Information Security News mailing list archives
A Saudi Cybersecurity Company Tried to Buy Zero Day Exploits from Me
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 14 Mar 2019 09:00:06 +0000 (UTC)
https://motherboard.vice.com/en_us/article/xwbk5j/saudi-cybersecurity-company-tried-buy-zero-days-from-me-haboob-darkmatter By Joseph Cox Motherboard.vice.com March 12, 2019 Zero days -- exploits that take advantage of vulnerabilities the vendor, such as Apple, doesn’t know about -- are a hot commodity. With a zero day, a hacker, perhaps working for a government, can have a better chance of being able to break into a target's computer or phone. If Apple or Google aren’t even aware of a security issue with their products, hackers don't have to worry about a target's device being patched to defend against it. A booming industry of contractors, boutique exploit shops, and individual brokers are looking to buy such attacks, sometimes so they can then sell them to government clients. We recently got a rare look at how a company tried to source these exploits through private one-on-one deals. I know, because the company tried to buy zero days from me. Seemingly not understanding I was a journalist despite my online presence showing clearly I work for a media outlet, one person linked to a company based in Saudi Arabia reached out, and explained they were hoping to buy zero day exploits. "Thanks and looking to deal with you," the person, who said they worked for a cybersecurity company called Haboob, wrote in a message from a Saudi number. [...]
-- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- A Saudi Cybersecurity Company Tried to Buy Zero Day Exploits from Me InfoSec News (Mar 14)