Security News > 2022 > April > Hackers earn $400K for zero-day ICS exploits demoed at Pwn2Own

Pwn2Own Miami 2022 has ended with competitors earning $400,000 for 26 zero-day exploits targeting ICS and SCADA products demoed during the contest between April 19 and April 21.
"Thanks again to all of the competitors who participated. We couldn't have a contest without them," Trend Micro's Zero Day Initiative said today.
After the security vulnerabilities exploited during Pwn2Own are reported, vendors are given 120 days to release patches until ZDI publicly discloses them.
During day one, they earned $20,000 after executing code on the Inductive Automation Ignition SCADA control server solution using a missing authentication weakness.
Last but not least, on day two of Pwn2Own Miami 2022, the team bypassed the trusted application check on the OPC Foundation OPC UA.NET Standard and added $40,000 to their awards stash.
During the first edition of the ICS-themed Pwn2Own Miami, held back in January 2020, ZDI awarded $280,000 for 24 unique zero-day vulnerabilities in ICS and SCADA products.
News URL
Related news
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores (source)
- SonicWall firewall exploit lets hackers hijack VPN sessions, patch now (source)
- North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack (source)
- Hackers exploit authentication bypass in Palo Alto Networks PAN-OS (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes (source)
- ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists (source)