July 1, 2024 at 05:02PM Google will reward security researchers who can perform a guest-to-host attack using a zero-day vulnerability in the KVM open source hypervisor. The meeting notes indicate that if security researchers are able to carry out a guest-to-host attack by exploiting a zero-day vulnerability in the KVM open source hypervisor, Google is … Read more
January 12, 2024 at 12:11AM Trend Micro’s Zero Day Initiative (ZDI) disclosed 1,913 bugs in 2023 with 74% rated as Critical/High risk. The program identified vulnerabilities in attacks using zero-day exploits and provided early virtual patches to protect customers. ZDI also contributed 20% of bugs to Microsoft and 78% to Adobe, supporting both vendors in … Read more
December 19, 2023 at 03:39PM Akamai security researchers have disclosed multiple bypasses for Microsoft’s patches for an Outlook zero-click remote code execution vulnerability. The original issue, CVE-2023-23397, was exploited by a Russian state-sponsored threat actor, prompting Microsoft to release a patch in March 2023. Akamai identified other bypasses, which Microsoft has subsequently addressed in later … Read more
November 29, 2023 at 09:54AM EURECOM’s Daniele Antonioli uncovered BLUFFS attacks that break Bluetooth’s secrecy by imitating devices and enabling MitM attacks. These exploits affect Bluetooth’s session key derivation across most devices. Antonioli proposed a solution and a toolkit to demonstrate the vulnerabilities, which major tech companies are addressing. Meeting Takeaways: 1. Professor Daniele Antonioli … Read more