Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections

November 25, 2024 at 04:24AM Researchers have identified a new malware campaign utilizing the Bring Your Own Vulnerable Driver (BYOVD) technique. This malware exploits a legitimate Avast Anti-Rootkit driver to disable security measures and gain kernel-level access, terminating 142 processes. The initial access vector and the scale of these attacks remain unknown. **Meeting Takeaways: Cybersecurity … Read more

Low-Code, High Risk: Millions of Records Exposed via Misconfigured Microsoft Power Pages

November 14, 2024 at 11:10AM A security researcher found misconfigurations in several Microsoft Power Pages installations, leading to unintentional access to confidential data. This investigation highlights a risk associated with low-code platforms, exposing millions of records due to improper setup. The findings were reported by SecurityWeek. **Meeting Takeaways:** 1. **Investigation Findings:** A security researcher conducted … Read more

Germany drafts law to protect researchers who find security flaws

November 6, 2024 at 10:19AM Germany’s Federal Ministry of Justice has proposed a law to protect security researchers from criminal liability when reporting vulnerabilities. The draft amends the Criminal Code, offering legal safety in defined circumstances and imposing stricter penalties for serious data crimes. Feedback is due by December 13, 2024, before parliamentary consideration. ### … Read more

How to jailbreak ChatGPT and trick the AI into writing exploit code using hex encoding

October 29, 2024 at 06:36PM OpenAI’s GPT-4o can be manipulated into generating exploit code by encoding malicious instructions in hexadecimal, bypassing its safety features. Researcher Marco Figueroa highlights this vulnerability on Mozilla’s 0Din platform, emphasizing the need for improved AI security measures and detection mechanisms for encoded content to prevent such exploitations. ### Meeting Takeaways … Read more

Just how private is Apple’s Private Cloud Compute? You can test it to find out

October 25, 2024 at 11:13AM Apple announced its Private Cloud Compute (PCC) platform for AI applications at its Worldwide Developer Conference in June. The company is inviting security researchers to test its security systems, offering bounties for vulnerabilities. PCC features custom hardware and a hardened OS, with resources made publicly available for independent verification. ### … Read more

Over $1 Million Paid Out at Pwn2Own Ireland 2024

October 25, 2024 at 09:31AM Pwn2Own Ireland 2024 has awarded participants more than $1 million for successful exploits involving cameras, printers, NAS devices, smart speakers, and smartphones. **Meeting Notes Takeaways:** 1. **Event:** Pwn2Own Ireland 2024 2. **Financial Highlights:** Participants have earned over $1 million. 3. **Exploits Focus:** The earnings were related to successful exploits involving: … Read more

Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security

October 25, 2024 at 09:25AM Apple has launched its Private Cloud Compute Virtual Research Environment, inviting researchers to validate its privacy claims and offering substantial monetary rewards for identifying vulnerabilities. The initiative aims to enhance AI security while ensuring user privacy, complemented by accessible source code on GitHub for deeper analysis. ### Meeting Takeaways (October … Read more

Apple creates Private Cloud Compute VM to let researchers find bugs

October 24, 2024 at 06:52PM Apple has launched a Virtual Research Environment (VRE) for public testing of its Private Cloud Compute (PCC) system, enhancing security through a $1 million bounty program for vulnerability findings. The source code for key components is available, allowing researchers to analyze and verify PCC’s privacy and security features. ### Meeting … Read more

White Hat Hackers Earn $500,000 on First Day of Pwn2Own Ireland 2024

October 23, 2024 at 03:58AM At Pwn2Own Ireland 2024, participants earned $500,000 on the first day by successfully hacking NAS devices, cameras, speakers, and printers. The event highlights the ongoing efforts and skills of white hat hackers in cybersecurity. The post appeared on SecurityWeek. **Meeting Takeaways:** 1. **Event Overview**: Pwn2Own Ireland 2024 is currently ongoing. … Read more

Apple Offering Hackable iPhones to Universities

October 21, 2024 at 01:46PM Apple is expanding its Security Research Device Program by providing hackable iPhones to select university educators, enhancing educational opportunities in cybersecurity. This initiative aims to facilitate research and development in security practices within academic institutions. **Meeting Notes Takeaways:** – Apple is expanding its Security Research Device Program. – The initiative … Read more