Tag: awarded | SpinSafe

Over $1 Million Awarded To Hackers In Pwn2Own Toronto

October 28, 2023/in Computer Security

Pwn2Own, the annual computer hacking contest that concluded in Toronto, Canada, on October 27, 2023, saw security researchers earning $1,038,500 for 58 unique zero-day exploits (and multiple bug collisions).

The four-day hacking event was held between October 24, 2023, and October 27, 2023, with prize money to be won over $1,000,000 USD and other forms of prizes available for contestants.

The hacking event had multiple categories for the security researchers to target in the competition, which included printers, surveillance systems, network-attached storage (NAS) devices, mobile phones, home automation hubs, smart speakers, and Google’s Pixel Watch and Chromecast devices.

The hacking contest saw the Samsung Galaxy S23 being successfully hacked four times by the teams of Pentest Ltd, STAR Labs SG, Interrupt Labs, and ToChim. While Pentest Ltd and Interrupt Labs were able to execute an Improper Input Validation against the Samsung Galaxy S23, STAR Labs SG and ToChim were able to exploit a permissive list of allowed inputs against the smartphone.

Further, the exploitation of Samsung Galaxy S23 earned the Pentest Ltd and Interrupt Labs teams a reward of $50,000 and $25,000, respectively, and 5 Master of Pwn points, while the STAR Labs SG and ToChim teams got $25,000 and 5 Master of Pwn points each for their exploits.

Other Highlights:

Chris Anastasio was able to exploit a bug in the TP-Link Omada Gigabit Router and another in the Lexmark CX331adwe for $100,000
Team Orca of Sea Security executed a 2-bug chain using an OOB Read and UAF against the Sonos Era 100 for $60,000
A DEVCORE Intern executed a stack overflow attack against the TP-Link Omada Gigabit Router and exploited two bugs in the QNAP TS-464 for $50,000
Team Viettel was able to execute a heap-based buffer overflow and a stack-based buffer overflow against the TP-Link Omada Gigabit Router and the Canon imageCLASS MF753Cdw for the SOHO Smashup for $50,000
Xiaomi, Western Digital, Synology, Canon, Lexmark, Sonos, TP-Link, QNAP, Wyze, Lexmark, and HP were all exploited during the competition

The overall Master of Pwn winner was Team Viettel, with 30 Master of Pwn points, winning $180,000. They were followed on the…

Source…

Engineering faculty-researcher awarded grant to decrease computer chip vulnerabilities

October 26, 2023/in Computer Security

Michael Zuzak, a faculty-researcher at Rochester Institute of Technology, is one of a growing field of engineers looking to improve computer chip security during manufacturing. Current solutions focus on securing specific regions of the chip design. This leaves the larger architecture vulnerable to compromise. Zuzak’s work to secure the entire chip could prevent piracy and help protect intellectual property.

“To get chips fabricated, you have to send the entire design to the manufacturer. Ultimately what we want to protect is what the company considers high value. We want to allocate security to more sensitive, unique parts of the system. The hope is that we will have the ability to prevent intellectual property theft during the entire semiconductor fabrication,” said Zuzak, an assistant professor of computer engineering in RIT’s Kate Gleason College of Engineering.

Zuzak received a two-year National Science Foundation grant to use the developmental practice of logic obfuscation to enable system-wide security during the manufacturing and testing of integrated circuits, also referred to as computer chips.

Global manufacturing companies mass produce integrated circuits. For fabrication, these companies are given extensive design files that can be counterfeited, pirated, or modified. This threatens “high-trust” applications such as healthcare and defense. Logic obfuscation was developed to mitigate threats. The proposed project will develop a design space modeling framework to automatically identify obfuscation configurations capable of system-wide security.

Zuzak is an expert in hardware security and methods to design and manufacture secure and reliable electronic systems. Hiding functionality during the production process is a way to ensure that the design cannot be modified or counterfeited.

