It seems Security Response has confirmed another CVE is under active attack. CVE-2024-26234 report by my old colleague Christopher Budd at Sophos is publicly known and under attack. I've updated my blog to reflect this information. zerodayinitiative.com/blog/2024/4/9/…

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988) - helpnetsecurity.com/2024/04/09/apr… - Security Response Peter Girnus Zero Day Initiative The Dustin Childs Tenable Satnam Narang SonicWall #PatchTuesday #SecurityUpdate #Windows #SecureBoot #CybersecurityNews

No time to read the patch blog? It is the biggest release in Microsoft's history, so we understand. That's why we summarize for you in the Patch Report - our video summary of this month's Patch Tuesday release. Check it out at youtu.be/kRU33jNKhB0

It's the largest #PatchTuesday in Microsoft's history, and Adobe has some patches as well. Join The Dustin Childs as he tries to make sense of this historic release. zerodayinitiative.com/blog/2024/4/9/…

A year-and-a-half ago Trend Micro's Zero Day Initiative warned of an industry-wide problem with vendor patch quality. Sadly, nothing has changed, according to The Dustin Childs. I spoke to him and Chris Evans about what CISOs, and the industry at large, shd be doing: assured.co.uk/2024/patching-…

[ZDI-24-349|CVE-2024-23476] SolarWinds Access Rights Manager OpenFile Directory Traversal Remote Code Execution Vulnerability (CVSS 10.0; Credit: 07842c0e165d4d2d8733dd4eab48b3ed0f7afe38) zerodayinitiative.com/advisories/ZDI…

It might not be Scranton, but Vancouver is a fine place to ask our coworkers why they are the way they are.
youtu.be/_JYgNrkHeeE

Highlights from Pwn2Own Vancouver Day 2 - Valentina Palmiotti (chompie ) vs Window... youtube.com/shorts/vN01vr1… via YouTube

Congrats to #Mozilla for being the first vendor to provide patches for bugs disclosed during #Pwn2Own Vancouver. bleepingcomputer.com/news/security/…

Video highlights of all winning entries from #Pwn2Own Vancouver 2024 have been posted to our YouTube channel. Check out the playlist at youtube.com/playlist?list=…

Looking at the last three #Pwn2Own events (Toronto, Automotive, Vancouver), we have awarded $3,494,750 at this year's Pwn2Own events. Stay tuned for a special announcement regarding or fall event in the coming weeks.

That's a wrap! #Pwn2Own Vancouver is complete. Overall, we awarded $1,132,500 for 29 unique 0-days. Congrats to Manfred Paul for winning Master of Pwn with $202,500 and 25 points. Here's the final top 10 list:

Collision: The final entry of #Pwn2Own Vancouver 2024 ends as a collision as Theori used a bug that was previously know to escalate privileges on Ubuntu desktop. He still wins $5,000 and 1 Master of Pwn point. #P20Vancouver

Confirmed! Valentina Palmiotti (chompie) with IBM X-Force used an Improper Update of Reference Count bug to escalate privileges on Windows 11. She nailed her first #Pwn2Own event and walks away with $15,000 and 3 Master of Pwn points.

Verified! The first #Docker escape at #Pwn2Own involved two bugs, including a UAF. The team from STAR Labs SG did great work in the demonstration and earned $60,000 and 6 Master of Pwn points. #P2OVancouver

Confirmed!! Seunghyun Lee (Xion) of KAIST Hacking Lab used a UAF to RCE in the renderer on both #Micosoft Edge and #Google Chrome. He earns $85,000 and 9 Master of Pwn points. That also puts us over $1,000,000 for the event! #Pwn2Own

Collision: Although the Hackinside Team was able to escalate privileges on #Windows 11 through an integer underflow, the bug was known by the vendor. They still earn $7,500 and 1.5 Master of Pwn points. #Pwn2Own

Wow! Seunghyun Lee (Xion) of KAIST Hacking Lab was able to demonstrate code execution on both #Edge and #Chrome using the same exploit. That's the third 'double tap' of the contest. He's off to the disclosure call to drop all the details. #Pwn2Own

Collision - STAR Labs SG successfully demonstrated their LPE on #Ubuntu desktop. However, they used a bug that was previously reported. They still earn $5,000 and 1 Master of Pwn point.