Latest news with #Pwn2Own
Techday NZ
a day ago
- Business
- Techday NZ
Trend Micro's Zero Day Initiative marks two decades of impact
Trend Micro's Zero Day Initiative (ZDI) is marking its twentieth year of reporting and coordinating disclosures of software vulnerabilities across the digital landscape. The ZDI claims the position as the world's largest vendor-agnostic bug bounty programme, having helped to identify and disclose thousands of software security flaws since its founding in 2005. According to data referenced by the company, the ZDI contributed to the responsible disclosure of 73 per cent of all reported vulnerabilities in 2024, exceeding the total from all other participating vendors combined. The bug bounty programme incentivises security researchers globally to uncover zero-day vulnerabilities in widely used products and to submit them in exchange for financial rewards. By working with vendors ahead of public disclosure, the ZDI aims to close security gaps before malicious actors can exploit them. One of the notable features for Trend customers is early access to virtual patches for zero-day threats. These interim security fixes are distributed, on average, over two months in advance of the release of official vendor updates. This provides an extended window of protection as vendors work to develop and test their formal patches. "Our top priority is empowering our customers to take a proactive approach to cybersecurity. The Zero Day Initiative is one of the best tools we have to stay ahead of cybercriminals, and it's one of a kind. Nobody else in the industry can protect their customers as far in advance as we do." This was stated by Mick McCluney, ANZ Field CTO at Trend Micro, who emphasised the significance of proactive approaches enabled by the ZDI's work. The initiative's history began in 2005 when it was established by TippingPoint, then a division of 3Com. Initially, it focussed on bringing together the security research community, providing a framework for researchers to report zero-day bugs responsibly by offering financial incentives. Two years later, the Pwn2Own competition was launched, challenging teams of researchers to discover vulnerabilities in specific software and operating system categories against the clock. Trend Micro took over the ZDI in 2016 following its acquisition of TippingPoint. Today, the programme comprises more than 450 dedicated researchers across 14 global threat centres, supported by a broader community of over 19,000 vulnerability researchers. The ZDI has played a role in several major security events over the past two decades. For example, its researchers uncovered issues with a patch intended to fix a LNK file vulnerability exploited by the Stuxnet worm, prompting Microsoft to develop a subsequent patch. Similarly, collaborative research with Microsoft led to the award of USD $125,000 to original ZDI researchers for identifying a method to bypass Internet Explorer's defences; this sum was subsequently donated to charity, and the technique went on to earn a patent. Other notable research successes include the identification of two zero-day vulnerabilities in Apple's QuickTime for Windows product, which resulted in Apple discontinuing support for the software and ZDI advising users to uninstall it. The ZDI's investigative output has also contributed to disrupting covert operation campaigns such as Black Energy APT, which has targeted Ukraine on multiple occasions. In 2023, a researcher associated with the ZDI was recognised with a Pwnie award for "most under-hyped research" after discovering a previously unreported exploit technique called activation context cache poisoning. The ZDI's operations not only benefit Trend Micro's client base but also contribute to improved security outcomes more broadly, by ensuring that vulnerabilities in widely used products are fixed before hostile actors can take advantage. The bug bounty scheme is credited with encouraging vendors to implement more robust security practices and to address security flaws ahead of public exploitation. As one of the larger vendor-neutral vulnerability research communities, ZDI continues to rely on its global network of researchers, ethical hacking competitions such as Pwn2Own, and partnerships with vendors, to fulfil its remit of identifying and coordinating the remediation of critical security flaws.
Fox News
03-08-2025
- Business
- Fox News
Microsoft SharePoint bug puts critical government agencies at risk
Hackers are actively exploiting a new zero-day bug in Microsoft's SharePoint Server software. The same software is used by key U.S. government agencies, including those tied to national security. The vulnerability affects on-premise versions of SharePoint, allowing attackers to break into systems, steal data and quietly move through connected services. While the cloud version is unaffected, the on-premise version is widely used by major U.S. agencies, universities and private companies. That puts far more than just internal systems at risk. Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide — free when you join my The exploit was first identified by cybersecurity firm Eye Security July 18. Researchers say it stems from a previously unknown vulnerability chain that can give attackers full control of vulnerable SharePoint servers without needing any credentials. The flaw lets them steal machine keys used to sign authentication tokens, meaning attackers can impersonate legitimate users or services even after a system is patched or rebooted. According to Eye Security, the vulnerability appears to be based on two bugs demonstrated at the Pwn2Own security conference earlier this year. While those exploits were initially shared as proof-of-concept research, attackers have now weaponized the technique to target real-world organizations. The exploit chain has been dubbed "ToolShell." Once inside a compromised SharePoint server, hackers can access connected Microsoft services. These include Outlook, Teams and OneDrive. This puts a wide range of corporate data at risk. The attack also allows hackers to maintain long-term access. They can do this by stealing cryptographic material that signs authentication tokens. