The #Tesla wall charger is a new target for this year's #Pwn2Own Automotive. ZDI researcher Dmitry Janushkevich breaks down the device to expose the attack surface in his latest blog. Read the details (and check out the pictures) at https://lnkd.in/ehU-y-Ex
Trend Micro Zero Day Initiative
Computer and Network Security
Austin, Texas 6,651 followers
Founded in 2005 - Trend Micro’s Zero Day Initiative (ZDI) is the world's largest vendor-agnostic bug bounty program.
About us
Trend Micro's Zero Day Initiative (ZDI) was created to encourage the reporting of 0-day vulnerabilities privately to the affected vendors by financially rewarding researchers. At the time, there was a perception by some in the information security industry that those who find vulnerabilities are malicious hackers looking to do harm. Some still feel that way. While skilled, malicious attackers do exist, they remain a small minority of the total number of people who actually discover new flaws in software. Today, as a part of Trend Micro, the ZDI represents the world’s largest vendor-agnostic bug bounty program. Our approach to the acquisition of vulnerability information is different from other programs. No technical details concerning the vulnerability are sent out publicly until the vendor has released a patch. We do not resell or redistribute the vulnerabilities that are acquired through the ZDI. Interested researchers provide us with exclusive information about previously un-patched vulnerabilities they have discovered. The ZDI then collects background information in order to validate the identity of the researcher strictly for ethical and financial oversight. Our internal researchers and analysts validate the issue in our security labs and make a monetary offer to the researcher. If the researcher accepts the offer, a payment will be promptly made. As a researcher discovers and provides additional vulnerability research, bonuses and rewards can increase through a loyalty program similar to a frequent flier program.
- Website
-
https://www.zerodayinitiative.com
External link for Trend Micro Zero Day Initiative
- Industry
- Computer and Network Security
- Company size
- 11-50 employees
- Headquarters
- Austin, Texas
- Type
- Public Company
- Founded
- 2005
- Specialties
- Reverse Engineering, Security Research, Vulnerability Disclosure, Security, Information Assurance, Exploit Development, and Fuzzing
Locations
-
Primary
Get directions
11305 Alterra Pkwy
Austin, Texas 78758, US
Employees at Trend Micro Zero Day Initiative
Updates
-
It's the last Patch Tuesday of 2024, but that doesn't mean #Adobe or #Microsoft took it easy. There's one Microsoft CVE being actively exploited and Adobe released fixes for 167 CVEs(!) in total. Join Dustin C. Childs, CISSP as he breaks down the release. https://lnkd.in/eph8xd_E
The Patch Report for December 2024
https://www.youtube.com/
-
It's the last Patch Tuesday of 2024, but that doesn't mean #Adobe or #Microsoft took it easy. One Microsoft CVE is being actively exploited and Adobe released fixes for 167 CVEs(!) in total. Join Dustin C. Childs, CISSP as he breaks down the release. https://lnkd.in/exW3u38c
Zero Day Initiative — The December 2024 Security Update Review
zerodayinitiative.com
-
The WolfBox E40 EV charger is a target in the upcoming #Pwn2Own Automotive. ZDI researcher Dmitry Janushkevich tears one down in his latest blog to find what attack surfaces exist in the device. He also details extracting the firmware. https://lnkd.in/efKDUCzs
Zero Day Initiative — Detailing the Attack Surfaces of the WolfBox E40 EV Charger
zerodayinitiative.com
-
In his second blog post covering the #Kenwood DMX958XR IVI, ZDI researcher Connor Ford examines the device's attack surface and lists all the open-source software used, including a 2011 version of OpenSSL and several other older components. https://lnkd.in/eFe3RXQB
Zero Day Initiative — Looking at the Attack Surfaces of the Kenwood DMX958XR IVI
zerodayinitiative.com
-
Interested in the targets for Pwn2Own Automotive? ZDI analyst Connor Ford details the internals of the Kenwood DMX958XR In-Vehicle Infotainment (IVI) in the first in a series looking at its attack surface. He includes detailed pictures of the circuit boards within the device and provides insight into their function. Read all the details (and check out the pic) at https://lnkd.in/eW5PjVSF
Zero Day Initiative — Looking at the Internals of the Kenwood DMX958XR IVI
zerodayinitiative.com
-
Prefer a video wrap of the Patch Tuesday release over the blog? We got you. Dustin C. Childs, CISSP covers the #Adobe and #Microsoft patches and points out which ones are a bit more than they seem. https://lnkd.in/ecGEJucK
The Patch Report for November 2024
https://www.youtube.com/
-
It's the penultimate Patch Tuesday of 2024, and there are two active attacks plus three (five?) other public bugs to cover. Dustin C. Childs, CISSP breaks down the latest fixes from #Adobe and #Microsoft in his latest patch blog. https://lnkd.in/e3ycTAad
Zero Day Initiative — The November 2024 Security Update Review
zerodayinitiative.com
-
Multiple Vulnerabilities in the Mazda Connect Connectivity Master Unit (CMU) - ZDI researcher Dmitry Janushkevich details several unfixed bugs in the #Visteon IVI found in many Mazda vehicles. He provides root cause and shows how exploitation could occur. https://lnkd.in/eBz2mjER
-
The draw is complete and now the schedule is out! You can check out the full schedule showing all four days of #Pwn2Own Ireland madness at https://lnkd.in/eruUgXDC