• Sc chevron_right

    Hacks at Pwn2Own Vancouver 2023 / Schneier · Monday, 27 March - 03:33 · 1 minute

An impressive array of hacks were demonstrated at the first day of the Pwn2Own conference in Vancouver:

On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model 3.

The first to fall was Adobe Reader in the enterprise applications category after Haboob SA’s Abdul Aziz Hariri ( @abdhariri ) used an exploit chain targeting a 6-bug logic chain abusing multiple failed patches which escaped the sandbox and bypassed a banned API list on macOS to earn $50,000.

The STAR Labs team ( @starlabs_sg ) demoed a zero-day exploit chain targeting Microsoft’s SharePoint team collaboration platform that brought them a $100,000 reward and successfully hacked Ubuntu Desktop with a previously known exploit for $15,000.

Synacktiv ( @Synacktiv ) took home $100,000 and a Tesla Model 3 after successfully executing a TOCTOU (time-of-check to time-of-use) attack against the Tesla-Gateway in the Automotive category. They also used a TOCTOU zero-day vulnerability to escalate privileges on Apple macOS and earned $40,000.

Oracle VirtualBox was hacked using an OOB Read and a stacked-based buffer overflow exploit chain (worth $40,000) by Qrious Security’s Bien Pham ( @bienpnn ).

Last but not least, Marcin Wiązowski elevated privileges on Windows 11 using an improper input validation zero-day that came with a $30,000 prize.

The con’s second and third days were equally impressive.

  • chevron_right

    Unkillable UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw / ArsTechnica · Monday, 6 March - 16:58 · 1 minute

Unkillable UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw

Enlarge (credit: Aurich Lawson | Getty Images)

Researchers on Wednesday announced a major cybersecurity find—the world’s first-known instance of real-world malware that can hijack a computer’s boot process even when Secure Boot and other advanced protections are enabled and running on fully updated versions of Windows.

Dubbed BlackLotus, the malware is what’s known as a UEFI bootkit. These sophisticated pieces of malware infect the UEFI—short for Unified Extensible Firmware Interface —the low-level and complex chain of firmware responsible for booting up virtually every modern computer. As the mechanism that bridges a PC’s device firmware with its operating system, the UEFI is an OS in its own right. It’s located in an SPI -connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch.

Because the UEFI is the first thing to run when a computer is turned on, it influences the OS, security apps, and all other software that follows. These traits make the UEFI the perfect place to run malware. When successful, UEFI bootkits disable OS security mechanisms and ensure that a computer remains infected with stealthy malware that runs at the kernel mode or user mode, even after the operating system is reinstalled or a hard drive is replaced.

Read 28 remaining paragraphs | Comments

  • Sc chevron_right

    Critical Microsoft Code-Execution Vulnerability / Schneier · Wednesday, 21 December - 19:03 · 1 minute

A critical code-execution vulnerability in Microsoft Windows was patched in September. It seems that researchers just realized how serious it was (and is):

Like EternalBlue, CVE-2022-37958, as the latest vulnerability is tracked, allows attackers to execute malicious code with no authentication required. Also, like EternalBlue, it’s wormable, meaning that a single exploit can trigger a chain reaction of self-replicating follow-on exploits on other vulnerable systems. The wormability of EternalBlue allowed WannaCry and several other attacks to spread across the world in a matter of minutes with no user interaction required.

But unlike EternalBlue, which could be exploited when using only the SMB, or server message block, a protocol for file and printer sharing and similar network activities, this latest vulnerability is present in a much broader range of network protocols, giving attackers more flexibility than they had when exploiting the older vulnerability.


Microsoft fixed CVE-2022-37958 in September during its monthly Patch Tuesday rollout of security fixes. At the time, however, Microsoft researchers believed the vulnerability allowed only the disclosure of potentially sensitive information. As such, Microsoft gave the vulnerability a designation of “important.” In the routine course of analyzing vulnerabilities after they’re patched, Palmiotti discovered it allowed for remote code execution in much the way EternalBlue did. Last week, Microsoft revised the designation to critical and gave it a severity rating of 8.1, the same given to EternalBlue.

  • Sc chevron_right

    Microsoft Zero-Days Sold and then Used / Schneier · Saturday, 30 July, 2022 - 08:12

Yet another article about cyber-weapons arms manufacturers and their particular supply chain. This one is about Windows and Adobe Reader zero-day exploits sold by an Austrian company named DSIRF.

There’s an entire industry devoted to undermining all of our security. It needs to be stopped.

  • chevron_right

    Microsoft puts Windows 10X variant on the back burner / ArsTechnica · Thursday, 13 May, 2021 - 16:20

The Surface Neo failed to launch in 2020—this year, it looks like its operating system will share that fate.

Enlarge / The Surface Neo failed to launch in 2020—this year, it looks like its operating system will share that fate. (credit: Microsoft)

At its fall 2019 Surface event, Microsoft announced that Windows 10X—a new consumer Windows distribution—would power a line of dual-screened tablet devices in 2020. But the Surface Neo never arrived, and in May 2020, Microsoft Chief Product Officer Panos Panay retargeted Windows 10X to "single screen experiences."

What was Windows 10X?

Microsoft's original plan for the Windows variant was to "enable unique experiences on multi-posture dual-screen PCs." This meant powering an entirely new class of devices—a hinged pair of touchscreens, which seemed to be trying to bridge the divide between tablet and notebook. In addition to Microsoft's own Surface Neo, the company's hardware partners—including Dell, Lenovo, and HP—were supposed to manufacture devices to the new specification.

But Microsoft nixed the Neo last year, and the talk of partner-manufactured 10X devices died along with it. The company's new chief product officer, Panos Panay, declared that Microsoft "need[s] to focus on meeting customers where they are now"—which meant focusing on single-screen devices and interfaces again.

Read 7 remaining paragraphs | Comments

  • Nu chevron_right

    « Vous avez chopé un logiciel d’espionnage » : on a appelé une arnaque au support Windows 10 / Numerama · Wednesday, 3 March, 2021 - 09:34

Cyberguerre a mordu à une des arnaques les plus courantes, l'arnaque au support Windows 10, pour que vous n'ayez pas à le faire. [Lire la suite]

Voitures, vélos, scooters... : la mobilité de demain se lit sur Vroom !

L'article « Vous avez chopé un logiciel d’espionnage » : on a appelé une arnaque au support Windows 10 est apparu en premier sur Numerama .

  • chevron_right

    The world’s second-most popular desktop operating system isn’t macOS anymore / ArsTechnica · Wednesday, 17 February, 2021 - 22:27

Just a few of the Chromebooks we

Enlarge / Just a few of the Chromebooks we've reviewed and tested in recent years. (credit: Valentina Palladino )

For ages now, every annual report on desktop operating system market share has had the same top two contenders: Microsoft's Windows in a commanding lead at number one, and Apple's macOS in distant second place. But in 2020, Chrome OS became the second-most popular OS, and Apple fell to third.

That's according to numbers by market data firm IDC, and a report on IDC's data by publication GeekWire. Chrome OS had passed macOS in briefly in individual quarters before, but 2020 was the first full year where Apple's OS took third place.

Despite the fact that macOS landed in third, it might not be accurate to see this as an example of Google beating out Apple directly. Rather, it's likely that Chrome OS has been primarily pulling sales and market share away from Windows at the low end of the market. Mac market share actually grew from 6.7 percent in 2019 to 7.5 percent in 2020.

Read 4 remaining paragraphs | Comments