“We’ve gotten very good at locking specific parts of the chip. What I am looking at is how we distribute obfuscation optimally throughout the full system to secure it as a whole rather than just specific modules within the chip,” said Zuzak, who is developing AI-driven algorithms to perform security assessments of the physical design that are resistant to…

Source…

$4.6 million NSF grant awarded to UAB Department of Computer Science; largest grant in its history – News

July 31, 2023/in Computer Security

UAB is one of the seven institutions receiving multimillion renewal funding to advance its Cyber Corps program. The grant will support an integrated curriculum for training master’s students in both cybersecurity and artificial intelligence.

CAS Comp Science Stream The College of Arts and Sciences at the University of Alabama at Birmingham has been awarded a Scholarship for Service grant renewal worth $4.6 million from the National Science Foundation to further cybersecurity workforce development programs.

“This renewal grant is the largest grant our department has received, which shows NSF’s trust in our vision to educate and train a world-class, diverse group of students who are ready to address real-world computer security and artificial intelligence challenges,” said Yuliang Zhang, Ph.D., professor and department chair of the UAB Department of Computer Science. “This grant is a renewal of the previous grant we received in 2017; but it is double in amount this time, which truly speaks to our commitment to preparing the best professionals who meet the ever-changing needs of the industry.”

This expansion of funds by NSF is aimed at addressing the growing need for a well-trained national cybersecurity workforce that is equipped to deal with artificial intelligence and machine learning and their spread –– an important aspect of the White House’s Cybersecurity strategy implementation plan.

Yuliang Zheng, Ph.D.“Cybersecurity is critical to our nation’s economic and national security,” said NSF Director Sethuraman Panchanathan. “Through this program, NSF has helped more than 4,500 students get the degrees they need to be part of the cybersecurity workforce and helped them give back through public service. With this announcement, NSF reaffirms its commitment to invest in institutions that have demonstrated exceptional success and innovative advancements to their existing projects with the aim of fostering a robust workforce and growing interest in cybersecurity careers.”

At UAB, the grant will support the following programs:

Cyber Corps: Scholarship for Service, which addresses the growing threat to the nation’s information technology infrastructure by…

Source…

Malwarebytes Awarded Highest Rated Endpoint Protection for Seven Quarters in a Row

June 22, 2023/in Internet Security

Rigorous tests by third-party research lab MRG Effitas demonstrate superior ability to detect and block real-world threats

SANTA CLARA, Calif., June 22, 2023 /PRNewswire/ — Malwarebytes, a global leader in real-time cyber protection, today announced that MRG Effitas, a world leader in independent IT research, gave Malwarebytes Endpoint Protection (EP) the highest possible score (100%) in its endpoint security efficacy assessment. As of the latest Q1 2023 test results, Malwarebytes is the only vendor to win every MRG Effitas certification and award for the seventh consecutive quarter, outperforming other solutions in its ability to spot and stop zero-day threats, ransomware, banking malware, fileless attacks and exploits. Centered around nine rounds of rigorous testing, MRG Effitas’ assessment criteria are the best way to evaluate endpoint security vendors today.

“Malwarebytes’ consistent high performance underscores our ability to spot and stop known threats as well as zero-day and polymorphic malware,” said Joe Hartmann, Senior Director of Threat Labs, Malwarebytes. “For under-resourced organizations that need endpoint security that just works, these results are a powerful tool to help them select the right protection for their business. Malwarebytes’ focus on leveraging machine learning and AI to automatically create detections means our solutions benefit from the speed and vast data consumption possible with these technologies. MRG Effitas’ quarterly testing alongside its new real-time testing solution Tempus, helps Malwarebytes’ protection stay ahead of the curve.”

MRG Effitas is an independent research and testing lab that evaluates endpoint protection solutions. The 360° Assessment & Certification by MRG Effitas isn’t like other tests that just evaluate traditional file-based attacks: they unleash real-world fileless cases and exploitation techniques, live botnets and credit card-skimming attacks on vendor products as well. In its latest report, MRG Effitas recognized Malwarebytes EP for its advanced security capabilities, particularly in detecting and preventing complex malware attacks. Malwarebytes EP is the engine that powers its endpoint detection and…

Source…

Tag Archive for: awarded