Researchers at the Georgia Institute of Technology demonstrated an attack on two different types of low-end Android phones, a ZTE Zfive and an Alcatel Ideal. These attacks showed that one of the measures put in place to secure data on a low-end phone…

Facebook has open-sourced Mariana Trench, a tool that has been used to find potentially dangerous security and privacy flaws in the company's Android and Java applications. The tool has already been trained by Facebook's security and software engineers.…

According to the 2021 Cybersecurity Statistics report from Purplesec, nearly 100 percent of cyberattacks have relied on the performance of social engineering to manipulate employees within an organization to hand over passwords and other sensitive…

Dr. Josiah Dykstra, host of NSA’s Cybersecurity Speaker Series, speaks with Randy Resnick, the NSA Zero Trust Strategic Lead about the principles of the Zero Trust cybersecurity model for securing enterprise networks. For more on cybersecurity at NSA,…

Canadian vaccine passport app PORTpass may have exposed personal information belonging to hundreds of thousands of users.   According to a report by CBC News, the app's operators left data, including names, identification documents, and email…

New research from the University of Birmingham and the University of Surrey has found that many iPhone users are vulnerable to payment fraud due to Apple Pay and Visa vulnerabilities.  The researchers stated that they could bypass an iPhone’s Apple…

​Pub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers.

Evidence suggests that the new "GriftHorse" Android Trojan has stolen millions of dollars from more than 10 million victims globally. According to Zimperium zLabs, the new malware has been embedded in nearly 200 malicious applications, which have been…

Researchers at Palo Alto Networks have discovered that the vast majority of third-party code used in cloud infrastructure contains vulnerabilities and misconfigurations, which could leave organizations exposed to attack.  The researchers found that…

SoS Musings #53 - True Randomness Boosts Security  

Cyber Scene #60 - From All Foreign and Domestic Cyber Enemies and Their Minions  

Cybersecurity Snapshots #22 - BlackMatter: The DarkSide Ransomware Group Rebranded?