Ethical hackers earn over $1.2 million in prizes at event sponsored by NVIDIA
TrendAI™, the enterprise cybersecurity business from Trend Micro Incorporated (TYO: 4704; TSE: 4704), celebrated the efforts of the global security research community at Pwn2Own Berlin. Contestants discovered and disclosed 47 unique zero-day vulnerabilities across categories including AI databases, coding agents, web browsers, enterprise applications, servers, and more.
Rachel Jin, Head of TrendAI: “TrendAI™ uses the deepest threat intelligence in the industry to protect our customers. We use the vulnerabilities discovered at Pwn2Own to empower vendors to patch these vulnerabilities quickly, while also offering our customers protection well ahead of the rest of the industry via virtual patching. As AI tools and infrastructure continue to become central to businesses functions, staying ahead of vulnerabilities will be as critical as ever.”
NVIDIA joined the event as a first-time sponsor of Pwn2Own, bringing its own category of products for researchers to target for vulnerability disclosures. Megatron Bridge, NV Container Toolkit, and Dynamo were included.
Also Read: CIO Influence Interview with Kyle Wickert, Field CTO at AlgoSec
The disclosures made through the ZDI at Pwn2Own and year-round allow vendors to quickly understand and fix vulnerabilities before cybercriminals exploit them, ultimately benefiting organizations and end users of the impacted software or hardware. ZDI research has shown that vendors are increasingly neglecting to patch software vulnerabilities that are disclosed to them. Through ZDI’s coordinated disclosure process, TrendAI Vision One™ customers receive are protected an average of three months ahead of the rest of the industry.
Highlights from the event included:
- Orange Tsai (@orange_8361) of DEVCORE Research Team chained 3 bugs to achieve Remote Code Execution as SYSTEM on Microsoft Exchange, earning $200,000. They also chained 4 logic bugs to achieve a sandbox escape on Microsoft Edge, earning $175,000.
- Splitline (@splitline) of DEVCORE Research Team chained 2 bugs to exploit Microsoft SharePoint, earning $100,000.
- Nguyen Hoang Thach (@hi_im_d4rkn3ss) of STARLabs SG (@starlabs_sg) used a Memory Corruption bug to exploit VMware ESXi with the Cross-tenant Code Execution add-on, earning $200,000 and 20 Master of Pwn points.
- Chompie of IBM X-Force Offensive Research (XOR) used a single bug to exploit NV Container Toolkit, earning $50,000.
Catch more CIO Insights: The CIO as a Value Creator: Moving Beyond Cost Centers to Revenue Drivers
[To share your insights with us, please write to psen@itechseries.com ]
