Tuesday, March 9, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Zerodium Offers to Buy Zero-Day Exploits at Higher Prices Than Ever

January 8, 2019
in Internet Privacy
Zerodium Offers to Buy Zero-Day Exploits at Higher Prices Than Ever
587
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Well, there’s some good news for hackers and vulnerability hunters, though terrible news for tech manufacturers!

Exploit vendor Zerodium is now willing to offer significantly higher payouts for full, working zero-day exploits that allow stealing of data from WhatsApp, iMessage and other online chat applications.

You might also like

Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks

Microsoft Exchange Cyber Attack — What Do We Know So Far?

Iranian Hackers Using Remote Utilities Software to Spy On Its Targets

Zerodium—a startup by the infamous French-based company Vupen that buys and sells zero-day exploits to government agencies around the world—said it would now pay up to $2 million for remote iOS jailbreaks and $1 million for exploits that target secure messaging apps.

Get $2 Million for Remotely Jailbreaking An iPhone

Previously, Zerodium was offering $1.5 million for persistent iOS jailbreaks that can be executed remotely without any user interaction (zero-click)—but now the company has increased that amount to $2 million.

The company is now offering $1.5 million for a remote iOS jailbreak that requires minimal user interaction (i.e., single-click)—the amount has increased from $1 million.

Get $1 Million for Selling WhatsApp and iMessage Zero-Days

Zerodium has also doubled the price for remote code execution (RCE) exploits that target secure-messaging apps like WhatsApp, iMessage, and SMS/MMS apps for all mobile operating systems, making it 1 million from $500,000.

However, the price for zero-day exploits for popular encrypted app Signal that’s widely used by many technologists, journalists, and lawyers remained at $500,000, same as before.

Other Zero-Day Buyout Offers

Here’s the list of revised prices announced Monday by Zerodium for a variety of other exploits:

  • $1 million for zero-click remote code execution exploits in Windows (previously $500,000)
  • $500,000 for remote code-execution exploits in Chrome including a sandbox escape (previously $250,000 and $200,000 for Windows and Android respectively)
  • $500,000 for Apache or Microsoft IIS RCEs, i.e., remote exploits via HTTP(S) requests (previously $250,000)
  • $500,000 for local privilege escalation attacks against Safari including a sandbox escape (previously $200,000)
  • $250,000 for Outlook RCEs, i.e., remote exploits via malicious emails (previously $150,000)
  • $250,000 for PHP or OpenSSL RCEs (previously $150,000)
  • $250,000 for Microsoft Exchange Server RCEs (previously $150,000)
  • $200,000 for Local privilege escalation to either kernel or root for Android or iOS operating system (previously $100,000)
  • $200,000 for VMWare ESXi Virtual Machine Escape i.e. guest-to-host escape (previously $100,000)
  • $100,000 for Local pin/passcode or Touch ID bypass for Android or iOS (previously $15,000)
  • $80,000 for Windows local privilege escalation or sandbox escape (previously $50,000)

The hike in the price is in line with demand and the tougher security of the latest operating systems and messaging apps, as well as to attract more researchers, hackers and bug hunters to seek complex exploit chains.

The amount paid by Zerodium to researchers for acquiring their original zero-day exploits depends on the popularity and security level of the affected software or system, as well as the quality of the submitted exploit, like is it a full or partial chain, does it affect current versions, reliability, bypassed exploit mitigations, process continuation and so on.

To claim the prize money, your research must be original and previously unreported. Zerodium also said that the company is willing to pay even higher rewards to researchers for their exceptional exploits or research.

Hackers will get the payout within a week of submitting the zero-day exploits along with a valid working proof-of-concept.

Recently, Zerodium disclosed a critical zero-day vulnerability in the NoScript browser plugin that could have been exploited to execute malicious JavaScript on victims’ Tor browsers to effectively identify their real IP address even if the maximum security level was used.


Credit: Source link

Previous Post

Comparison of the Text Distance Metrics

Next Post

New Year’s resolutions: Get your passwords shipshape

Related Posts

Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks
Internet Privacy

Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks

March 9, 2021
Microsoft Exchange Cyber Attack — What Do We Know So Far?
Internet Privacy

Microsoft Exchange Cyber Attack — What Do We Know So Far?

March 9, 2021
Iranian Hackers Using Remote Utilities Software to Spy On Its Targets
Internet Privacy

Iranian Hackers Using Remote Utilities Software to Spy On Its Targets

March 8, 2021
Researchers Find 3 New Malware Strains Used by SolarWinds Hackers
Internet Privacy

Researchers Find 3 New Malware Strains Used by SolarWinds Hackers

March 6, 2021
Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories
Internet Privacy

Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories

March 6, 2021
Next Post
New Year’s resolutions: Get your passwords shipshape

New Year’s resolutions: Get your passwords shipshape

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report
Internet Security

Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report

March 9, 2021
Is investing in AI the highest ROI opportunity?
Data Science

Is investing in AI the highest ROI opportunity?

March 9, 2021
Dalhousie researchers use machine learning to track COVID-related emotions on social media | Provincial | News
Machine Learning

Dalhousie researchers use machine learning to track COVID-related emotions on social media | Provincial | News

March 9, 2021
Ezviz C3X outdoor security camera review: Simple setup, superb features Review
Internet Security

Ezviz C3X outdoor security camera review: Simple setup, superb features Review

March 9, 2021
Operationalizing AI – Introduction to the ModelOps Pipeline
Data Science

Operationalizing AI – Introduction to the ModelOps Pipeline

March 9, 2021
SCA invests in Australian AI and machine learning company
Machine Learning

SCA invests in Australian AI and machine learning company

March 9, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report March 9, 2021
  • Is investing in AI the highest ROI opportunity? March 9, 2021
  • Dalhousie researchers use machine learning to track COVID-related emotions on social media | Provincial | News March 9, 2021
  • Ezviz C3X outdoor security camera review: Simple setup, superb features Review March 9, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates