Tag Archives: ZDI

The Zero Day Initiative: Working Hard to Secure the Connected World

by Jay Coley

Trend Micro’s Zero Day Initiative (ZDI) has for 15 years been promoting coordinated vulnerability disclosure through what is now the world’s largest vendor-agnostic bug bounty program. Much of this work goes on behind the scenes, with little fanfare. But it’s vital work nonetheless in helping to secure the connected world, whilst providing early protection for Trend Micro/TippingPoint customers.

A case in point was Microsoft’s silent patching of two ZDI-discovered bugs this week.

Behind the scenes
Discovered by ZDI’s Abdul-Aziz Hariri, the two vulnerabilities exist in the way that the Microsoft Windows Codecs Library handles objects in memory. If exploited, CVE-2020-1425 would allow an attacker to obtain information to further compromise a system, while CVE-2020-1457 could allow an attacker to execute arbitrary code.

It’s rare that patches are silently deployed by Microsoft like this to its customers, but that shouldn’t detract from the hard work of ZDI researchers here. In fact, ZDI was the number one external supplier of vulnerabilities to Microsoft last year, accounting for 38% of publicly discovered Microsoft flaws.

Why ZDI?
Why is this important? Because without programs like ZDI which advocate responsible disclosure, grey and black market trading of vulnerabilities would proliferate, resulting in less secure products and more exposed customers.

Vulnerability exploits are a vital pre-requisite of many cyber-attacks today. By galvanising the research community and incentivising responsible disclosure, the ZDI can help to make the digital world a safer place. Not only that, but we can also provide early protection for Trend Micro and TippingPoint customers. In this case, our customers were safe for over three months, before vendor patches were issued.

Focus on the HMI: Trend Micro Report Reveals Extent of Preventable SCADA Bugs

by Simon Edwards

With all the hype surrounding WannaCry over the past week, it’s easy to forget that organisations are facing a far broader range of threats than ransomware. Targeted attacks on critical infrastructure, particularly SCADA systems, have been on the radar since Stuxnet, but as the attacks on the Ukrainian power grid have shown, they’re still a major cause for concern.

That’s why Trend Micro compiled its latest report, Hacker Machine Interface, focusing specifically on the Human Machine Interface (HMI) displays present in most SCADA set-ups. Unfortunately, we found that a lot more needs to be done to architect more secure systems and to ensure patches are produced and applied swiftly. Continue reading