November 20, 2024 at 12:09PM Google’s OSS-Fuzz project has identified 26 vulnerabilities, including a critical flaw in OpenSSL. Utilizing AI-driven fuzzing, the tool finds bugs unlikely to be detected by humans. OSS-Fuzz aims to automate the fuzzing workflow, enhancing code testing with large language models to improve security against potential threats. ### Meeting Takeaways: 1. … Read more
November 5, 2024 at 01:43AM Google’s AI model, Big Sleep, claims to be the first to identify a memory safety vulnerability—a stack buffer underflow—in SQLite before its release. Developed by Project Zero and DeepMind, Big Sleep aims to enhance bug detection beyond traditional fuzzing methods. This marks a significant advancement in AI-driven software security. ### … Read more
March 5, 2024 at 06:45AM Startups and mid-market businesses heavily rely on cloud services, leading to a complex and distributed attack surface that’s challenging to monitor and secure. Exposure management in cybersecurity aims to provide visibility and prioritize vulnerabilities to reduce business risks. Intruder offers automated vulnerability management to discover and prioritize weaknesses across the … Read more
November 15, 2023 at 11:11AM The encryption algorithms used to secure emergency radio communications will be released to the public domain, after vulnerabilities were found in TETRA. The decision to go public is a complete turn from ETSI, which initially denied vulnerabilities. The algorithms will be open to academic research for independent reviews. No date … Read more
October 24, 2023 at 05:48PM Researchers from ETH Zurich have developed Cascade, a novel fuzzer designed to find bugs in RISC-V chips. Unlike other fuzzers, Cascade constructs long random programs that manage the control flow during execution, allowing for more thorough testing of the silicon. It was able to find 37 new bugs in six … Read more