Lucene search
K

13 matches found

Schneier on Security
Schneier on Security
added 2019/01/17 12:33 p.m.77 views

Prices for Zero-Day Exploits Are Rising

Companies are willing to pay ever-increasing amounts for good zero-day exploits against hard-to-break computers and applications: On Monday, market-leading exploit broker Zerodium said it would pay up to $2 million for zero-click jailbreaks of Apple's iOS, $1.5 million for one-click iOS jailbreak...

Exploits0
myhack58
myhack58
added 2018/11/08 12:0 a.m.529 views

Researchers wishing to publish Microsoft Edge browser 0-day sandbox escape vulnerability-vulnerability warning-the black bar safety net

In recent days, according to Twitter nickname is@Yux1xi(Yushi Liang security researchers revealed that he plans to publish on a Microsoft browser Microsoft Edge 0-day vulnerability that can be achieved for Edge browser remote code execution RCE, and@Yux1xi also claimed that he and his Russian...

0.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/12/11 3:14 p.m.11 views

seetich.at XSS vulnerability

Open Bug Bounty ID: OBB-452101 Description| Value ---|--- Affected Website:| seetich.at Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
ThreatPost
ThreatPost
added 2016/06/10 8:0 a.m.10 views

$90K Windows Zero Day Gets a Price Cut

A Windows zero-day for sale on the black market for $90,000 just received a price drop. The flaw that allegedly leaves all versions of Windows users exposed to a local privilege escalation LPE vulnerability can now be snatched up for $85,000. According to Trustwave, which has been monitoring the...

0.1AI score
Exploits0References2
ThreatPost
ThreatPost
added 2015/04/14 9:0 a.m.7 views

Zero-Day Market Economics Favor Incentives for Defensive Tools

There’s a security truism that goes something like this: Defenders must protect all machines against all vulnerabilities, while attackers need only to find one way on to a system or network. It’s a nearly unwinnable game for those in charge of defending corporate networks and securing web-based...

7.2AI score
Exploits0References4
ThreatPost
ThreatPost
added 2014/09/24 3:31 p.m.16 views

As Bug Bounties Become the Norm, Challenges Remain

SEATTLE–For many years, Microsoft and other large software vendors resisted the idea of providing bug bounties or other financial incentives for researchers to report vulnerabilities. That changed when the landscape began to shift and more researchers began reporting vulnerabilities through broke...

7.2AI score
Exploits0References2
ThreatPost
ThreatPost
added 2014/08/07 11:54 a.m.14 views

Wendy Nather on the Black Hat Buzz

Dennis Fisher talks with Wendy Nather of 451 Research about the happenings on day one of Black Hat, the possibility of the US government disrupting the vulnerability market and software liability.​ Download: Wendy-Nather-on-the-Black-Hat-Buzz.mp3...

1.4AI score
Exploits0References2
ThreatPost
ThreatPost
added 2014/02/10 10:46 a.m.13 views

Bugging the Bug Market

PUNTA CANA–The Microsoft bug bounty program, started last year as a way to encourage researchers to develop new offensive and defensive techniques, has been a success so far and the company is looking for new ways to expand it in the future. Katie Moussouris, the security strategist at Microsoft...

Exploits0References1
MSRC
MSRC
added 2013/07/10 7:0 a.m.9 views

Filling A Gap In the Vulnerability Market – First Bounty Notification

When Microsoft decided to offer not one but three new bounties, paying outside researchers directly for security research on some of our latest products, we put a lot of thought into developing those bounty programs. We developed a customized set of programs designed to create a win-win between t...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2012/06/18 6:35 p.m.6 views

Former Zero Day Initiative Researchers Form New Firm Exodus Intelligence

In case you thought that the mass exodus of researchers from TippingPoint’s Zero Day Initiative in recent months meant that the demand for third-party vulnerability markets was waning, fear not. Several former members of the ZDI team have come back together to form a new firm called Exodus...

7.1AI score
Exploits0References2
ThreatPost
ThreatPost
added 2009/03/23 2:56 p.m.11 views

No more free bugs for software vendors

It appears that the free ride is over for software vendors. For years, software makers have benefited from the work done by the community of security researchers who spend days or weeks looking for vulnerabilities and novel ways to break the vendors’ products. This work is virtually always done p...

0.2AI score
Exploits0References4
ThreatPost
ThreatPost
added 2009/03/20 4:12 a.m.9 views

Q&A: CanSecWest hacker Charlie Miller

At the CanSecWest security conference in Vancouver BC, I got a chance to sit down with Charlie Miller, the researcher who won the Pwn2Own hacking contest by exploiting a fully patched MacBook Air machine using a Safari code execution vulnerability. We discuss the state of Web browser security, th...

1.2AI score
Exploits0References4
ThreatPost
ThreatPost
added 2009/03/04 2:27 p.m.9 views

Jeff Moss on the vulnerability economy

Jeff Moss, the founder of DEFCON and Black Hat, discusses the unfolding of the vulnerability economy. Nowadays, instead of exposing high profile zero-day vulnerabilities at conferences, many researchers opt for selling their discoveries on a growing market...

2.6AI score
Exploits0
Rows per page
Query Builder