Security Affairs
FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

BlackBerry Cylance addresses AI-based antivirus engine bypass

BlackBerry Cylance has addressed a bypass vulnerability recently discovered in its AI-based antivirus engine CylancePROTECT product. Experts at cybersecurity firm Skylight announced last week that they have devised a method to bypass BlackBerry Cylance’s AI-based antivirus engine, now the company addressed the issue with an update and attempted to downplay the impact of the issue. […]

BlackBerry Cylance addresses AI-based antivirus engine bypass

BlackBerry Cylance has addressed a bypass vulnerability recently discovered in its AI-based antivirus engine CylancePROTECT product.

Experts at cybersecurity firm Skylight announced last week that they have devised a method to bypass BlackBerry Cylance’s AI-based antivirus engine, now the company addressed the issue with an update and attempted to downplay the impact of the issue.

They discovered that the AI-based engine appeared to give special treatment to the files associated with a popular unnamed videogame.

The experts used specific strings from the game’s executable and appended them to known malicious file to masquerade them.

“We chose Cylance for practical reasons, namely, it is publicly available and widely regarded as a leading vendor in the field,” reads a post published by Skylight. “However, we believe that the process presented in this post can be translated to other pure AI products as well.

Skylight tested the universal bypass technique with popular hacking tools such as Mimikatz, ProcessHacker and Meterpreter, and well-known malware such as CoinMiner, Dridex, Emotet, Gh0stRAT, Kovter, Nanobot, Qakbot, Trickbot, and Zeus. The results were disconcerting, the technique obtained a success rate of over 83% in bypassing the Cylance engine when tested against 384 malicious files. In most of cases the files were rated as harmless.

Skylight publicly disclosed the issue without giving time to BlackBerry Cylance to address the flaw with the release of a security patch, anyway Cylance investigated the problem during the weekend.

The vendor explained that the technique could not be classified as a universal bypass.

“On July 18th, researchers publicly disclosed a specific bypass of CylancePROTECT®.” reads the post published by Cylance. “We verified the issue was not a universal bypass as reported, but rather a technique that allowed for one of the anti-malware components of the product to be bypassed in certain circumstances. The issue has been resolved for cloud-based scoring and a new agent will be rolled out to endpoints in the next few days. ”

The vendor added that the issue, in limited circumstances, could be used to manipulate the type of features analyzed by the engine.

“Features can be any aspect of a file which can be interpreted or measured. These features are then passed to a mathematical algorithm for analysis.” continues Cylance.

“This vulnerability allows the manipulation of a specific type of feature analyzed by the algorithm that in limited circumstances will cause the model to reach an incorrect conclusion.”

BlackBerry Cylance has implemented some changes to the algorithm that should detect feature manipulation. An update has already been pushed to the systems and the company plans to release a new agent to its endpoints over the next days.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Cylance AI-based antivirus engine, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]