Interviews & Media

International:

• Wired:

  • Hackers Hijacked Google’s Gemini AI With a Poisoned Calendar Invite to Take Over a Smart Home

• Bleeping Computer:

  • Antivirus and EDR solutions tricked into acting as data wipers

• The Hacker News:

  • New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP

  • LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers

  • Researchers Demonstrate How EDR and Antivirus Can Be Weaponized Against Users

  • Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers

  • Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick Share

  • Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent

• Dark Reading:

  • Google Gemini AI Bot Hijacks Smart Homes, Turns Off the Lights

  • Google Quick Share Bug Bypasses Allow Zero-Click File Transfer

  • 'MagicDot' Windows Weakness Allows Unprivileged Rootkit Activity

  • Unpatched Active Directory Flaw Can Crash Any Microsoft Server

  • For Cyberattackers, Popular EDR Tools Can Turn into Destructive Data Wipers

• TechRadar:

  • Not so smart anymore - researchers hack into a Gemini-powered smart home by hijacking...Google Calendar?

  • Antivirus software can be hijacked to wipe data

  • Microsoft OneDrive could pose a serious security threat to your business

• Ars Technica:

  • Researchers design “promptware” attack with Google Calendar to turn Gemini evil

• ZDNET:

  • Beware of promptware: How researchers broke into Google Home via Gemini

• CNET:

  • Researchers Seize Control of Smart Homes With Malicious Gemini AI Prompts

• PCWorld:

  • Hackers can control smart homes by hijacking Google’s Gemini AI

• PCMag:

  • A Rogue Calendar Invite Could Turn Google's Gemini Against You

• Gizmodo:

  • Get Ready, the AI Hacks Are Coming

• The Register:

  • Infosec hounds spot prompt injection vuln in Google Gemini apps

  • How to ingeniously and wirelessly inject malware onto someone's nearby Windows PC via Google's Quick Share

  • Microsoft OneDrive a willing and eager 'ransomware double agent'

• Android Police:

  • Google Gemini can be used to do bad things, like take over your smart home

• Android Authority:

  • Poisoned calendar invite shows just how easily Gemini can be tricked to hijack your smart home

• SC Media:

  • Google Gemini for Workspace at risk of calendar invite compromise

  • RCE likely with exploitation of several now-addressed Google Quick Share bugs

  • Rootkit capabilities likely with Windows bugs

  • ‘DoubleDrive’ attack turns Microsoft OneDrive into ransomware

  • Windows LDAP vulnerability gains POC exploit

• SecurityWeek:

  • Vulnerabilities Allow Researcher to Turn Security Products Into Wipers

  • Several Vulnerabilities Found in Google’s Quick Share Data Transfer Utility

• Security Boulevard:

  • SafeBreach Labs Researcher Discovers Multiple Zero-Day Vulnerabilities in Leading Endpoint Detection and Response (EDR) and Antivirus (AV) Solutions 

• Medium:

  • Unveiling QuickShell: Dissecting a New RCE Attack in Google Quick Share

  • Turning EDRs and Cloud Backups to Malicious Wipers

  • Quick Share, Big Scare: The Hidden Flaws in Google’s Latest File-Sharing Tool 

• More:

  • Google Patches Critical Vulnerabilities in Quick Share After Researchers’ Warning (HackRead)

  • Next-Gen: How A Security Researcher Turned EDRs Into Wipers Using 0-Da Exploits (Infosecurity Magazine)

  • Zero-Day Flaws Found in Several Leading EDR, AV Solutions (eSecurity Planet)

  • The Top 3 Security Lessons to Take Away from Aikido Wiper (Bdaily News)

  • Multiple Zero-Day Vulnerabilities In Antivirus And Endpoint Let Attackers Install Data Wipers (GBHackers)

  • Vulnerabilities Allow Researcher to Turn Security Products into Wipers (ITSecurityWire)

  • A clever trick turns antivirus software into unstoppable data wiping scourges (TechSpot)

  • How EDR and Antivirus Can Be Weaponized Against Users: Find Out (TechTyche)

  • Microsoft Defender, AVG, Avast Can Be Tricked into Deleting Windows Files (WinBuzzer)

Video/Audio:

• 🌟 Absolute Baller Security Researcher, Or Yair (Simply Cyber)

• Inside the Mind of a Rising Cybersecurity Star: Or Yair of Safebreach (Simply Cyber)

• Turning EDRs and Cloud Backups to Malicious Wipers (Error Code)

Israel:

• הישג חסר תקדים לחברה ישראלית בכנסי הסייבר החשובים בעולם (Ynet)

• חוקרים ישראליים ניצלו את Quick Share של גוגל וסמסונג כדי לחרב מחשבים (Geektime)

• "לא ניתן לזיהוי": צעיר ישראלי יצר Wiper קטלני שמופעל על ידי מוצרי אבטחה של מיקרוסופט וחברות סייבר (Geektime)

• כך הפכתי את הכלי הפופולרי של מיקרוסופט לתוכנת כופר שאף כלי לא זיהה (Geektime)

•  חוקר ישראלי גילה: האקרים יכולים לפרוץ לאנטי-וירוס כדי למחוק מידע מהמחשב (Calcalist)