Researchers from the Singapore University of Technology and Design (SUTD) released public exploit code and a proof of concept (POC) tool to test Bluetooth devices for a set of 16 System-on-a-Chip (SoC) flaws known as BrakTooth. The researchers discovered…

Attackers are using the electronic agreement management company DocuSign to distribute malicious phishing links. The phishing attack involves a malicious actor registering an account with DocuSign or compromising another user's account. From there,…

Cisco Talos is warning US companies about a new variant of the Babuk ransomware. The malicious campaign deploying the new variant was discovered in mid-October but is suspected to have been active since July 2021. According to researchers, the initial…

​Pub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers.

The United States House of Representatives has passed two bills to strengthen the cybersecurity of small businesses.  The Small Business Development Center Cyber Training Act of 2021 attracted strong support among House members of all political…

The Time is Now: Advancing Equity in Science and Technology Ideation Challenge, is open for submissions until November 19, 2021. https://www.challenge.gov/?challenge=ostp-time-is-now Science and technology must include and benefit all of America.…

Researchers at Avanan have discovered a new cyberattack that spoofs  Amazon to steal victims' financial credentials.  The digital deception combines brand impersonation with social engineering.  The researchers first saw this scam in…

The US Department of Defense (DoD) has scaled back the Cybersecurity Maturity Model Certification Model (CMMC) program it rolled out in 2020 to verify the cybersecurity of DoD suppliers. The implementation of the program has been stopped until the…

The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) issued a Binding Operational Directive (BOD), giving federal civilian agencies six months to patch nearly 300 vulnerabilities known to have been exploited in…

A ransomware attack on a laboratory based in Florida has exposed the personal health information (PHI) of more than 30,000 patients.  Nationwide Laboratory Services, which is based in Boca Raton, identified suspicious activity on its network on May…

A recent report from vpnMentor revealed the exposure of personally identifiable information (PII) belonging to thousands of medical school students in the US due to an unprotected Amazon S3 bucket. The server was found to lack security restrictions, thus…

Investors in the new cryptocurrency SQUID tokens have fallen for what cryptocurrency watchers call a classic “rug-pull” scam.  When SQUID tokens were first released last week, they were valued at  $0.01.  On November 1st, the price started…