Show threadNetzblockierer4d ago

@gborn tja, einfach nicht mehr "Responsible Disclosure" machen sondern den Exploit direkt an die Höchstbietenden verkaufen.

  • Zerodium z.B. zahlt Monero ohne Fragen zu stellen…

#Microsoft #ResponsibleDisclosure #Zerodium #Monero #Exploits

Show threadgaryOct 21, 2024
@jerry Combined data from Google's Threat Analysis Group (TAG) and Mandiant shows 97 zero-day vulnerabilities were exploited in 2023; a big increase over the 62 zero-day vulnerabilities identified in 2022, but still less than 2021's peak of 106 zero-days.
#zero day trends #cve #zerodium
Tarnkappe.infoApr 6, 2024
📬 Zero-Day-Exploits immer teurer: Unternehmen schützen ihre Produkte besser
#ITSicherheit #Crowdfense #HackerAngriff #Hacking #Schwarzmarkt #SpywareBranche #ZeroDayExploit #Zerodium https://sc.tarnkappe.info/5c6bdb
Zero-Day-Exploits immer teurer: Unternehmen schützen ihre Produkte besser

Zero-Day-Exploits werden immer lukrativer gehandelt. Ein Grund dafür ist das gestiegene Sicherheitsbewusstsein großer Unternehmen.

Tarnkappe.info
Show threadKevin Karhan Dec 20, 2023

@thijs usually that should be written in the #ResponsibleDisclosure terms & conditions.

Exploit dealers like #Zerodium are able and willing to pay #Monero  and just send #XMR to a wallet of choosing.

Others may offer cash-on-delivery or a cheque to redeem at a bank...

Again: This should've been thought of beforehand!

Personally I'd do offer payment using XMR if I had any bounties to fulfil, but that's just me...

Maybe ask @ChickenPwny what's prefered?

Show threadKevin Karhan Sep 13, 2023
@north olease let me know.if they start #ShootungTheMessenger so others can spare the time and effort to contact them and just sell the code to #Zerodium and other #exploit buyers...
peraMay 5, 2023
Is there an ethical (or less evil) alternative to #zerodium ? #zeroday #infosec
Kevin Karhan Apr 22, 2023
@GossiTheDog He doesn't outlaw #Govware tho, thus only upsetting control-freaks too lazy to use #Microsoft365's Dashboard, but not even discomforting #NSO and #Zerodium as #Cybermercenaries For Hire...
Show threadKevin Karhan Apr 13, 2023

@amuse @k8em0 Personally, I'm not a fan of "coordinated" vulnerability disclosure.

In fact I think that #Google's #ProjectZero approach is more than graceful enough.

Big #CCSS vendors like #Microsoft should be glad if someone chooses to look up the security.txt and contact them with details and not straight-up sell an exploit to #Zerodium and other #Govware - #Suppliers, cuz those pay better and ask fewer questions.

a1Dec 1, 2022
Alledgedly, Russia-based OpZero went on the record recently with a $1.5 million offer for Signal remote code execution (RCE) exploits, more than tripling the relatively stable high-water mark for that app offered by American firm #Zerodium.…https://lnkd.in/eaPYZfPr
💡Armin Roth on LinkedIn: #zerodium #privacy #0day #encryption #dataprotection #itsecurity

Alledgedly, Russia-based OpZero went on the record recently with a $1.5 million offer for Signal remote code execution (RCE) exploits, more than tripling the…

heise online (inoffiziell)Apr 13, 2021
Zerodium hat die Belohnung für Remote Code Execution-Schwachstellen in der aktuellen WordPress-Version vorübergehend verdreifacht. l+f: Exploit-Händler bietet 300.000 US-Dollar für WordPress-Schwachstellen
l+f: Exploit-Händler bietet 300.000 US-Dollar für WordPress-Schwachstellen

Zerodium hat die Belohnung für Remote Code Execution-Schwachstellen in der aktuellen WordPress-Version vorübergehend verdreifacht.