49 unique zero-days Uncovered in Pwn2Own Automotive

On the final day of Pwn2Own Automotive 2024 - Day 3, researchers were granted $1,323,750 in rewards for identifying 49 distinct zero-days.
Particularly, the infotainment system and modem of Tesla were attacked by the Synacktiv team, and each vulnerability earned $100,000.
Computest Sector 7 exploited the ChargePoint Home Flex by using a 2-bug chain.
Together with four Master of Pwn Points, they receive $20,000.
Sina Kheirkhah exploited the Ubiquiti Connect EV by using a 2-bug chain.
Six Master of Pwn Points and $30,000 are his earnings.
Connor Ford of Nettitude exploited the JuiceBox 40 Smart EV Charging Station by using a stack-based buffer overflow.
The EMPORIA EV Charger Level 2 was exploited by fuzzware.io via a buffer overflow.
Six Master of Pwn Points and $60,000 are their earnings.
Highlights of the Day 1 of Pwn2Own Automotive's research participants received awards totaling over $700,000.
Sina Kheirkhah earned $60,000 by successfully launching his attack on ChargePoint Home Flex.
A 2-bug chain was carried out by Synacktiv against the JuiceBox 40 Smart EV Charging Station and $60,000 is their earnings.
Using a UAF exploit, the PCAutomotive Team was able to successfully target the Alpine Halo9 iLX-F509 and earn $40,000.
Highlights from Day 2 of Pwn2Own Automotive: Over $1 million in rewards were offered to researchers.
Using a 3-bug chain, the PHP Hooligans and Midnight Blue team exploited the Phoenix Contact CHARX SEC-3100 and earned $30,000.
Synacktiv exploited Automotive Grade Linux by using a 3-bug chain and earned $35,000.
Fuzzware.io exploited the ChargePoint Home Flex with a two-bug chain and received $30,000 rewards.
ZDI is currently getting ready to host Pwn2Own Vancouver 2024, which is scheduled for March 20 to 22 in Vancouver, Canada.
Over $1 million will be awarded in prizes for that event.
A thorough summary of the Pwn2Own Automotive 2024 Day 3 results is available here for your reference.


This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 26 Jan 2024 16:20:43 +0000


