.S. infrastructure sectors. […] Read More
Title insurance giant First American offline after cyberattack
First American Financial Corporation, the second-largest title insurance company in the United States, took some of its systems offline today to contain the impact of a cyberattack. […] Read More
Bitwarden’s new auto-fill option adds phishing resistance
The Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the risk of user credentials being stolen through malicious form fields. […] Read More
$30 Million Bounty Rewards For Android, iOS, & Chrome Zero-day
[[{“value”:”
This year, Crowdfense is expanding its scope to encompass additional major research fields like Enterprise Software, WiFi/Baseband, and Messengers and is proposing a larger 30 million USD acquisition program.
Crowdfense is the world’s premier research and acquisition platform for high-quality zero-day exploits and advanced vulnerability research.
Both the company’s innovative “Vulnerability Research Hub” (VRH) online platform and its $10 million bug bounty program received widespread attention from researchers in 2019.
According to the company, payouts for exclusive capabilities or full chains that have not been disclosed range from USD 10,000 to USD 9 million for each successful application.
Partial chains will be assessed individually and charged accordingly.
“Within this program, Crowdfense evaluates only fully functional, top-quality zero-day exploits affecting the following platforms and products,” the company said.
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by
other email security solutions. .
Higher Rewards Of The Program
The company has disclosed that this year’s program includes significantly higher rewards.
Interestingly, the company is offering $5–$7 million for zero-day exploits on iPhones, up to $5 million for zero-days to breach Android phones, up to $3–$3.5 million for zero-days on Chrome and Safari, and $3–$5 million for zero-days on iMessage and WhatsApp.
Researchers may be able to make up to $3.5 million through exploits that allow for sandbox escape and remote code execution on iOS.
For Chrome exploits that result in remote code execution and local privilege escalation, the business is willing to pay between $2 million and $3 million; for Safari exploits of a similar nature, it will pay between $2.5 million and $3.5 million.
SMS/MMS Full Chain Zero Click: from 7 to 9 M USD
Android Zero Click Full Chain: 5 M USD
iOS Zero Click Full Chain: from 5 to 7 M USD
iOS (RCE + SBX): 3,5 M USD
Chrome (RCE + LPE): from 2 to 3 M USD
Chrome (SBX): 400k USD
Chrome (RCE w/o SBX): 400k USD
Safari (RCE + LPE): from 2,5 to 3,5 M USD
Safari (SBX): from 300 to 400k USD
Safari (RCE w/o SBX): 200k USD
Crowdfense offers many additional payments for less complex zero-day exploits that target various products, such as the Chrome and Safari browsers.
In 2019, the business made a $3 million offer for an iOS and Android zero-click remote code execution exploit.
The cost of threat intelligence teams’ findings rises as more zero-day vulnerabilities are found, so attackers have to put in more time and effort.
The company said, “Please be aware that from time to time, we will also propose high-priority bounties, with extra bonuses and private bounties to selected researchers through our Vulnerability Research Hub: be sure not to miss them!”
Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.