Vulnerabilities / Threats

8/3/2017
05:30 PM
Kelly Sheridan
Kelly Sheridan
Slideshows
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

2017 Pwnie Awards: Who Won, Lost, and Pwned

Security pros corralled the best and worst of cybersecurity into an award show highlighting exploits, bugs, achievements, and attacks from the past year.
Previous
1 of 14
Next

(Image: Pwnies.com)

(Image: Pwnies.com)

Each year, security experts gather to celebrate the achievements and failures of security researchers and the broader infosec community during the Pwnie awards. This year's ceremony once again took place during the Black Hat USA conference in Las Vegas.

The show's committee accepted nominations for bugs disclosed over the past year, from June 2, 2016 through May 31, 2017. Nominees are judged by a panel of respected security researchers, which according to its website is "the closest to a jury of peers a likely to ever get."

Winners were announced the week of Black Hat during an informal (and hilarious) ceremony hosted by judges and infosec pros Travis Goodspeed, Charlie Miller, Brandon Edwards, Katie Moussouris, and Dino Dai Zovi.

Winners in attendance were honored with "Pwnie" statues; some recipients, like Australian Prime Minister Malcolm Turnbull and the Shadow Brokers, were obviously absent.

The 2017 show included award categories ranging from Best Cryptographic Attack to Best Server-Side Bug to Lamest Vendor Response. Who were this year's winners? Take a look to find out.

 

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Previous
1 of 14
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
8/11/2017 | 3:35:25 PM
Re: Ghostbutt
Somebody with a sense of humor will have to release STAYPUFT MARSHMALLOW Ransonware. 
Trackpads
50%
50%
Trackpads,
User Rank: Apprentice
8/11/2017 | 9:51:13 AM
No Democrats?
No awards for the DNC or the Hillary campaing?  Come on, THAT would have been hillarious
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
8/11/2017 | 6:55:21 AM
Ghostbutt
Ghostbutt is the strangest, most comical name I've heard for a vulnerability. Anyone know of any others that might rival it?
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20161
PUBLISHED: 2018-12-15
A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the...
CVE-2018-20159
PUBLISHED: 2018-12-15
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a "...
CVE-2018-20157
PUBLISHED: 2018-12-15
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
CVE-2018-20154
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.
CVE-2018-20155
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.