Wednesday , May 15 2024
Pwn2Own

Pwn2Own
$1.3M for 49 zero-days, Tesla hacked twice

infosecbulletin Friday , January 26 2024 Vulnerabilities

In the Pwn2Own Automotive first edition, competitors earned $1,323,750 by hacking Tesla twice and demonstrating 49 zero-day bugs in various electric car systems from January 24 to January 26.

Hackers targeted electric vehicle chargers, infotainment systems, and car operating systems during a contest organized by Trend Micro’s Zero Day Initiative (ZDI) in Tokyo, Japan, at the Automotive World auto conference.

Ransomware Activities this week: Threatmon report

By infosecbulletin / Wednesday , May 15 2024
According to the Threatmon advanced threat monitoring platform, LockBit is in the top position in the category of top active...
Read More
Ransomware Activities this week: Threatmon report

ALERT
CISA Releases Four Industrial Control Systems Advisories

By infosecbulletin / Wednesday , May 15 2024
On Tuesday (May 14), CISA released four Industrial Control Systems (ICS) advisories which provide timely information about current security issues,...
Read More
ALERT CISA Releases Four Industrial Control Systems Advisories

Microsoft May 2024 Patch Tuesday fixes 61 flaws 2 zero-days

By infosecbulletin / Wednesday , May 15 2024
Microsoft patched May 2024 Tuesday including updates for 61 flaws and three publicly disclosed zero days. This update fixed Microsoft...
Read More
Microsoft May 2024 Patch Tuesday fixes 61 flaws 2 zero-days

Newly circulated reserve theft is false: Bangladesh Bank

By infosecbulletin / Tuesday , May 14 2024
On Tuesday (14.05.2024) Bangladesh Bank spokesperson Majbaul Haque said to media that the information published in the report is completely...
Read More
Newly circulated reserve theft is false: Bangladesh Bank

Bangladesh bank published CBS guideline Version 2.0

By infosecbulletin / Monday , May 13 2024
The banking industry in Bangladesh is the core driver in economic development of the country. The focus on inclusion and...
Read More
Bangladesh bank published CBS guideline Version 2.0

Fortinet report
Attackers exploiting vulnerabilities 50% faster, just 4.76 days

By infosecbulletin / Monday , May 13 2024
Fortinet reported that in the second half of 2023, the average time form the disclosure of a vulnerability to its...
Read More
Fortinet report Attackers exploiting vulnerabilities 50% faster, just 4.76 days

TechCrunch report
Indian gov.t sites compromised to plant online betting ads

By infosecbulletin / Sunday , May 12 2024
Indian government websites have been used by scammers to place ads that send visitors to online betting sites. TechCrunch found...
Read More
TechCrunch report Indian gov.t sites compromised to plant online betting ads

Damage Costs Predicted To Exceed $265 Billion By 2031
Ransomware expected to attack every 2 seconds by 2031

By infosecbulletin / Sunday , May 12 2024
Ransomware damage costs are predicted to exceed $265 billion by 2031, and it is expected to be the fastest growing...
Read More
Damage Costs Predicted To Exceed $265 Billion By 2031 Ransomware expected to attack every 2 seconds by 2031

ALERT CISA WARNS
Black Basta ransomware breached over 500 orgs worldwide

By infosecbulletin / Saturday , May 11 2024
CISA, FBI, HHS, and MS-ISAC released a joint Cybersecurity Advisory called #StopRansomware: Black Basta. It provides tactics, techniques, procedures, and...
Read More
ALERT CISA WARNS Black Basta ransomware breached over 500 orgs worldwide

Cyber Attack On Data Center Cooling Systems results disruption

By infosecbulletin / Saturday , May 11 2024
According to cybersecurity analysts at Dragos, while cloud adoption offers many benefits for industrial companies , it also poses certain...
Read More
Cyber Attack On Data Center Cooling Systems results disruption

Vendors have 90 days after a zero-day vulnerability is discovered and reported during Pwn2Own to fix it before Trend Micro’s Zero Day Initiative discloses it publicly.

Team Synacktiv won the Pwn2Own Automotive 2024 contest and received $450,000. Fuzzware.io got $177,500 and Midnight Blue/PHP Hooligans received $80,000.

Synacktiv hacked a Tesla car two times. On the first day, they found three vulnerabilities and gained root permissions on the Tesla Modem. On the second day, they demonstrated a Tesla Infotainment System sandbox escape using a two zero-day exploit chain.

They showed two different bug chains for the Ubiquiti Connect EV Station and the JuiceBox 40 Smart EV Charging Station. They also demonstrated a three-bug exploit for the Automotive Grade Linux OS.

Synactiv won the Pwn2Own Vancouver 2023 contest in March, earning $530,000 and a Tesla car for two exploit chains targeting its Gateway and Infotainment Unconfined Root.

Hackers won more than $1 million at Pwn2Own Toronto 2023 by discovering 58 zero-day exploits and various bugs in consumer products, including Samsung Galaxy S23, printers, surveillance systems, and NAS devices.

ZDI announced that Pwn2Own Vancouver 2024 will start on March 20th during CanSecWest 2024 Conference.

There will be a prize pool of more than $1,000,000 for finding vulnerabilities in software and automotive systems of Tesla Model 3 and Model S cars.

Check Also

Dell

Dell Discloses Data Breach: 49 million customers allegedly affected

A security breach has been reported, with a threat actor claiming to be selling a …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2024, All Rights Reserved InfoSecBulletin