Pwn2Own Vancouver 2023 to Put Tesla to the Test

Pwn2Own Vancouver 2023 to Put Tesla to the Test

At Trend Micro, we’ve always said that cybersecurity is a team sport. But what happens when you put those teams in competition with each other? We believe you create the conditions in which the world’s best hackers thrive. And ultimately, you make the connected world safer in the process. That’s the philosophy of our Zero Day Initiative’s Pwn2Own competition. For the past 15+ years, teams from across the globe have battled each other for big…

Read More

Celebrating 15 Years of Pwn2Own

Celebrating 15 Years of Pwn2Own

Exploits & Vulnerabilities Join Erin Sindelar, Mike Gibson, Brian Gorenc, and Dustin Childs as they discuss Pwn2Own’s 15th anniversary, what we’ve learned, and how the program will continue to serve the cybersecurity community in the future. By: Trend Micro May 25, 2022 Read time:  ( words) Source link

Read More

Critically Underrated: Studying the Data Distribution Service (DDS) Protocol

Critically Underrated: Studying the Data Distribution Service (DDS) Protocol

By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics) Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware software technology is responsible for running billions of public and private devices and mechanisms currently in use.  DDS is integral in embedded systems that…

Read More

Defending the Supply Chain: Why the DDS Protocol is Critical in Industrial and Software Systems

Defending the Supply Chain: Why the DDS Protocol is Critical in Industrial and Software Systems

By measuring the exposure of DDS services, in one month we found 643 distinct public-facing DDS services in 34 countries affecting 100 organizations via 89 internet service providers (ISPs). Of the DDS implementations by seven distinct vendors (one of which we were initially unaware of), 202 leaked private IP addresses (referring to internal network architecture details), and seven supposedly secret URLs. Some of these IP addresses expose unpatched or outdated DDS implementations, which are affected…

Read More

This Week in Security News – January 7, 2022

This Week in Security News – January 7, 2022

Read on: Are Endpoints at Risk for Log4Shell Attacks The end of 2021 saw the emergence of the Log4Shell (CVE-2021-44228) vulnerability, a critical vulnerability in the ubiquitous Java logging package Apache Log4j. Exploiting Log4Shell via crafted log messages can allow an attacker to execute code on remote machines. The potential impact of this vulnerability is great enough that it scores a 10.0 rating based on CVSS version 3.x and a 9.3 rating based on CVSS…

Read More

Examining Log4j Vulnerabilities in Connected Cars and Charging Stations

Examining Log4j Vulnerabilities in Connected Cars and Charging Stations

Evidence of attacks using the Log4j vulnerability was also shown in a test that triggered a bug on a Tesla car. For this case, the source does not provide much information on where it was actually executed. Nevertheless, this means that the exploitation of the vulnerability could still have an impact on the user’s privacy and the general security of the car because a back-end compromise could allow attackers to push actions to the car…

Read More

This Week in Security News – December 10, 2021

This Week in Security News – December 10, 2021

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, read about Trend Micro’s predictions for security in the coming year. Also, learn about the Biden administration’s latest initiatives for curtailing attacks on the transport infrastructure. Read on: Pushing Forward Key Takeaways from Trend Micro’s Security Predictions for 2022 Because of the Covid-19 pandemic, organizations have learned to…

Read More

COP26 Backs Electric Vehicles to Reduce Climate Change

COP26 Backs Electric Vehicles to Reduce Climate Change

Last October 31, the 2021 United Nations Climate Change Conference started, tackling various ways on how countries plan to address the looming threat of climate change. During the event, electric vehicles (EVs) are expected to take center stage as one of the various ways countries can mitigate climate change. Also known as COP26, the 2021 edition is the 26th year that the conference parties to the United Nations Framework Convention on Climate Change. It is…

Read More