Trend Micro’s Zero Day Initiative, the largest vendor-agnostic bug bounty program in the world, was battle-hardened more than a decade before you could hack the Pentagon. They have purchased and disclosed vulnerabilities found by freelance hackers in everything from Windows to industrial control equipment. It’s one-part public service to help disclose vulnerabilities to manufacturers, one-part research service for defenders trying to get a head start on security gaps they will need to defend.
The Initiative celebrated 15 years this week. SC Media talked with the Zero Day Initiative Director Brian Gorenc about how the project came to be, what the last 15 years have taught him about disclosure, and that time he inadvertently rendered NSA spy tools useless.
By making their findings public, Trend Micro researchers are prompting organizations to further scrutinize the little black boxes that serve as translators on key networks. The research covered vendors in France, Taiwan and the U.S.
Industrial robots are now being used to assemble everything from airplanes to smartphones, using human-like arms to mechanically repeat the same processes over and over, thousands of times a day with nanometric precision.
But according to a new report entitled “Rogue Automation,” some robots have flaws that could make them vulnerable to advanced hackers, who could steal data or alter a robot’s movements remotely, like a scene out of science fiction.
Turf wars are heating up over the routers that fuel distributed denial of service attacks—and cybermercenaries are running rampant.
On Wednesday, the cybersecurity firm Trend Micro is releasing findings about escalating global turf wars between attacker groups vying to seize control of vulnerable routers and other devices. Their aim: to power botnets that can direct a firehose of malign traffic or requests for DDoS attacks. Such territory disputes are a hallmark of botnets, but attackers seem increasingly motivated grow their zombie armies not for their own purposes, but in service of more professionalized—and profitable—"DDoS for hire" schemes.