9 matches found
Prompt Injection 2.0: Hybrid AI Threats
Prompt injection attacks, where malicious input is designed to manipulate AI systems into ignoring their original instructions and following unauthorized commands instead, were first discovered by Preamble, Inc. in May 2022 and responsibly disclosed to OpenAI. Over the last three years, these...
JITSploitation III: Subverting Control Flow
Posted by Samuel Groß, Project Zero This three-part series highlights the technical challenges involved in finding and exploiting JavaScript engine vulnerabilities in modern web browsers and evaluates current exploit mitigation technologies. The exploited vulnerability, CVE-2020-9802, was fixed i...
DARPA Cyber Grand Challenge Offers $2M to Winners
The bug bounty continues to be turned on its ear. Microsoft began the wave of paying premium money for mitigation technologies via its Blue Hat prizes, and now DARPA has gone all-in to the tune of $2 million for the development of an automated network defense system that not only scans for and...
Researchers Nab $28k in Microsoft Bug Bounty Program
As part of its first-ever bounty program, Microsoft has paid out $28,000 to a small group of researchers who identified and reported vulnerabilities in Internet Explorer 11. The IE 11 bounty program only ran for one month during the summer, but it attracted a number of submissions from well-known...
Microsoft's Bug Bounty Program and the Law of Unintended Consequences
The Microsoft bug bounty program has been nearly a decade in the making and it is clear from the shape and size of it that the company did not simply slap the program together in order to join the cool kids. Rather, Microsoft’s security team spent years watching the way other programs work, seein...
Windows 8 will be challenge for Malware writers
Windows 8 will be challenge for Malware writers Microsofts security researcher believe that upcoming operating system, Windows 8 is a step forward in security and Windows 8 will be far better at protecting against malware than it's predecessors. Chris Valasek, a senior security research scientis...
Microsoft Releases New Version of EMET
Microsoft has released a new, fully supported version of the Enhanced Mitigation Experience Toolkit EMET designed to mitigate exploitation attempts. EMET allows users to manage security mitigation technologies to make it more difficult for an attacker to exploit software vulnerabilities. US-CERT...
Microsoft Cites Progress in SDL Report, Advocates More Adoption of ASLR, DEP
In the more than nine years since Bill Gates’s Trustworthy Computing email kicked off Microsoft’s comprehensive, company-wide security initiative, the company has not only committed a tremendous amount of money and resources to the project but also has been quite open and public about the process...
Microsoft Releases New Version of EMET Exploit Mitigation Toolkit
Mitigation has become the word of the moment at Microsoft, and the company on Thursday continued its recent flow of tools designed to lessen the effectiveness of certain attacks with the release of version 2.0 of its Enhanced Mitigation Experience Toolkit. The new version of the toolkit includes ...