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to act. It recommends checking systems for signs of compromise and isolating vulnerable servers from the internet. Early reports confirmed about 100 victims. Now, researchers believe attackers have compromised more than 400 SharePoint servers worldwide. However, this number refers to servers, not necessarily organizations. According to reports, the number of affected groups is growing rapidly. One of the highest-profile targets is the National Nuclear Security Administration (NNSA). Microsoft confirmed it was targeted but has not confirmed a successful breach. Other affected agencies include the Department of Education, Florida's Department of Revenue and the Rhode Island General Assembly. Microsoft confirmed the issue, disclosing that it was aware of "active attacks" exploiting the vulnerability. The company has released patches for SharePoint Server 2016, SharePoint Server 2019 and SharePoint Subscription Edition. Patches for all supported on-prem versions were issued as of July 21. If you're part of a business or organization that runs its own SharePoint servers, especially older on-premise versions, your IT or security team should take this seriously. Even if a system is patched, it could still be at risk if machine keys were stolen. Administrators should also rotate cryptographic keys and audit authentication tokens. For the general public, there's no action needed right now since this issue doesn't affect cloud-based Microsoft accounts like OneDrive or Microsoft 365. But it's a good reminder to stay cautious online. If your organization uses on-premise SharePoint servers, take the following steps right away to reduce risk and limit potential damage: 1. Disconnect vulnerable servers: Take unpatched SharePoint servers offline immediately to prevent active exploitation. 2. Install available updates: Apply Microsoft's emergency patches for SharePoint Server 2016, 2019 and Subscription Edition without delay. 3. Rotate authentication keys: Replace all machine keys used to sign authentication tokens. These may have been stolen and can allow ongoing access even after patching. 4. Scan for compromise: Check systems for signs of unauthorized access. Look for abnormal login behavior, token misuse or lateral movement within the network. 5. Enable security logging: Turn on detailed logging and monitoring tools to help detect suspicious activity going forward. 6. Review connected services: Audit access to Outlook, Teams and OneDrive for signs of suspicious behavior linked to the SharePoint breach. 7. Subscribe to threat alerts: Sign up for advisories from CISA and Microsoft to stay updated on patches and future exploits. 8. Consider migration to the cloud: If possible, transition to SharePoint Online, which offers built-in security protection and automatic patching. 9. Strengthen passwords and use two-factor authentication: Encourage employees to stay vigilant. Even though this exploit targets organizations, it's a good reminder to enable two-factor authentication (2FA) and use strong passwords. Create strong passwords for all your accounts and devices, and avoid using the same password for multiple online accounts. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse. Check out the best expert-reviewed password managers of 2025 at This SharePoint zero-day shows how fast research can turn into real attacks. What started as a proof-of-concept is now hitting hundreds of real systems, including major government agencies. The scariest part isn't just the access it gives but how it lets hackers stay hidden even after you patch. Should there be stricter rules around using secure software in government? Let us know by writing to us at Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide — free when you join my Copyright 2025 All rights reserved.
Forbes
01-08-2025
- Forbes
WhatsApp Hackers Offered $1 Million For New 0-Click Exploit
Meta is no stranger to cybersecurity issues; like all major technology platforms, it is in the crosshairs of those who would exploit the brand for harm and criminal profit. So we are used to cybercriminals attempting to steal Facebook passwords, and others targeting WhatsApp users. Earlier this year, I reported how some WhatsApp users were under attack from hackers employing a 'sophisticated spyware hack attack requiring no user interaction.' Such zero-click exploits are, thankfully, as rare as they are critically dangerous. This is why Meta has just offered elite hackers $1 million for a new zero-click attack. Here's what you need to know, and why this is actually a very good thing. The $1 Million WhatsApp Zero-Click Hack Explained Twice every year, some of the best hackers on the planet get together to compete in a totally legal event called Pwn2Own and organized by Trend Micro's Zero Day Initiative. In May, the first part of the competitive hacking frenzy saw the teams that successfully hacked everything from Windows 11 to Mozilla Firefox earn a total prize pool that exceeded a million dollars. Competing against each other to exploit previously unknown vulnerabilities, so-called zero-days, against the clock and against targets submitted by vendors, these hackers can find security issues that others cannot. And that's the point: the vulnerability, and the exploit for it, are handed over to the vendor which then has 90 days to issue a patch before any details are made public. It's a security win-win, and a good payday for the unsung hacking heroes. Between October 21-24, in Cork, Ireland, the second Pwn2Own contest will take place. One of the co-sponsors is Meta, and ZDI, along with the social media and messaging giant, is offering a staggering $1 million for a single exploit. '$1,000,000 for a 0-click WhatsApp bug that leads to code execution,' to be precise, according to the official announcement. But that's just the headline act as far as the WhatsApp hackers are concerned, big money rewards are also on offer for other exploits, adding more than another million to the prize pot.
