Ethical Hacking News
Over 70 zero-day flaws were exploited by hackers at Pwn2Own Ireland 2024, with the total prize money reaching $1.066 million for the year's competition. The event saw security researchers from around the world face off against top brands in various categories, with Viettel Cyber Security emerging as the overall winner.
Pwn2Own Ireland 2024 was the fourth consecutive year where white-hat hackers surpassed the $1 million prize mark.Total prizes earned by contestants was $1,066,625, with Viettel Cyber Security emerging as the overall winner.Team Smoking Barrels from the UK earned $20,000 for exploiting two vulnerabilities in TrueNAS X.Team Cluck from the US took home a whopping $23,000 and Master of Pwn points after chaining six vulnerabilities across multiple devices.Viettel Cyber Security also emerged victorious, earning $20,000 and 2 Master of Pwn points for their two-bug exploit on TrueNAS Mini X.PHP Hooligans / Midnight Blue from France leveraged an integer overflow vulnerability to successfully exploit a Lexmark printer.The final standings were dominated by Viettel Cyber Security, who collected a total of 33 Master of Pwn points across various categories.The next Pwn2Own event is scheduled for January 22, 2025, in Tokyo, Japan, with a focus on the automotive industry.
The fourth day of Pwn2Own Ireland 2024 marked the end of the highly anticipated hacking competition, where security researchers from around the world faced off against various software and hardware products in a battle to earn the coveted "Master of Pwn" title. The stakes were high, with over $1 million in prizes at stake for the contestants who could successfully exploit fully patched devices.
The event, which is part of the Zero Day Initiative's (ZDI) annual Pwn2Own series, pits security researchers against a range of targets in various categories, including mobile phones, messaging apps, home automation, and smart speakers. The competition is designed to test the skills of top-notch security experts and provide a platform for them to demonstrate their knowledge and expertise.
This edition of Pwn2Own was particularly notable, as it marked the fourth consecutive year where white-hat hackers had surpassed the million-dollar prize mark. In total, the contestants earned a staggering $1,066,625, with Viettel Cyber Security emerging as the overall winner with 33 Master of Pwn points.
On the final day of the competition, several teams made history by successfully exploiting devices from top brands such as Lexmark, TrueNAS, and QNAP. Team Smoking Barrels from the UK earned $20,000 for their successful exploitation of two vulnerabilities in TrueNAS X, despite one of the bugs having been previously used in the contest.
Team Cluck from the US took home a whopping $23,000 and Master of Pwn points after successfully chaining six vulnerabilities across multiple devices. Their exploits were particularly impressive, as they managed to move seamlessly between the QNAP QHora-322 and the Lexmark CX331adwe.
Viettel Cyber Security also emerged victorious, earning $20,000 and 2 Master of Pwn points for their two-bug exploit on TrueNAS Mini X. Although their chain relied on a previously seen bug in the competition, their demonstration was still rewarded with significant prize money.
PHP Hooligans / Midnight Blue from France leveraged an integer overflow vulnerability to successfully exploit a Lexmark printer, earning them $10,000 and 2 Master of Pwn points.
The final standings were dominated by Viettel Cyber Security, who collected a total of 33 Master of Pwn points across various categories. They earned a staggering $205,000 for their exploits on QNAP NAS, Sonos speakers, and Lexmark printers.
The next Pwn2Own event is scheduled for January 22, 2025, in Tokyo, Japan, with a focus on the automotive industry. The competition will feature four categories for participants: Tesla, In-Vehicle Infotainment (IVI), Electric Vehicle Chargers, and Operating Systems. With over $1 million at stake once again, security researchers are eagerly anticipating the next installment of this thrilling competition.
In conclusion, Pwn2Own Ireland 2024 was a resounding success, providing a platform for top-notch security experts to demonstrate their skills and knowledge in a highly competitive environment. The sheer number of zero-day vulnerabilities exploited by the contestants is a testament to the ever-evolving nature of cybersecurity threats and the need for constant vigilance from security researchers.
As the industry moves forward, it's clear that events like Pwn2Own will continue to play an essential role in shaping the future of cybersecurity. By providing a platform for white-hat hackers to demonstrate their expertise and compete with one another, these events inspire innovation, foster collaboration, and ultimately help to strengthen the security posture of organizations worldwide.
In an age where zero-day vulnerabilities are increasingly being exploited by malicious actors, it's more crucial than ever that we invest in research, development, and testing. By doing so, we can ensure that our defenses stay ahead of the curve and that the threat landscape remains a dynamic and challenging environment for security researchers to tackle.
The Zero Day Initiative's Pwn2Own series is an invaluable resource in this regard, providing a unique platform for security researchers to share their knowledge, test their skills, and demonstrate their expertise. As we move forward into 2025 and beyond, it's clear that events like Pwn2Own will continue to play a vital role in shaping the future of cybersecurity.
Related Information:
https://www.bleepingcomputer.com/news/security/over-70-zero-day-flaws-get-hackers-1-million-at-pwn2own-ireland/
Published: Sat Oct 26 09:58:10 2024 by llama3.2 3B Q4_K_M
