Tag: worth | SpinSafe

Ethical Hackers Hack into $1.323 Million Worth of Vulnerabilities at Automotive World

February 6, 2024/in Internet Security

VicOne, a leading provider of automotive cybersecurity solutions, hosted “Pwn2Own Automotive 2024”, its first ethical hacking event exclusively for the automotive sector, at Automotive World in Tokyo (January 24-26, 2024) to explore and address cybersecurity challenges in the automotive industry.

The event was dedicated to discovering and fixing digital security vulnerabilities of connected cars to protect the cybersecurity of vehicles. Specifically, 17 white hat hacker team and individuals from nine countries participated in a total of over 50 entries both remotely and on-site in four categories:

Tesla
In-Vehicle Infotainment (IVI)
EV Chargers
Operating System

The participants competed for cash and prizes worth US $1,323,750. A total of 49 unknown security vulnerabilities (zero-day vulnerabilities) were discovered by the participants over the three days. To win, participants had to take advantage of newly discovered vulnerabilities to attack target systems and devices and execute arbitrary instructions. The event was not only about prestige and competition between the best white hat hackers on the scene, but also about collaboration within the automotive industry and with external IT cybersecurity experts to make the entire industry safer.

VicOne’s parent company, global cybersecurity leader Trend Micro™, co-hosted the event through the Zero Day initiative™ (ZDI), the world’s largest vendor-agnostic bug bounty program. Electric vehicle manufacturer Tesla, as the main sponsor of the event, put its own products to the test including a modem, infotainment system, and Model Y vehicle. Individual hackers and hacking teams from countries including the USA, Vietnam, Japan, the UK, Hungary, the Netherlands, France, and Germany took part.

The winning team Synacktiv from France came away with a total profit of US $450,000, and now holds the title of “Master of Pwn.” With a total profit of US $177,500, the German fuzzware.io team took second place. The hackers from fuzzware.io targeted the Sony XAV-AX5500 and the Alpine Halo9 iLX-F509 in the In-Vehicle Infotainment (IVI) category, as well as the ChargePoint Home Flex, the Autel MaxiCharger AC Wallbox Commercial,…

Source…

Zero-days for hacking WhatsApp are now worth millions of dollars

October 9, 2023/in Internet Security

Thanks to improvements in security mechanisms and mitigations, hacking cell phones — both running iOS and Android — has become an expensive endeavor. That’s why hacking techniques for apps like WhatsApp are now worth millions of dollars, TechCrunch has learned.

Last week, a Russian company that buys zero-days — flaws in software that are unknown to the developer of the affected product — offered $20 million for chains of bugs that would allow their customers, which the company said are “Russian private and government organizations only,” to remotely compromise phones running iOS and Android. That price is in part likely caused by the fact that there aren’t many researchers willing to work with Russia while the invasion of Ukraine continues, and that Russian government customers are likely willing to pay a premium under the current circumstances.

But even in the markets outside of Russia, including just for bugs in specific apps, prices have gone up.

Leaked documents seen by TechCrunch show that, as of 2021, a zero-day allowing its user to compromise a target’s WhatsApp on Android and read the content of messages can cost between $1.7 and $8 million.

“They’ve shot up,” said a security researcher who has knowledge of the market, and asked to remain anonymous as they weren’t authorized to speak to the press.

WhatsApp has been a popular target for government hackers, the kind of groups that are more likely to use zero-days. In 2019, researchers caught customers of the controversial spyware maker NSO Group using a zero-day to target WhatsApp users. Soon after, WhatsApp sued the Israeli surveillance tech vendor, accusing it of abusing its platform to facilitate its customers using the zero-day against more than a thousand WhatsApp users.

In 2021, according to one of the leaked documents, a company was selling a “zero click RCE” in WhatsApp for around $1.7 million. RCE is cybersecurity lingo for remote code execution, a type of flaw that allows malicious hackers to remotely run code on the target’s device. Or in this case, inside WhatsApp, allowing them to monitor, read and exfiltrate messages. “Zero click” refers to the fact that the exploit…

Source…

Stake experiences a security compromise worth $41 million

September 5, 2023/in Internet Security

Stake has reportedly experienced a major hack for its hot wallets. This has caused the platform a loss of approximately $41 million. The malicious actor is said to have executed multiple transactions, thereby creating suspicion around the outflow of cryptocurrencies. This development was first broken out by on-chain analysts who have now informed that the process to deposit and withdraw at Stake has been halted.

A total of three blockchains were targeted, namely BNB Chain, Polygon, and Ethereum. Two analyst firms have come forward to highlight different transactions.

The first one by Cyvers mentions that $15.7 million worth of cryptocurrency has been transferred by the hacker. This comprises $5.9 million in stablecoins and $9.8 million in ether. The subsequent data from ZachXBT has said that additional funds worth $25.6 million have been moved away from hot wallets that are operated by Stake. This includes $17.8 million in BNB Chain and $7.8 million in Polygon.

That, thereby, brings up the approximate total loss of $41 million.

An official statement by Stake is awaited; however, the online casino operator has published a post on X, formerly Twitter, stating that it is currently investigating the matter. Till then, it has halted the deposit and withdrawal processes for customers. A tentative date for resuming the said activities is yet to be shared with the community.

An act of a platform getting exploited by malicious actors is not new, especially when it comes to Web3. The whole segment, as a matter of fact, has lost more than $1 billion after Base added to the ongoing monthly trouble.

The loss for Web3 platforms in 2023 till date has come to $1.2 billion out of which $23 million was reportedly lost in August this year. This has happened due to malicious actors finding a way to get into the system and drain financial resources through hack and/or fraud.

The loss stated above has come to the notice after 211 incidents happened. Not just Base, BNB Chain, and Ethereum have also been targeted the most per the report published by Immunefi.

Immunefi publishes a report regarding the threats and security issues that a platform carries with it on the internet.

Such an incident has put…

Source…

FBI warns North Korean hackers looking to cash out stolen cryptocurrency worth millions

August 25, 2023/in Computer Security

The FBI is warning cryptocurrency companies to be on the lookout for North Korean cyber thieves cashing out stolen bitcoin valued in the tens of millions of dollars.

North Korean hackers use cybertheft to circumvent sanctions and fund their regime, with the White House estimating that half of North Korea’s missile program is funded via cryptocurrency heists and cyberattacks.

The FBI published an alert this week saying North Korean hackers who were responsible for stealing nearly $200 million worth of cryptocurrency in June want to convert digital money into real funds. The bureau published identifiers of the bitcoin for companies to watch for in a warning Tuesday.

“Over the last 24 hours, the FBI tracked cryptocurrency stolen by the Democratic People’s Republic of Korea TraderTraitor-affiliated actors (also known as Lazarus Group and APT38),” the FBI said in the warning. “The FBI believes the DPRK may attempt to cash out the bitcoin worth more than $40…

Source…

Tag Archive for: worth