DARPA, ARPA-H award $14m to 7 AIxCC semifinalists, with a catch

August 15, 2024 at 03:23PM The DARPA AI Cyber Challenge has narrowed down to seven semifinalists. The contest aimed at developing AI models to enhance open source code security in critical infrastructure. Semifinalists successfully identified and patched vulnerabilities, earning a $2 million prize and a spot in the finals. Finalists must agree to open source … Read more

Several Vulnerabilities Found in Google’s Quick Share Data Transfer Utility

August 12, 2024 at 11:54AM Vulnerabilities in Google’s Quick Share utility allowed man-in-the-middle attacks and unauthorized file transfers to Windows devices. SafeBreach discovered 10 vulnerabilities, prompting two CVEs, and detailed their findings at DEF CON 32. The flaws have been addressed, but the utility remains under scrutiny. A scheduled task vulnerability was also exploited. The … Read more

Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks

August 12, 2024 at 03:45AM Vulnerabilities in Ewon Cosy+ industrial remote access solution could allow attackers to gain root privileges, decrypt encrypted data, and hijack VPN sessions, posing significant security risks. The findings were presented at DEF CON 32. Attackers could exploit OpenVPN vulnerabilities to gain administrative and ultimately root access, compromise VPN sessions, and … Read more

Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

August 8, 2024 at 06:45AM Microsoft is developing security updates to tackle two vulnerabilities affecting Windows update architecture. The flaws can be exploited for downgrade attacks, allowing manipulation of system files and elevating privileges. Discovered by SafeBreach Labs researcher Alon Leviev, the vulnerabilities were presented at Black Hat USA 2024 and DEF CON 32, highlighting … Read more