$30 Million Bounty Rewards For Android, iOS, & Chrome Zero-day

[[{“value”:”

This year, Crowdfense is expanding its scope to encompass additional major research fields like Enterprise Software, WiFi/Baseband, and Messengers and is proposing a larger 30 million USD acquisition program.

Read moreBuilding cyber skills and roles from CyBOK foundations

Crowdfense is the world’s premier research and acquisition platform for high-quality zero-day exploits and advanced vulnerability research.

Both the company’s innovative “Vulnerability Research Hub” (VRH) online platform and its $10 million bug bounty program received widespread attention from researchers in 2019.

Read moreAccessibility as a cyber security priority

According to the company, payouts for exclusive capabilities or full chains that have not been disclosed range from USD 10,000 to USD 9 million for each successful application.

Partial chains will be assessed individually and charged accordingly.

Read moreNew interactive video - and related downloads - to help secondary school kids stay safe online

“Within this program, Crowdfense evaluates only fully functional, top-quality zero-day exploits affecting the following platforms and products,” the company said.

Document

Read moreNigerian Cybercrime Ring's Phishing Tactics Exposed

Stop Advanced Phishing Attack With AI

AI-Powered Protection for Business Email Security

Read moreS3 Ep135: Sysadmin by day, extortionist by night

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by
other email security solutions. .

Higher Rewards Of The Program

Read moreUS offers $10m bounty for Russian ransomware suspect outed in indictment

The company has disclosed that this year’s program includes significantly higher rewards. 

Interestingly, the company is offering $5–$7 million for zero-day exploits on iPhones, up to $5 million for zero-days to breach Android phones, up to $3–$3.5 million for zero-days on Chrome and Safari, and $3–$5 million for zero-days on iMessage and WhatsApp. 

Read moreBelkin Wemo Smart Plug V2 – the buffer overflow that won’t be patched

Researchers may be able to make up to $3.5 million through exploits that allow for sandbox escape and remote code execution on iOS.

For Chrome exploits that result in remote code execution and local privilege escalation, the business is willing to pay between $2 million and $3 million; for Safari exploits of a similar nature, it will pay between $2.5 million and $3.5 million.

Read moreZut alors! Raclage crapuleux! Clearview AI in 20% more trouble in France

SMS/MMS Full Chain Zero Click: from 7 to 9 M USD

Android Zero Click Full Chain: 5 M USD

Read moreHeads Up CEO! Cyber Risk Influences Company Credit Ratings

iOS Zero Click Full Chain: from 5 to 7 M USD

iOS (RCE + SBX): 3,5 M USD

Read moreCISA, NSA Issue New IAM Best Practice Guidelines

Chrome (RCE + LPE): from 2 to 3 M USD

Chrome (SBX): 400k USD

Read more6 Ways to Mitigate Risk While Expanding Access

Chrome (RCE w/o SBX): 400k USD

Safari (RCE + LPE): from 2,5 to 3,5 M USD

Read moreHypervisors and Ransomware: Defending Attractive Targets

Safari (SBX): from 300 to 400k USD

Safari (RCE w/o SBX): 200k USD

Read moreNIST Launches Cybersecurity Initiative for Small Businesses

Crowdfense offers many additional payments for less complex zero-day exploits that target various products, such as the Chrome and Safari browsers.

In 2019, the business made a $3 million offer for an iOS and Android zero-click remote code execution exploit. 

Read moreEducating Your Board of Directors on Cybersecurity

The cost of threat intelligence teams’ findings rises as more zero-day vulnerabilities are found, so attackers have to put in more time and effort.

The company said, “Please be aware that from time to time, we will also propose high-priority bounties, with extra bonuses and private bounties to selected researchers through our Vulnerability Research Hub: be sure not to miss them!”

Read morePersonal Information of 9 Million Individuals Stolen in MCNA Ransomware Attack

Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.

The post $30 Million Bounty Rewards For Android, iOS, & Chrome Zero-day appeared first on Cyber Security News.

Read moreMany Vulnerabilities Found in PrinterLogic Enterprise Software

“}]]   Read More 

Cyber Security News 

Related Posts

ISP Sends Malware to Thousands of Customers to Stop Using File-Sharing Services

ISP Sends Malware to Thousands of Customers to Stop Using File-Sharing Services

JTBC, a prominent Korean news organization, has uncovered that KT Corporation, one of South Korea’s largest telecom providers, deliberately infected over 600,000 users with malware to deter them from using torrent services.

This discovery has sent ripples through the tech community and raised severe legal and ethical questions.

The issue first surfaced in May 2020 when Webhard, a Korean cloud service provider, began receiving many user complaints about unexplained errors.

Webhard’s Grid Program, which relies on BitTorrent peer-to-peer file sharing, was found to be compromised.

An anonymous representative from Webhard stated, “There is a suspicion of a hacking attack on our grid service. It’s very malicious, interfering with it.” The company soon realized that all affected users were KT customers.

The Malware’s Impact

The malware, which originated from KT’s own data center south of Seoul, significantly impacted users’ systems.

According to MNews, the malware created strange folders, made files invisible, and completely disabled the Webhard program.

Scan Your Business Email Inbox to Find Advanced Email Threats – Try AI-Powered Free Threat Scan

In severe cases, it even rendered the entire PC inoperable. “Only KT users have problems. What the malware does on the user’s PC is to create strange folders or make files invisible. It completely disables the Webhard program itself. In some cases, the PC itself was also disabled because of it, so we reported it,” the representative added.

Legal Ramifications and Ongoing Investigations

Following Webhard’s report, police officials launched an investigation and traced the malware back to KT’s data center.

Authorities have since identified and charged 13 individuals directly connected to the malware attack, including KT employees and subcontractors.

The charges include violations of South Korea’s Protection of Communications Secrets Act and the Information and Communications Network Act.

The investigation is ongoing, and more individuals may be implicated as authorities continue to delve deeper into the case.

This incident has sparked a heated debate about how companies can protect their interests and the ethical implications of such actions.

As the investigation unfolds, the tech community and the public await further developments with bated breath.

Stay in the loop with the latest in cybersecurity by following us on Linkedin and X for daily updates!

The post ISP Sends Malware to Thousands of Customers to Stop Using File-Sharing Services appeared first on Cyber Security News.

 Read More 

 

The United Kingdom’s catastrophic ransomware attack.
The United Kingdom’s catastrophic ransomware attack.

The United Kingdom’s catastrophic ransomware attack.

The UK faces a looming threat of a catastrophic ransomware attack. The Senate confirms a new National Cyber Director. The rivalry between malware groups BatLoader and FakeBat. BazarCall phishing attack and its unusual use of Google Forms. A serious vulnerability threatens K-12 student data. Spiderman game developer Insomniac Games becomes the latest ransomware victim. Today’s guest is Tim Starks from the Washington Post’s Cybersecurity 202 with China’s influence operations in Taiwan, along with a look back at 2023. We’ll touch on Microsoft’s Patch Tuesday and why outdated password policies are still a problem.   Read More 

The CyberWire