Security News

Two researchers earned $200,000 on the second day of the Pwn2Own 2021 hacking competition for a Zoom exploit allowing remote code execution without user interaction. Also on the second day of Pwn2Own 2021, Bruno Keith and Niklas Baumstark of Dataflow Security earned $100,000 for an exploit that works both on the Chrome and Microsoft Edge web browsers.

During the first day of Pwn2Own 2021, contestants won $440,000 after successfully exploiting previously unknown vulnerabilities to hack Microsoft's Windows 10 OS, the Exchange mail server, and the Teams communication platform. The first to fall was Microsoft Exchange in the Server category after the Devcore team achieved remote code execution on an Exchange server by chaining together an authentication bypass and a local privilege escalation.

On the first day of the Pwn2Own 2021 hacking competition, participants earned more than half a million dollars, including $440,000 for demonstrating exploits against Microsoft products. The competition's organizer, Trend Micro's Zero Day Initiative, said there were seven attempts on the first day and five of them were successful.

Pwn2Own Vancouver typically takes place during the CanSecWest conference in Vancouver, Canada, but due to the coronavirus pandemic, this year's event will be hybrid - participants can submit their exploits remotely and ZDI staff in Toronto and Austin will run the exploits. The car is being offered to those who participate in the automotive category.

Bug bounty hunters have hacked routers, network-attached storage devices and smart TVs at the Zero Day Initiative's Pwn2Own Tokyo 2020 hacking competition. Due to the COVID-19 pandemic, the competition has been turned into a virtual event and Pwn2Own Tokyo is actually coordinated by Trend Micro's ZDI from Toronto, Canada, with participants demonstrating their exploits remotely.

Bug bounty hunters hacked a NETGEAR router and a Western Digital network-attached storage device on the first day of the Zero Day Initiative's Pwn2Own Tokyo 2020 hacking competition. On the first day of the event, the NETGEAR Nighthawk R7800 router was targeted by Team Black Coffee, Team Flashback, and teams from cybersecurity firms Starlabs and Trapa Security.

Trend Micro's Zero Day Initiative on Tuesday announced the rules and prizes for its Pwn2Own Tokyo 2020 hacking competition, which invites white hat hackers to demonstrate their smartphone and IoT device exploits. Pwn2Own Tokyo 2020 will take place on November 3-5 and it will coincide with the PacSec conference, which typically takes place in Tokyo that time of year.

Over the course of two days, hacking teams ranging from Flourescence, RedRocket CTF and Synacktiv attempted to hack Adobe's Acrobat Reader and Apple's macOS and virtualization platforms such as Oracle VirtualBox. During one hacking attempt, the Fluoroacetate team of Amat Cama and Richard Zhu, targeted Adobe Reader and then Windows with a local privilege escalation attack.

Over the course of two days, hacking teams ranging from Flourescence, RedRocket CTF and Synacktiv attempted to hack Adobe's Acrobat Reader and Apple's macOS and virtualization platforms such as Oracle VirtualBox. During one hacking attempt, the Fluoroacetate team of Amat Cama and Richard Zhu, targeted Adobe Reader and then Windows with a local privilege escalation attack.

Threatpost editors discuss this week's top news stories from COVID-19 themed malware attacks to Pwn2Own updates.