Security Teams Earn Over $1 Million in Remuneration for Successful Attacks
The total remuneration paid to security teams for successful attacks amounted to more than a million US dollars ($1,078,750). The most successful team, TarLabsSG, managed to earn $320,000 at competitions. The second-place holders, Viettel Cyber Security, received $155,000, and the third-place team, Reverse Tactics, earned $112,000.
Enlarged Attacks:
- Red Hat Enterprise Linux: Three successful attacks allowed the elevation of privileges to the Root user. Vulnerabilities included integer overflow, memory access after release, and information leakage. Participants received payments of $20,000, $15,000, and $10,000.
- Mozilla Firefox: Two successful attacks enabled code execution when processing a specially designed page in the browser. Vulnerabilities were due to buffer overflow and integer overflow. Participants received two bonuses of $50,000.
- DBMS REDIS: One successful attack resulted in code execution due to a specially crafted request. The vulnerability was caused by memory access after release, with participants receiving $40,000.
- VirtualBox: Three successful attacks allowed code execution on the host side. Vulnerabilities included memory access after release, buffer overflow, and incorrect array index verification. Payments were $60,000, $40,000, and $70,000.
- Docker Desktop: A successful attack granted code execution on the host side due to an integer overflow. Participants were paid $40,000.
- VMware ESXi: Two successful attacks resulted in code execution on the host side, with vulnerabilities stemming from integer overflow and the use of uninitialized variables. Payments were $150,000 and $112,500.
- VMware Workstation: A successful attack allowed code execution on the host side due to a buffer overflow, with participants receiving $80,
/Reports, release notes, official announcements.