The US and other NATO-affiliated nations are the focus of another Distributed Denial-of-Service (DDoS) attack vector aimed at the healthcare industry. According to a new security advisory from Radware, the Passion Group, which has ties to Killnet and…

Customers of the GoAnywhere MFT file transfer solution are being warned of a zero-day Remote Code Execution (RCE) vulnerability on exposed administrator consoles. GoAnywhere is a secure web file transfer system that enables organizations to transfer…

MITRE has launched the Cyber Resiliency Engineering Framework (CREF) Navigator, which is a free visualization tool for engineers creating resilient cyber systems. The Navigator helps organizations customize their cyber resiliency goals, objectives, and…

Malvertising attacks are being used to spread highly obfuscated virtualized .NET loaders that drop information-stealing malware. According to threat researchers at SentinelOne's SentinelLabs, the loaders, called MalVirt, are implemented in .NET and use…

OilRig, an Iranian nation-state hacking group, has continued to target Middle Eastern government organizations as part of a cyber espionage campaign involving a novel backdoor to exfiltrate data. According to Trend Micro researchers, the campaign…

F5 has recently warned of a high-severity format string vulnerability in BIG-IP that could allow an authenticated attacker to cause a denial-of-service (DoS) condition and potentially execute arbitrary code.  Tracked as CVE-2023-22374, the security…

Atlassian has recently released multiple patches to fix a critical security vulnerability in Jira Service Management Server and Data Center.  The flaw (tracked CVE-2023-22501) has a CVSS score of 9.4 and can reportedly be exploited by attackers to…

According to security researchers at PwC, around a quarter of UK business leaders expect cyber threats to significantly increase this year, with a similar number of global firms having already suffered costly breaches in the past.  The researhcers…

A US man could face a maximum jail term of 40 years after being charged with fraudulently obtaining $110m of cryptocurrency from crypto exchange Mango Markets and its customers.  According to the Department of Justice (DoJ), Avraham Eisenberg, 27,…

In the 1990s, when Vern Paxson was a graduate student in the Network Research Group at Lawrence Berkeley National Laboratory (Berkeley Lab), he developed what is now known as Zeek software. He made this software at Berkeley Lab based on his Internet…

There are significant privacy concerns regarding using smartphones with camera-based assistive technology. Visually impaired users who rely on this technology for facial recognition and object identification may expose themselves and others to compromise…

​Pub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers.