Group-IB and the United Nations International Computing Centre (UNICC) took down a massive spam campaign involving 134 fraudulent websites. The fake websites were discovered impersonating the World Health Organization (WHO) on World Health Day,…

Researchers from Snyk conducted a new survey and discovered that over half of organizations had suffered a security incident due to misconfiguration or a known vulnerability in their cloud native applications.  The adoption of cloud native…

A new information stealer called Panda Stealer is going after cryptocurrency wallets and credentials for applications including NordVPN, Telegram, Discord, and Steam.  Panda Stealer uses spam emails and the same hard-to-detect fileless distribution…

A patch has been released for a critical vulnerability in PHP Composer, a tool used for the management and installment of software dependencies in the PHP ecosystem. According to the security researchers at SonarSource, who discovered the flaw, it could…

  Hot Topics in the Science of Security (HotSoS) 2021  

Cybersecurity researchers and software security analysts face several challenges in the disclosure process for software vulnerabilities. They are faced with an ethics versus efficacy dilemma in the realm of security bug reporting and sharing. Publicly…

In collaboration with researchers at the IMDEA Software Institute and the Purdue University, the security and privacy research unit at TU Wien analyzed problems associated with Bitcoin transactions such as possible fraud, users' discovery of each other's…

Scientists at the Daegu Gyeongbuk Institute of Science and Technology (DGIST) in Korea have developed algorithms to more efficiently measure how difficult it would be for an attacker to guess cryptographic systems' secret keys. Their approach could make…

Pulse Secure has patched a critical zero-day vulnerability that multiple APT groups were exploiting to target US defense companies, among other entities.  The new security update fixes CVE-2021-22893, a critical authentication bypass vulnerability…

Researchers from Ponemon Institute and third-party remote access provider SecureLink conducted a new study and published their findings in a report titled “A Crisis in Third-party Remote Access Security." The researchers stated that organizations expose…

Since the discovery of the original Spectre vulnerability, computer scientists from industry and academia have developed software patches and hardware defenses to protect the most vulnerable points in the speculative execution process without sacrificing…

A research team at Northeastern University finds code defects and some vulnerabilities by detecting inconsistent programming in which programmers use different code snippets to implement the same functions. The researchers used Machine Learning (ML) to…