fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Windows 10 Hacked Again At Pwn2Own, Chrome And Zoom Also Fall

Windows 10 Hacked Again At Pwn2Own, Chrome And Zoom Also Fall

Contestants hacked Microsoft’s Windows 10 OS twice during the second day of the Pwn2Own 2021 competition, together with the Google Chrome web browser and the Zoom video communication platform.

The first to demo a successful Windows 10 exploit on Wednesday and earn $40,000 was Palo Alto Networks’ Tao Yan who used a Race Condition bug to escalate to SYSTEM privileges from a normal user on a fully patched Windows 10 machine.

Windows 10 was hacked a second time using an undocumented integer overflow weakness to escalate permissions up to NT Authority\SYSTEM by a researcher known as z3r09. This also brought them $40,000 after escalating privileges from a regular (non-privileged) user.

Microsoft’s OS was hacked a third time during day one of Pwn2Own by Team Viettel, who escalated a regular user’s privileges to SYSTEM using another previously unknown integer overflow bug.

Team Viettel also demoed a code execution exploit chain on a Microsoft Exchange Server on the second day. Still, their entry was considered partially successful given that some of the bugs they used were previously reported on the first day of the competition by the Devcore team.

Also Read: The 3 Main Benefits Of PDPA For Your Business

On the second day, Dataflow Security’s Bruno Keith and Niklas Baumstark also earned $100,000 after exploiting the renderer in the Google Chrome and the Chromium-based Microsoft Edge web browsers using a Type Mismatch bug.

Zoom Messenger was also hacked by Computest’s Daan Keuper and Thijs Alkemade. They earned $200,000 by gaining code execution on the targeted machine using a zero-click exploit chain combining three different bugs.

Sunjoo Park (aka grigoritchy) and RET2 Systems’ Jack Dates escaped Parallels Desktop and executed code on the underlying operating system, which earned them $40,000 each.

Last but not least, Ubuntu Desktop was hacked a second time by Manfred Paul, who gained root privileges and earned $30,000 after yesterday’s successful attempt from Ryota Shiga of Flatt Security.

On the third and last day of Pwn2Own 2021, contestants will again target Microsoft’s Windows 10 and Exchange products, as well as Ubuntu Desktop and Parallels Desktop.

During the first two days of this year’s competition, security researchers passed the $1 million mark in earnings for the first time at Pwn2Own after successfully demoing exploits that brought them $1,060,000 in total.

After the vulnerabilities are exploited and disclosed at Pwn2Own, software and hardware vendors are given 90 days to release security fixes for all reported security flaws.

During this year’s Pwn2Own contest, 23 teams and researchers will target ten different products in the Web Browsers, Virtualization, Servers, Local Escalation of Privilege, and Enterprise Communications categories.

The total prize pool of over $1,500,000 in cash available to Pwn2Own 2021 contestants also includes a Tesla Model 3. However, according to the public schedule, no team has signed up so far to demo an exploit targeting Tesla’s car.

Team Fluoroacetate won the first Tesla Model 3 at Pwn2Own after hacking the car’s Chromium-based infotainment system two years ago during the 2019 competition.

Also Read: What Do 4 Messaging Apps Get From You? Read The iOS Privacy App Labels

They also earned $375,000 at Pwn2Own 2019 after successfully demoing multiple exploits targeting Apple Safari, Oracle VirtualBox, VMware Workstation, Mozilla Firefox, and Microsoft Edge.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us