Cyber News related to 49 unique zero-days Uncovered in Pwn2Own Automotive

Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice - The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26. Throughout the contest organized by Trend ...
9 months ago Bleepingcomputer.com
Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance ...
11 months ago Bleepingcomputer.com
VMware fixes three zero-day bugs exploited at Pwn2Own 2024 - VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. The most severe flaw patched today is CVE-2024-22267, a ...
6 months ago Bleepingcomputer.com
49 unique zero-days Uncovered in Pwn2Own Automotive - On the final day of Pwn2Own Automotive 2024 - Day 3, researchers were granted $1,323,750 in rewards for identifying 49 distinct zero-days. Particularly, the infotainment system and modem of Tesla were attacked by the Synacktiv team, and each ...
9 months ago Cybersecuritynews.com
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
6 months ago Bleepingcomputer.com
Hackers earn over $1 million for 58 zero-days at Pwn2Own Toronto - The Pwn2Own Toronto 2023 hacking competition has ended with security researchers earning $1,038,500 for 58 zero-day exploits targeting consumer products between October 24 and October 27. During the Pwn2Own Toronto 2023 hacking event organized by ...
11 months ago Bleepingcomputer.com
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
11 months ago Bleepingcomputer.com
Apple fixes two new iOS zero-days in emergency updates - Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. "Apple is aware of a report that this issue may ...
11 months ago Bleepingcomputer.com
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
5 months ago Securityaffairs.com
VMware Patches Vulnerabilities Exploited at Pwn2Own 2024 - Broadcom-owned VMware on Tuesday published a security advisory to inform Workstation and Fusion customers that patches are available for vulnerabilities exploited earlier this year at the Pwn2Own hacking competition. It's worth noting that VMware ...
6 months ago Securityweek.com
Tesla hackers win big at first Pwn2Own automotive hack fest The Register - Infosec in brief Trend Micro's Zero Day Initiative held its first-ever automotive-focused Pwn2Own event in Tokyo last week, and awarded over $1.3 million to the discoverers of 49 vehicle-related zero day vulnerabilities. Researchers from French ...
9 months ago Go.theregister.com
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
9 months ago Darkreading.com
Ivanti Connect Secure zero-days now under mass exploitation - Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control appliances are now under mass exploitation. As discovered by threat intelligence company Volexity, which also first spotted the zero-days ...
10 months ago Bleepingcomputer.com
VicOne Partners With 42Crunch to Deliver Comprehensive Security Across SDV and Connected-Vehicle Ecosystem - PRESS RELEASE. DALLAS and TOKYO, May 29, 2024- VicOne, an automotive cybersecurity solutions leader, today announced a partnership with 42Crunch to enhance the security of application programming interfaces for the software-defined vehicle and ...
5 months ago Darkreading.com
Zero Trust Security Framework: Implementing Trust in Business - The Zero Trust security framework is an effective approach to enhancing security by challenging traditional notions of trust. Zero Trust Security represents a significant shift in the cybersecurity approach, challenging the conventional concept of ...
9 months ago Securityzap.com
Zero-Trust Architecture in Modern Cybersecurity - Clearly, organizations need more robust cybersecurity protections in place, which is leading many to adopt a zero-trust architecture approach. Zero-trust flips conventional security on its head by shifting from an implicit trust model to one where ...
8 months ago Feeds.dzone.com
OT Cybersecurity for Automotive Industry - OT systems are ubiquitous across all critical infrastructure industries, such as Oil and Gas, Automotive, Energy, Water Utilities, and Transportation. OT infrastructure is very vital to any nation's security to ensure the delivery of essential ...
11 months ago Feeds.dzone.com
Top Cyber Threats Automotive Dealerships Should Look Out For - Automotive dealerships are attractive targets for hackers. A combination of storing lots of sensitive customer data, handling large financial transactions, increased dependence on digital technologies and a perception of immature cybersecurity all ...
8 months ago Securityboulevard.com
Apple emergency updates fix recent zero-days on older iPhones - Apple has issued emergency security updates to backport patches for two actively exploited zero-day flaws to older iPhones and some Apple Watch and Apple TV models. The two vulnerabilities, now tracked as CVE-2023-42916 and CVE-2023-42917, were ...
11 months ago Bleepingcomputer.com
Microsoft Has Yet to Patch 7 Pwn2Own Zero-Days - Seven different Windows privilege escalation vulnerabilities have not yet been addressed by Microsoft, two months after they were revealed at Pwn2Own 2024 in Vancouver. This week's Patch Tuesday brought with it five dozen security fixes, including ...
6 months ago Darkreading.com
Implementing Zero Trust and Mitigating Risk: ISC2 Courses to Support Your Development - PRESS RELEASE. Zero trust security is a proactive and robust approach to cybersecurity that addresses modern threats by continuously verifying and monitoring all network activities. While its implementation can be complex and resource-intensive, the ...
4 months ago Darkreading.com
Apple fixes first zero-day bug exploited in attacks this year - Apple released security updates to address this year's first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs. The zero-day fixed today is tracked as CVE-2024-23222 and is a WebKit confusion issue that ...
9 months ago Bleepingcomputer.com
Ivanti warns of Connect Secure zero-days exploited in attacks - Ivanti has disclosed two Connect Secure and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways. The first security flaw is an authentication bypass in the gateways' web ...
10 months ago Bleepingcomputer.com
Google says spyware vendors behind most zero-days it discovers - Commercial spyware vendors were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group discovered in 2023 and used to spy on devices worldwide. Zero-day vulnerabilities are security flaws the vendors of impacted software do not ...
9 months ago Bleepingcomputer.com
The Role of Zero-Knowledge Proofs in LLM Chains - In today's digital age, data privacy has become a paramount concern for individuals and organizations alike. With the increasing amount of personal and sensitive information being stored and transmitted online, there is a growing need for robust ...
10 months ago Feeds.dzone.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)