Windows, Zoom, Safari and Chrome were hacked at Pwn2Own 2021

The great advances in technology, coupled with the need to keep critical information secure within the networks of businesses, businesses and people around the world, mean that cybersecurity continues to improve.
Do you know how secure are Zoom, Apple, Microsoft Exchange, and Ubuntu Desktop? In 2021, novel strategies were proposed to protect information and prevent possible attacks. Even the recently completed Pwn2Own hacking contest was amazed at the results of today’s major operating systems and applications.

The struggle for information security
Installing antivirus programs to detect intruders in a timely manner and the presence of malicious programs are some of the most assertive practices that help protect computer security.
When it comes to information security, reference is made not only to the use of technology to protect that information, but also to the types of strategies that have been developed to train both employees and users to prevent attacks.
It is becoming increasingly important to take action as cyber attacks and data theft top the list of the most far-reaching risks in the world, encompassing the vast amount of media used. Unsurprisingly, cyber attacks are a constant occurrence.

What did the Pwn2Own hacking contest reveal in 2021?
These types of attacks are accompanied by technological advances and have no limitations when it comes to breaching the security mechanisms of various organizations.
Exactly the Pwn2Own hacking competition, which takes place annually as part of the CanSecWest security congress, was concluded and carried out in early April to test the resistance mechanisms of the most frequently used operating systems, applications and browsers. A total of $ 1.2 million was distributed across 16 competitive vulnerabilities, of which the following stand out:
– Bypass authentication and escalation of local permissions for full takeover of a Microsoft Exchange server for which the Devcore team received $ 200,000.
– Chaining various bugs to get code execution in Microsoft teams and earn OV $ 200,000.
– A zero-click exploit to zoom in to get code execution on the target system ($ 200,000).
– Taking advantage of the integer overflow in Safari and writing out of bounds to keep kernel level code execution ($ 100,000).
– An exploit targeting the JavaScript V8 rendering engine to hack Google Chrome and Microsoft Edge (Chromium) browsers ($ 100,000).
One of the most notable security flaws was that of Zoom. However, the company issued a statement that it is working to correct the errors and incorporate additional safeguards that will help strengthen security.

Expert tips on how to prevent cyberattacks
Although almost all of the vulnerabilities found in this case were found through reverse or reverse engineering techniques for specific applications by these companies, it is important to remember a few issues in order to keep your company safe from hackers.
It is generally complex to detect a cyberattack and it can take a long time for organizations to perceive problems. However, with certain measures it is possible to improve their prevention and detection:

1. Asset discovery and management
Identifying the devices and assets is essential considering the data that needs to be protected and monitored.
Through the perception of all assets that are part of the company and can access its resources, the attack surface to be protected can be identified.
2. Software patches and updates
The software is created by people. Because of this, it is prone to errors. The more complex the program, the greater the chance of a bug in the code that can be used with a malicious approach.
In cybersecurity, a patch is a software update that changes vulnerabilities or security problems.
3. Secure protocols and services
You can implement secure services and protocols and avoid those that have not been configured because they are only beneficial to the attacker.
It is also possible to deactivate unused services. The smaller the attack surface, the lower the chance of getting a successful one. Implement centralized authentication solutions whenever possible.
4. User accounts and passwords
It is recommended to disable the accounts with administrator rights by default, to constantly monitor access control and user behavior with administrator rights, to use strong passwords and not to reuse them.
In order to be able to defend against these attacks, the attacker’s methodology must be known. Security isn’t closely related to an in-depth defense, but proving the robustness of the protection any business uses is important. Alex Barreiros (DLT code)

Copyright © Grupo Edefa SA Reproduction, in whole or in part, of this article is prohibited without the prior authorization of the publisher.

Back to top button