fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Windows 11 Hacked Three More Times on Last Day of Pwn2Own Contest

Windows 11 Hacked Three More Times on Last Day of Pwn2Own Contest

On the third and last day of the 2022 Pwn2Own Vancouver hacking contest, security researchers successfully hacked Microsoft’s Windows 11 operating system three more times using zero-day exploits.

The first attempt of the day targeting Microsoft Teams failed after Team DoubleDragon could not demo their exploit within the allotted time.

All other contestants hacked their targets, earning $160,000 after taking down Windows 11 three times and Ubuntu Desktop once.

The first to demonstrate a Windows 11 escalation of privilege zero-day (via Integer Overflow) on the third day of Pwn2Own was nghiadt12 from Viettel Cyber Security.

Bruno Pujos from REverse Tactics and vinhthp1712 also escalated privileges on Windows 11 using Use-After-Free and Improper Access Control vulnerabilities, respectively.

Also Read: Protecting your business against cyberattacks: a practical guide

Last but not least, STAR Labs’ Billy Jheng Bing-Jhong hacked a system running Ubuntu Desktop using a Use-After-Free exploit.

Windows 11 EOP via Integer Overflow
Windows 11 EOP via Integer Overflow demoed by nghiadt12 (ZDI)

Pwn2Own 2022 Vancouver ended with 17 competitors earning a total of $1,155,000 for zero-day exploits and exploits chains demoed over three days after 21 attempts, between May 18 and May 20.

On the first day of Pwn2Own, hackers won $800,000 after successfully exploiting 16 zero-day bugs to hack multiple products, including Microsoft’s Windows 11 operating system and the Teams communication platform, Ubuntu Desktop, Apple Safari, Oracle Virtualbox, and Mozilla Firefox.

Also Read: Best data protection practices to safeguard your organization

On second day, contestants earned $195,000 after demoing flaws in the Telsa Model 3 Infotainment System, Ubuntu Desktop, and Microsoft Windows 11.

Security researchers demonstrated six Windows 11 exploits during the contest, hacked Ubuntu Desktop four times, and demoed three Microsoft Teams zero-days. They also reported several flaws in Apple Safari, Oracle Virtualbox, and Mozilla Firefox.

After vulnerabilities are exploited and reported during Pwn2Own, vendors have 90 days to release security fixes until Trend Micro’s Zero Day Initiative publicly discloses them.

In April, hackers also earned $400,000 for 26 zero-day exploits targeting ICS and SCADA products demoed during the 2022 Pwn2Own Miami contest between April 19 and April 21.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us