Exploit Vendor Zerodium Announces Big Rewards For Cloud Zero-Days

Exploit vendor Zerodium said today it would pay up to $500,000 for zero-days in popular cloud products and services such as Microsoft's Hyper-V and (Dell) VMware's vSphere. From a report: Both Hyper-V and vSphere are what experts call virtualization software, also called hypervisors -- software that lets a single "host" server create and run one or more virtual "guest" operating systems. Virtualization software is often found in cloud-powered data centers. Hyper-V is the technology at the core of Microsoft's Azure cloud computing platform, while VMware's vSphere is used by Amazon Web Services and SAP.

With cloud services growing in adoption, especially for hosting websites and crucial IT infrastructure, the importance of both technologies has been slowly increasing in recent years. This paradigm shift hasn't gone unnoticed in the exploit market, where Zerodium -- a Washington, DC-based exploit vendor -- is by far the leading company. In a tweet earlier today, Zerodium announced plans to pay up to $500,000 for fully-working zero-days in Hyper-V and vSphere that would allow an attacker to escape from the virtualized guest operating system to the host server's OS.

Pollution clouds?

A report showing the top 100 polluted cities has been released and, shocking absolutely nobody, the US is nowhere to be found in that list.

https://www-m.cnn.com/2019/03/05/health/100-most-polluted-cities-2018-intl/index.html?r=https%3A%2F%2Fwww.cnn.com%2F

Too sheisty

Supply and demand.

Re: Too sheisty

Dell/EMC doesn't own VMWare, they are separate entities.

Re: Too sheisty

When I worked at EMC they were considered separate but they were always under the EMC umbrella.

Re: Too sheisty

[lgw]

Dell/EMC doesn't own VMWare, they are separate entities.

When I worked at VMware, there were massive layoff when EMC got a new president and needed to pad his bonus. That's the only meaningful definition of being EMC's bitch.

A day's work?

So, package this one up in a wrapper and get into the cloud and I get how much money? https://it.slashdot.org/story/19/03/05/1524251/all-intel-chips-open-to-new-spoiler-non-spectre-attack

if they give rewards for zero views

creimer will be rich

Re:if they give rewards for zero views

You mean creimer who is taking on Wreck It Ralph AND Casey Neistat this week?

Queue the Libs Russian conspiracy theories

Democrats are like one of those deranged fringe parties now. Doomsday is coming, the President is a secret Russian, etc. Who can take this shit seriously? Get it together dems.

CUE you mean, retarded traitor? CUE?

Mueller takes it seriously. Paul Manafort has begun to take it seriously. Roger Stone is now being forced to take it seriously. Cohen takes it seriously. Flynn takes it seriously. The Grand Jury takes it seriously.

The Warden at ADX Florence takes it very, very seriously.

You don't take it seriously... but guess what? You don't get a say, traitor faggot. You're just a hoe in a ditch.

Re:CUE you mean, retarded traitor? CUE?

Oh, just like Mueller took WMDs seriously? This is the hero of the liberals now? Clowns!

https://www.youtube.com/watch?v=uTDO-kuOGTQ

Tell it to the warden, Traitor.

Tell it to the warden, Traitor. ADX Florence is no joke.

Re: Tell it to the warden, Traitor.

Neither is sending American men and women to die in Iraq for the criminal Bush regime like your hero Mueller did.

"Exploit Vendor"

[AtomicSymphonic]

Ah...Does this make them "Black Hats"?

Re:"Exploit Vendor"

[JaredOfEuropa]

It makes them asshats.

Re:"Exploit Vendor"

No, they are just your garden variety bottom feeding low-lifes. They used to be called Vupen, then rebranded. Their business model is to buy zero day from script kiddies and actual blackhats and sell it for a much higher fee to governments. They are very arrogant about it, too.

Re:"Exploit Vendor"

[gweihir]

More "Black Hats with good lawyers", but definitely Black Hats. They make money of illegal and immoral attacks and operate themselves in the grey area created by state-owned and state-sponsored hacking groups like the NSA. Terrorism is peanuts compared to this.

Distract, FUD, Whattabout IRAQ, but in the end? :D

Tell it to the warden, Traitor. ADX Florence is no joke. Gout is a horrible way to die, lol. :D #Earned

Nothing you whine about is going to keep Trump from dying in prison or at the gallows.

https://www.cnn.com/videos/politics/2019/03/03/justin-amash-trump-violating-constitutional-system-national-emergency-tapper-sotu-vpx.cnn

Even the Republicans admit he's a traitor now.

Game over bitchski. You lose, comrade. Drink your toilet wine.

isn't this basically blackmail

[Richard_J_N]

How is it legal to sell an exploit?
Can't some of the authors sue them for having a "blackmail-based business model"?

Re:isn't this basically blackmail

[broknstrngz]

Their suppliers most likely waive away all rights when selling. Their customers are the ones making the laws so they are covered.

Re:isn't this basically blackmail

[lgw]

How is it legal to sell an exploit?

They mostly sell to governments. Funny how the legal problems just don't come up.

Time to make some money!

Here we go peeps!

If Zerodium pays big for cloud exploits...

[Myria]

...it means that Western governments, most often the U.S. and Israel, want exploits to infiltrate cloud servers.

Re:If Zerodium pays big for cloud exploits...

Why single out "western" govts? It means there's money in them, because there's money in the cloud. ALLLLLLL countries would like to know about them. NK would love to have a few. Knowledge is power both offensively and defensively.

The weapon-pushers of the internet age

[gweihir]

About as moral. These activities need to be outlawed and banned globally.

Spectre is here to stay...

[ffkom]

and you don't need much more than Spectre to compromise cloud VMs sharing the same physical host. https://arxiv.org/pdf/1902.051...
You may use "SPOILER" to improve the data extraction speed. https://arxiv.org/pdf/1903.004...

vSphere not a hypervisor, and Amazon doesn't use i

[buchanmilne]

"while VMware's vSphere is used by Amazon Web Services"

VMWare's Hypervisor is VMWare ESX/ESXi. vSphere is the management software for managing ESX/ESXi.

Amazon doesn't use VMWare, but VMWare was the first customer of AWS's bare-metal instance type (i3.metal), allowing VMWare users/customers the ability to easily migrate VMWare VMs to AWS.

However, in theory, customers can run any x86_64 hypervisor they want on AWS using the EC2 .metal instance types (in practice, there may be some work involved, and would be easier if an ENA driver is available.

AWS is known to run Xen, their own KVM-based hypervisor they call "Nitro", and their recently open-sourced MicroVM hypervisor (also using KVM), Firecracker ( https://github.com/firecracker... ).

As far as I know, AWS has never run customer instances on VMWare.