![]() ![]() Zerodium's tweet is unsettling, given that ExpressVPN, NordVPN, and Surfshark are highly rated and popular VPN services. For now, Zerodium is merely calling on hackers and security researchers to submit “pre-offers” for the zero-day exploits via its website. ![]() But its bounties can range from $100,000 up to $2.5 million for the most powerful zero-day exploits against Android and iOS. Zerodium didn't say how much it's willing to pay for the hacking techniques. Best Hosted Endpoint Protection and Security Software.Windows, macOS, LinuxBSD, iOS, and Android are the most popular. ![]() ![]() It’s interesting to note as well that for both mobile and desktop platforms, Zerodium offers payments for any operating system. Zerodium announced a temporary boost in payouts for Chrome vulnerabilities earlier this year and offered $1,000,000 for remote code execution (RCE) and sandbox escape exploit (SBX). Only a limited number of government clients have access to obtained zero-day research, according to the firm, which is guided by ethics and picks customers based on stringent criteria and screening processes. Government institutions, especially from Europe and North America, who require advanced zero-day vulnerabilities and cybersecurity skills make up Zerodium’s customer base. The rationale for the exploit broker’s disclosure is unknown, but one possibility is that government customers want a means to detect cybercrime hidden behind VPN services. Why Does Zerodium Want the Zero-Day Exploits? The vulnerabilities targeting Windows clients for NordVPN, ExpressVPN, and SurfShark VPN services are of special relevance to Zerodium at the moment, as the vulnerability broker announced.Īs reported by BleepingComputer , Zerodium is looking for problems that might expose information about users, their IP addresses, and vulnerabilities that could be exploited to execute malware remotely, but local privilege escalation is one sort of vulnerability that the broker does not want. Vulnerabilities generate security gaps that hackers can exploit if they are not fixed.īy routing your internet connection through the provider’s servers, VPN services allow you to disguise your IP address when accessing resources on the internet, as this type of routing makes it more difficult for third parties to trace your online activities, in this way improving your internet privacy. Unintentional flaws, as well as programming mistakes in software programs or operating systems, can lead to vulnerabilities. Local privilege escalation is out of scope.Īs my colleague, Cezarina, thoroughly explains, a zero-day exploit refers to the method used by attackers to infiltrate and deploy the malware into a system. We’re looking for #0day exploits affecting VPN software for Windows:Įxploit types: information disclosure, IP address leak, or remote code execution. Zerodium stated today in a brief tweet that it is looking to buy zero-day exploits for vulnerabilities in three prominent virtual private networks (VPN) service providers. The goal of Zerodium is to gather together independent security researchers to give institutional clients the most sophisticated and strong cybersecurity capabilities. Zerodium is a premium bug bounty platform created by cybersecurity specialists with zero-day exploit and vulnerability research experience. ![]()
0 Comments
Leave a Reply. |