Zerodium Announced to Buy Zero-Day Exploits Targeting Popular VPN Software

Zerodium, an exploit acquisition firm, revealed on Tuesday that it is looking to buy zero-day attacks for major VPN software.

The company is specifically looking for exploits for the Windows versions of the ExpressVPN, NordVPN, and Surfshark programmes. Millions of people utilise these VPN services.

Zerodium is on the lookout for remote code execution, IP address leaks, and other data leaks. It is not interested in acquiring local privilege escalation flaws.

The corporation hasn’t stated how much it is willing to pay for zero-day vulnerabilities. Both ExpressVPN and NordVPN have bug bounty schemes in place. ExpressVPN pays up to $2,500 per vulnerability, plus bonuses of up to $10,000, but NordVPN pays $5,000 or more for serious security problems. Zerodium is likely willing to pay a lot more for zero-day vulnerabilities.

Consumers mostly utilise ExpressVPN, NordVPN, and Surfshark, and there have been no reports of vulnerabilities in these applications being exploited in attacks.

On the other hand, there have been numerous allegations of threat actors targeting enterprise VPN solutions, including those from Fortinet, Pulse Secure, Citrix, VMware, and Zimbra. The National Security Agency (NSA) issued an advisory earlier this year, alerting organisations that Russian cyberspies had exploited weaknesses in these products.

SEE ALSO:
John the Ripper – Offline Password Cracking Pentesting Tool for Weak Passwords

For the time being, Zerodium is paying out more for Chrome, VMware vCenter Server, and WordPress exploits. For Chrome, $150,000 for vCenter Server, and $300,000 for WordPress exploits, the business is offering up to $1 million.

Leave a Reply
Previous Post
Microsoft Basic Display Adapter Fix

Microsoft Basic Display Adapter Fix

Next Post
Remote Monitoring and Management

What does RMM Stand for?

Related Posts