Vulnerabilities / Threats

8/3/2017
05:30 PM
Kelly Sheridan
Kelly Sheridan
Slideshows
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

2017 Pwnie Awards: Who Won, Lost, and Pwned

Security pros corralled the best and worst of cybersecurity into an award show highlighting exploits, bugs, achievements, and attacks from the past year.
Previous
1 of 14
Next

(Image: Pwnies.com)

(Image: Pwnies.com)

Each year, security experts gather to celebrate the achievements and failures of security researchers and the broader infosec community during the Pwnie awards. This year's ceremony once again took place during the Black Hat USA conference in Las Vegas.

The show's committee accepted nominations for bugs disclosed over the past year, from June 2, 2016 through May 31, 2017. Nominees are judged by a panel of respected security researchers, which according to its website is "the closest to a jury of peers a likely to ever get."

Winners were announced the week of Black Hat during an informal (and hilarious) ceremony hosted by judges and infosec pros Travis Goodspeed, Charlie Miller, Brandon Edwards, Katie Moussouris, and Dino Dai Zovi.

Winners in attendance were honored with "Pwnie" statues; some recipients, like Australian Prime Minister Malcolm Turnbull and the Shadow Brokers, were obviously absent.

The 2017 show included award categories ranging from Best Cryptographic Attack to Best Server-Side Bug to Lamest Vendor Response. Who were this year's winners? Take a look to find out.

 

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Previous
1 of 14
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
8/11/2017 | 3:35:25 PM
Re: Ghostbutt
Somebody with a sense of humor will have to release STAYPUFT MARSHMALLOW Ransonware. 
Trackpads
50%
50%
Trackpads,
User Rank: Apprentice
8/11/2017 | 9:51:13 AM
No Democrats?
No awards for the DNC or the Hillary campaing?  Come on, THAT would have been hillarious
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
8/11/2017 | 6:55:21 AM
Ghostbutt
Ghostbutt is the strangest, most comical name I've heard for a vulnerability. Anyone know of any others that might rival it?
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Shhh!  They're watching... And you have a laptop?  
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-3961
PUBLISHED: 2018-05-25
Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes.
CVE-2018-11468
PUBLISHED: 2018-05-25
The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.
CVE-2018-6664
PUBLISHED: 2018-05-25
Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility.
CVE-2018-6674
PUBLISHED: 2018-05-25
Privilege Escalation vulnerability in Microsoft Windows client in McAfee VirusScan Enterprise (VSE) 8.8 allows local users to view configuration information in plain text format via the GUI or GUI terminal commands.
CVE-2018-1133
PUBLISHED: 2018-05-25
An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection.