AI Vulnerability Finding

Read Time:38 Second

Microsoft is reporting that its AI systems are able to find new vulnerabilities in source code:

Microsoft discovered eleven vulnerabilities in GRUB2, including integer and buffer overflows in filesystem parsers, command flaws, and a side-channel in cryptographic comparison.

Additionally, 9 buffer overflows in parsing SquashFS, EXT4, CramFS, JFFS2, and symlinks were discovered in U-Boot and Barebox, which require physical access to exploit.

The newly discovered flaws impact devices relying on UEFI Secure Boot, and if the right conditions are met, attackers can bypass security protections to execute arbitrary code on the device.

Nothing major here. These aren’t exploitable out of the box. But that an AI system can do this at all is impressive, and I expect their capabilities to continue to improve.

CVE Program Almost Unfunded

Hertz Data Breach Exposes Customer Information in Cleo Zero-Day Attack

China-Backed Hackers Exploit BRICKSTORM Backdoor to Spy on European Businesses

92% of Mobile Apps Found to Use Insecure Cryptographic Methods

Insurance firm Lemonade warns of breach of thousands of driving license numbers

Scalper Bots Fueling DVSA Driving Test Black Market

Chaos Reins as MITRE Set to Cease CVE and CWE Operations

Chaos Reigns as MITRE Set to Cease CVE and CWE Operations

Cybersecurity Warrior Mindset