Prior to that, Zerodium also sought to buy exploits in the ISPConfig web hosting panel, the Pidgin XMPP instant messenger, and the ExpressVPN, NordVPN, and Surfshark VPN apps. Mozilla and Microsoft did not return requests for comment on Zerodium's announcement.īesides Thunderbird and Outlook zero-days, Zerodium is also running another bug acquisition drive for the WordPress CMS, today's most popular website builder and content management system. While the company operates in a somewhat rather controversial sector of the cybersecurity landscape, Zerodium's exploits have yet to be found in attacks against activists, journalists, or politicians-unline exploits from other exploit brokers and surveillance software vendors such as Candiru, NSO Group, and Gamma Group-and is often regarded as the go-to exploit broker by many researchers. Zerodium did not specify on what platform the RCE exploits should work, but both email clients have clients for all three major operating systems-Windows, macOS, and Linux. Since account passwords can be exported from the client, this would also mean the entity using the exploit would also be able to subsequently access cloud-based email accounts after a successful exploit. More details at: - Zerodium January 27, 2022Ĭommenting on Zerodium's announcement today, several security researchers have pointed out that a successful exploit for any of these two email clients would not only grant access to a user's computer but also to all the email inboxes managed through the client. We're also (temporarily) increasing our bounty for MS Outlook RCEs to $400,000 (from $250,000). We're currently paying up to $200,000 per exploit for Mozilla Thunderbird RCEs. The exploits must be able to achieve remote code execution, allowing Zerodium's customers to run code in a target's email client, the company said. Whether you’re traveling, using public WiFi, or simply looking for more online security, we will always put your privacy first. Get Mozilla VPN 30-day money-back guarantee One tap to privacy Surf, stream, game, and get work done while maintaining your privacy online. The company, which buys exploits from security researchers and sells them to government and law enforcement agencies, announced its intentions earlier today via a message posted on its official Twitter account. Mozillas Thunderbird is an email client worth considering as an alternative to Outlook and paid-for programs. A Virtual Private Network from the makers of Firefox. US-based exploit broker Zerodium announced plans today to pay $200,000 and $400,000 for zero-day exploits in Mozilla Thunderbird and Microsoft Outlook, respectively, two of today's most popular and widely used desktop email clients. Zerodium looks to buy zero-days in Outlook and Thunderbird email clients
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |