Tag Archives: zero day exploit

Blackhat Firm Offers $500,000 for Zero-day iOS Exploit; Double Than Apple’s Highest Bounty

Last week, Apple finally announced a bug bounty program for researchers and white hat hackers to find and get paid for reporting details of zero-day vulnerabilities in its software and devices.

The company offers the biggest payout of $200,000, which is 10 times the maximum reward that Google offers and double the highest bounty paid by Microsoft.

But now Apple is going to face competition

PornHub Pays Hackers $20,000 to Find Zero-day Flaws in its Website

Cyber attacks get bigger, smarter, more damaging.

PornHub launched its bug bounty program two months ago to encourage hackers and bug bounty hunters to find and responsibly report flaws in its services and get rewarded.

Now, it turns out that the world’s most popular pornography site has paid its first bounty payout. But how much?

US $20,000!
<!– adsense –>
Yes, PornHub has paid $20,000

Hackers Selling Unpatched Microsoft Windows Zero-Day Exploit for $90,000

How much a Windows zero-day exploit that affects all versions of Windows operating system costs on the black market?

It’s $95,000, at least, for the one recently spotted by security researchers.

Researchers from Trustwave’s SpiderLabs team have uncovered a zero-day exploit on Russian underground malware forum exploit.in, affecting all versions of Microsoft Windows OS from Windows 2000 all

Warning — Widely Popular ImageMagick Tool Vulnerable to Remote Code Execution

A serious zero-day vulnerability has been discovered in ImageMagick, a widely popular software tool used by a large number of websites to process user’s photos, which could allow hackers to execute malicious code remotely on servers.

ImageMagick is an open-source image processing library that lets users resize, scale, crop, watermarking and tweak images.

The ImageMagick tool is supported by

Mac OS X Zero-Day Exploit Can Bypass Apple's Latest Protection Feature

A critical zero-day vulnerability has been discovered in all versions of Apple’s OS X operating system that allows hackers to exploit the company’s newest protection feature and steal sensitive data from affected devices.

With the release of OS X El Capitan, Apple introduced a security protection feature to the OS X kernel called System Integrity Protection (SIP). The feature is designed

Zerodium Offers $100,000 for Flash Zero-Day Exploit that Bypasses Mitigations

A well-known company popular for buying and selling zero-day vulnerabilities is now offering up to $100,000 for providing a working zero-day exploit for bypassing the Flash Player’s Heap Isolation mitigation.

Few months back, Adobe deployed Heap Isolation in Flash version 18.0.0209 with an aim at making the Use-After-Free (UAF) vulnerabilities more difficult for cybercriminals to exploit.

US Navy Soliciting Zero Days

A RFP, which has since been taken down, surfaced last week from the Naval Supply Systems Command seeking operational exploits and vulnerability intelligence for commercial software from leading IT vendors.

WordPress: Compromised Sites Leaking User Credentials

Only recently there were several reports of WordPress plugins and themes with vulnerabilities:  Last week’s XSS vulnerability, multiple ones in the eCommerce shopping card plugin The CardPress, and a Zero Day exploit in WordPress 4.2.1.

This week it seems like there is yet another one. According to researchers at Zscaler there are a couple of compromised WordPress pages out there that are all leaking credentials. “The compromised sites run backdoor code, which activates when the user submits login credentials. The credentials are encoded and sent to an attacker website in the form of a GET request. Till now, we have identified only one domain “conyouse.com” which is collecting all the credentials from these compromised sites”, the page reads.

They conclude that WordPress, as one of the most popular Content Management Systems and blogging platforms, remains an attractive target for cybercriminals – especially due to the huge user base. Administrators should always keep their WordPress installations (including addons and themes) updated and patch as soon as there are security updates available.

If you want to find out more about the dangers you could face as a blog administrator and get some advice which might help you to protect your page, take a look at Ange Albertini’s blog article concerning the topic.

The post WordPress: Compromised Sites Leaking User Credentials appeared first on Avira Blog.