VMware Hacked As $150,000 Zero-Day Exploit Dropped
The elite hackers attending Pwn2Own in Berlin have made hacking history by successfully deploying a zero-day exploit against VMware ESXi. Having already made the headlines with no less than three zero-days compromising Windows 11 on day one of the hacking competition, day two kept the security surprises well and truly coming. Here's what you need to know.
Organizations have had a lot to digest regarding enterprise technology security issues over the last few weeks. What with the U.S. Cybersecurity and Infrastructure Security Agency urging them to ensure they are protected against a high-severity Chrome vulnerability already being exploited in the wild, HTTPBot attackers targeting business Windows networks, and Microsoft confirming a critical 10/10 cloud security vulnerability. You might think that the news of VMware ESXi being hacked using a $150,000 zero-day exploit is the icing on the security nightmare cake, but you couldn't be more wrong.
Context is everything, and the context here is the environment in which that zero-day was dropped. Pwn2Own is a twice-yearly hackathon where some of the world's leading hackers come together in friendly competition to see who can hack products and services, within strict time limits, using never-before-seen zero-day exploits, and earn the title Master of PWN. The good news is that this is all above board and legal. Remember that hacking is not a crime, folks, and the products and services being hacked have been submitted by the vendors for the purposes of discovering vulnerabilities before cybercriminals do.
In the case of the VMware ESXi zero-day exploit, this was the first time in Pwn2Own's history, stretching back to 2007, that the hypervisor has been successfully exploited. The hacker behind the achievement, Nguyen Hoang Thach, who is part of the STARLabs SG team, was able to deploy a single integer overflow exploit. This earned them a not-too-shabby reward of $150,000 on the spot, as well as 15 valuable points towards the coveted Master of PWN title.
I have reached out to Broadcom for a statement regarding the VMware ESXi zero-day at Pwn2Own, and will update this article should one be available.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
CNET
an hour ago
- CNET
Spotify Raises Premium Subscription Price Globally (but Not in the US -- Yet)
For many global customers, the cost of streaming their favorite music on Spotify is about to have a bigger impact on their wallets. The music streaming service announced that it's raising the monthly price of a premium subscription to 11.99 euros ($13.87) starting in September. Spotify said that the 1 euro price hike would affect markets in South Asia, the Middle East, Africa, Europe, Latin America, and the Asia-Pacific region, but did not list the countries impacted. The price for US-based subscribers will not go up -- for now at least. That likely won't last -- the company raised the price by a dollar in 2023 and another dollar in 2024. It now costs $12. Spotify did not immediately respond to a request for comment on whether it planned on raising US prices for Premium subscriptions. In its announcement Monday, Spotify said it was introducing the price increase "so that we can continue to innovate on our product offerings and features, and bring you the best experience." The announcement gave a shot in the arm to Spotify's share price during Monday's trading, with a nearly 7% increase in the stock price at the NYSE. The share price had dropped 11.5% on July 29 after the company's profit forecast fell below what analysts had predicted.
Bloomberg
an hour ago
- Bloomberg
Cybersecurity Startup Armis' CEO Yevgeny Dibrov Talks Deals, IPO
Hi, it's Liana Baker in New York, catching up with the CEO of a cybersecurity startup. Also today, communications firm Teneo gets a new investor and private equity has a lifeline for Wall Street analysts. Today's top stories
Yahoo
2 hours ago
- Yahoo
Onsemi posts quarterly revenue drop, sees dull third-quarter profit on market uncertainty
(Reuters) -U.S. automotive chipmaker Onsemi on Monday forecast lackluster profit for the third quarter, after reporting a sharp decline in second-quarter revenue, sending its shares down by more than 10%. Sales growth in battery electric vehicles has slowed due to an uncertain economic environment, brought on by global import duties, and elevated borrowing costs in the U.S. Consumers have hit the breaks on big-ticket spending as tariffs threaten to increase the costs of automobiles by thousands of dollars and drive up inflation. This has been forcing automakers to reassess production plans and withhold financial investments, affecting companies such as Onsemi. The company acknowledged during its earnings call that the EV market remains soft, especially in North America and Europe, with recovery being slower than hoped. However, Onsemi said it sees "signs of stabilization" across its end markets, after a prolonged slump in demand due to excess chip supply. The company is among a select group of suppliers providing silicon carbide chips, which are critical for extending the range of EVs. It added that it has not yet seen a broad-based recovery in automotive and expects only low single-digit growth in the third quarter. An end to the $7,500 federal tax credit for electric cars has also cast a cloud over the EV industry's outlook, with some firms expecting a hit to the market growth. Onsemi expects third-quarter adjusted earnings between 54 cents and 64 cents per share, compared with analysts' average estimate of 59 cents, according to data compiled by LSEG. It forecast revenue of $1.47 billion and $1.57 billion for the third quarter, the midpoint of which is slightly above estimates of $1.50 billion. The company's second-quarter revenue of $1.47 billion beat expectations of $1.45 billion, but fell about 15% from a year ago.
