Zero-day broker firm Zerodium is offering up to $500,000 for VMware ESXi (vSphere) and Microsoft Hyper-V vulnerabilities.
Exploit acquisition firm Zerodium is offering up to $500,000 for VMware ESXi and Microsoft Hyper-V vulnerabilities.
The company is looking for exploits that allow guest-to-host escapes in default configurations to gain full access to the host.
The overall price for ESXi virtual machine escapes has rapidly increased over the years, in August 2017, Zerodium has been offering up to $80,000 for VMware ESXi guest-to-host escapes, while the previous payout for this $200,000.
“We are increasing the payouts for VMWare ESXi exploits to attract and encourage more researchers into auditing the security of this hypervisor as we firmly believe that there are many critical vulnerabilities affecting it and our government customers are in need of such exploits,” Chaouki Bekrar, founder and CEO of Zerodium, told SecurityWeek.
The offer for Microsoft Hyper-V exploit is a novelty in the Zerodium’s offer, this is the first time that the zero-day broker includes a payout for this kind of exploits.
“Hyper-V was not part of our bounty program as there was low to no interest in this product from our customers,” added Bekrar. “However, we’ve recently observed a significant increase in demand for Hyper-V exploits and we have decided to add it to our program.”
According to Bekrar, these payouts for Hyper-V and ESXi zero-day exploits are valid for a couple of months and then the company will decide for changes depending on the number of submissions received in this period
In January, Zerodium announced it is offering to pay up to $2 million for remote iOS jailbreaks that don’t need any user interaction, Previous offers of the company for this kind of exploits was $1.5 million.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.