Techday NZ
30-07-2025
- Business
- Techday NZ
AI deployment creates new cybersecurity risks, warns report
Trend Micro has published its latest State of AI Security Report, highlighting how the pace of artificial intelligence development is contributing to new cybersecurity vulnerabilities in critical infrastructure. The report details a range of security challenges faced by organisations as they deploy AI technologies, including vulnerabilities in key components, accidental internet exposure, weaknesses in open-source software, and issues with container-based systems. Critical vulnerabilities The research identifies vulnerabilities and exploits in vital parts of AI infrastructure. Many AI applications rely on a blend of specialised software, some of which are susceptible to the same flaws as traditional software. The report notes the discovery of zero-day vulnerabilities in components such as ChromaDB, Redis, NVIDIA Triton, and NVIDIA Container Toolkit, posing significant risks if left unpatched. In addition to these, the report draws attention to the exposure of servers hosting AI infrastructure to the public internet, often as a result of rapid deployment and inadequate security measures. According to Trend Micro, more than 200 ChromaDB servers, 2,000 Redis servers, and over 10,000 Ollama servers have been found exposed without authentication, leaving them open to malicious probing. Open-source and container concerns The reliance on open-source components in AI frameworks is another focus for security risks. Vulnerabilities may go unnoticed when they are integrated into production systems, as demonstrated at the recent Pwn2Own Berlin event. Researchers there identified an exploit in the Redis vector database, attributed to an outdated Lua component. Continuing the theme of infrastructure risk, the report discusses the widespread use of containers in AI deployments. Containers, while commonly used to improve efficiency, are vulnerable to the same security issues that plague broader cloud and container environments. Pwn2Own researchers also discovered an exploit targeting the NVIDIA Container Toolkit, raising concerns about container management practices in the deployment of AI technologies. Expert perspectives AI may represent the opportunity of the century for ANZ businesses. But those rushing in too fast without taking adequate security precautions may end up causing more harm than good. As our report reveals, too much global AI infrastructure is already being built from unsecured and/or unpatched components, creating an open door for threat actors. This statement from Mick McCluney, Field CTO for ANZ at Trend Micro, underscores the importance of balancing innovation in AI with a robust approach to cybersecurity. Stuart MacLellan, Chief Technology Officer at NHS SLAM, also shared perspectives on the organisational implications of these findings: There are still lots of questions around AI models and how they could and should be used. We now get much more information now than we ever did about the visibility of devices and what applications are being used. It's interesting to collate that data and get dynamic, risk-based alerts on people and what they're doing depending on policies and processes. That's going to really empower the decisions that are made organisationally around certain products. Recommended actions The report sets out several practical steps organisations can take to mitigate risk. These include enhanced patch management, regular vulnerability scanning, maintaining a comprehensive inventory of all software components, and adopting best practices for container management. The report also advises that configuration checks should be undertaken to ensure that critical AI infrastructure is not inadvertently exposed to the internet. The findings highlight the need for the developer community and users of AI to better balance security with speed to market. Trend Micro recommends that organisations exercise due diligence, particularly as the adoption of AI continues to rise across various sectors.
Time of India
26-07-2025
- Business
- Time of India
Microsoft looking at ‘internal leak' after Chinese hackers exploit SharePoint flaw
Microsoft is reportedly investigating whether a leak within its Microsoft Active Protections Program (MAPP), an early alert system for cybersecurity companies, allowed alleged Chinese state-backed hackers to exploit vulnerabilities in its SharePoint service before patches were widely available. The development comes after a security fix released by the tech giant earlier this month reportedly failed to fully address a critical flaw in the server software, leading to widespread cyber espionage attempts. 'As part of our standard process, we'll review this incident, find areas to improve, and apply those improvements broadly,' a Microsoft spokesperson was quoted by Bloomberg as saying. Meanwhile, Microsoft told news agency Reuters that it continually evaluates 'the efficacy and security of all of our partner programs and makes the necessary improvements as needed.' How Microsoft SharePoint was hacked Last week, Microsoft acknowledged that at least two alleged Chinese hacking groups, identified as " Linen Typhoon " and " Violet Typhoon ," along with a third China-based entity, were actively exploiting these weaknesses. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like AirSense 11 – Smart tech for deep sleep ResMed Buy Now Undo The vulnerability in question was first publicly demonstrated in May by Dinh Ho Anh Khoa, a researcher with Vietnamese cybersecurity firm Viettel, at the Pwn2Own cybersecurity conference in Berlin. Khoa was awarded $100,000 for his discovery, prompting Microsoft to release an initial patch in July. However, members of the MAPP program had already been notified of these vulnerabilities on June 24, July 3, and July 7, according to Dustin Childs, head of threat awareness for Trend Micro's Zero Day Initiative, which organises Pwn2Own. Microsoft observed exploit attempts beginning July 7. Childs told Reuters that "the likeliest scenario is that someone in the MAPP program used that information to create the exploits." While the specific vendor responsible for a potential leak remains unclear, Childs speculated, "since many of the exploit attempts come from China, it seems reasonable to speculate it was a company in that region." Nvidia Makes History: First Company to Hit $4 Trillion Market Cap AI Masterclass for Students. Upskill Young Ones Today!– Join Now
