Tag Archive for: hat.

Vietnam’s ‘white hat’ hackers secure prestigious digital security award

/in


Last month, Viettel Cyber Security (VCS), a unit of Viettel, one of Vietnam’s largest state-owned enterprises, received thrilling news: they emerged as champions in the esteemed cybersecurity competition Pwn2Own Toronto 2023.

At the close of the competition on the evening of October 27, Viettel’s VCS team clinched the championship with an impressive total score of 30 points, earning them the distinguished title of ‘Master of Pwn’ and outpacing competitors by a significant margin of 12.75 points.

The total score was calculated based on successful participation and assigned Master of Pwn points in the competition’s category tables.

Pwn2Own 2023 was hosted by Toronto, Canada from October 24 to 27.

A team of young achievers

The sweet taste of success embraced the 14 young members of the team after three months of relentless dedication, working day and night, and competing fiercely against rivals worldwide.

Perhaps surprising to many, the youngest member, Do Anh Dung, a third-year student from the University of Engineering and Technology under the Vietnam National University-Hanoi, was born in 2003.

Beyond the youthfulness of Dung, the other 13 members of VCS, who achieved significant success at Pwn2Own 2023, are also young. 

Despite their tender age, each team member boasts considerable experience in cybersecurity, cultivated over years of dedicated work.

Even the youngest, Dung, made a noteworthy contribution, securing a victory in one of the competition categories, aiding in the team’s triumph.

On the evening of October 27, VCS secured the final victory, surpassing formidable opponents such as Sea Security from Singapore, Vupen and Synacktiv from France, and last year’s winners Devcore from Taiwan.

Ha Anh Hoang, a VCS team member, told Tuoi Tre (Youth) newspaper that they were informed about the devices they had to compromise only three months before the contest’s opening day.

This meant a tight preparation schedule, including purchasing new devices, exploring their hardware and software, and awaiting the arrival of some tools ordered from abroad, which took up to a month.

Nguyen Xuan Hoang, another team member, acknowledged the presence of…

Source…

DARPA is hosting a Black Hat contest to create cyber-security AI models

/in


Forward-looking: The Black Hat Def Con conference portrays itself as an internationally recognized cybersecurity event showcasing the most “technical and relevant” information security research in the business. For the next two years, the event will host a DARPA-funded contest to put AI algorithms to work on the increasingly pressing software security problem.

DARPA’s Artificial Intelligence Cyber Challenge (AIxCC) is a two-year competition for the “best and brightest” minds in the AI field, the contest’s official site explains. The Pentagon’s research agency wants companies and experts to create novel AI systems; machine learning models designed to secure the critical software code that runs beneath financial systems, public utilities and other digital infrastructures enabling modern life.

Software runs everything these days, DARPA states, which unfortunately provides an “expanding” attack surface for cyber-criminals and other malicious actors. The new AI capabilities developed during the past decade have shown “significant potential” to help address key societal challenges like cybersecurity, the US agency says. AIxCC will reward people and organizations that can actualize this theoretical potential.

DARPA says it will award a cumulative $18.5 million in prizes to the teams with the best AI systems. An additional $7 million will be awarded to small business ventures taking part in the contest. With AIxCC, the US military is seeking the development of ML models capable of identifying, and maybe fixing, dangerous security flaws within critical software projects.

DARPA will work with “leading” AI companies Anthropic, Google, Microsoft, and OpenAI to give AIxCC competitors access to the most advanced technology and expertise. With their help, contestants will likely increase their chances of developing a true “state-of-the-art” cybersecurity system infused with AI algorithms. The Open Source Foundation will contribute as well, as most modern software needing protection is based on open-source code projects.

The AIxCC challenge has already started during this year’s Def Con conference held in Las Vegas. AI teams will compete in a series of preliminary trials during 2024, with the…

Source…

Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware

/in


A threat actor infected their own computer with an information stealer, which has allowed Israeli threat intelligence company Hudson Rock to uncover their real identity.

Using the online moniker ‘La_Citrix’, the threat actor has been active on Russian speaking cybercrime forums since 2020, offering access to hacked companies and info-stealer logs from active infections.

La_Citrix, Hudson Rock says, has been observed hacking into organizations and compromising Citrix, VPN, and RDP servers to sell illicit access to them.

The hacker, the cybersecurity firm says, was careless enough to infect their own computer with an information stealer and to sell access to the machine without noticing.

This allowed Hudson Rock to explore the cybercriminal’s computer, which had been used to perpetrate intrusions at hundreds of companies. The computer contained employee credentials at almost 300 organizations, and the browser stored corporate credentials used to perform hacks.

According to Hudson Rock, La_Citrix was employing information stealers to exfiltrate corporate credentials that were then used to access organizations’ networks without authorization.

Further analysis of the threat actor’s computer also helped the cybersecurity firm discover their real identity and their location.

Advertisement. Scroll to continue reading.

“Data from La_Citrix’s computer such as ‘Installed Software’ reveals the real identity of the hacker, his address, phone, and other incriminating evidence such as ‘qTox’, prominent messenger used by ransomware groups, being installed on the computer,” Hudson Rock notes.

The threat intelligence company, which notes that it has knowledge of thousands of hackers who accidentally infected their own computers with malware, says it will forward the uncovered evidence to the relevant law enforcement authorities.

“This is not the first time we’ve identified hackers who accidentally got compromised by info-stealers, and we expect to see more as info-stealer infections grow exponentially,” the company notes.

Related: New Information Stealer ‘Mystic Stealer’ Rising to Fame

Related: North Korean Hackers Caught Using Malware With Microphone Wiretapping…

Source…

Automakers risk cyberattacks by paying white hat hackers less

/in


The auto industry lags others in cybersecurity, said Mohammed Ismail, chair of the Electrical and Computer Engineering Department at Wayne State University in Detroit.

“With any new technology, this is a very typical situation,” he said. “When Wi-Fi and Bluetooth started 25 years ago, it took years for those technologies to be seamless and mature.”

Ismail estimates the auto industry needs about five more years of R&D to produce millions of predominantly software-based vehicles that are very secure.

Friendly hackers will help the industry get there.

“Using a bug bounty platform has proven to be an effective way to bring on board the knowledge and expertise of the security community,” Katja Liesenfeld, Mercedes-Benz Cars & Vans’ manager for IT communications, said in an email. “We cannot give more details on any technical details as the programs are private.”

Automakers are reluctant to talk about their reward programs and cybersecurity issues. Ford, Jaguar Land Rover, Nissan, Stellantis and Subaru declined to discuss their cybersecurity programs with Automotive News. BMW, Porsche and Volkswagen did not respond to queries. Honda said it doesn’t have a bug bounty program.

Nonetheless, most of the auto industry is proactive about cybersecurity issues, said Kevin Tierney, General Motors’ chief cybersecurity officer and vice chair of the Automotive Information Sharing and Analysis Center, known as Auto-ISAC. The group of automakers shares information about potential cyberthreats, vulnerabilities and incidents.

“Everyone’s making big moves and big investments,” Tierney said. “It’s not always obvious to the end consumer with everything that’s happening.”

GM started its bug bounty program in 2016. It is administered by HackerOne, of San Francisco, which also runs programs for BMW, Ford, Rivian and Toyota.

HackerOne’s automotive business jumped 400 percent from 2021 to 2022 as clients added services to their contracts. In addition to bug bounty management, HackerOne provides vulnerability disclosure programs, penetration testing of online systems and other services.

Source…