"The international conference on Internet of Things: Systems, Management, and Security (IoTSMS) aims at soliciting original ideas on the broad area of IoT, including challenges and opportunities, concepts and applications, and future trends. The IoTSMS aims to facilitate discussions among academics and IoT practitioners and make positive contributions to the field."
"This conference gives engineers and scientists from both industry and academia a platform to present their ongoing work, relate their research outcomes and experiences, and discuss the best and most efficient techniques for the development of reliable, secure, and trustworthy systems."
"Euro S&P has traditionally focused on technical aspects of computer security and privacy research. We consider the scope of the symposium to include economic, ethical, legal, and social aspects and interdependencies of computer security and privacy. We especially encourage submissions that address global aspects of computer security and privacy, including issues particular to parts of the world and communities that are often neglected."
According to Elshan Kashefi, UK's National Quantum Computing Centre Chief Scientist, banks should be concerned about quantum security. Kashefi warned of the immense threat quantum computers pose before they are even fully functional. Today, cybercriminals are stealing encrypted data in bulk to decrypt it with a quantum device in the future. These Harvest Now, Decrypt Later (HNDL) attacks put today's sensitive information at risk of theft. Due to their large and varied data, financial institutions are prime targets for these attacks.
Over 1,000 "Godfather" mobile banking Trojan samples are circulating in dozens of countries, targeting hundreds of banking apps. Godfather, which can record screens and keystrokes, intercept Two-Factor Authentication (2FA) calls and texts, initiate bank transfers, and more, was discovered in 2022. It has become one of the most popular Malware-as-a-Service (MaaS) offerings in cybercrime. According to Zimperium's 2023 "Mobile Banking Heists Report," Godfather targeted 237 banking apps in 57 countries as of late 2023.
The Los Angeles County Department of Health Services recently disclosed a data breach after thousands of patients' personal and health information was exposed in a data breach resulting from a recent phishing attack impacting over two dozen employees. This integrated health system operates the public hospitals and clinics in L.A. County (the most populous county in the United States) and is the second largest public health care system in the country after NYC Health + Hospitals.
Healthcare service provider Kaiser Permanente recently disclosed a data security incident that may impact 13.4 million people in the United States. Kaiser Permanente is an integrated managed care consortium and one of the largest nonprofit health plans in the U.S. It operates 40 hospitals and 618 medical facilities in California, Colorado, the District of Columbia, Georgia, Hawaii, Maryland, Oregon, Virginia, and Washington.
According to the Shadowserver Foundation, over 1,400 CrushFTP Managed File Transfer (MFT) software instances are vulnerable to a zero-day. The Server-Side Template Injection (SSTI) bug, tracked as CVE-2024-4040 with a CVSS score of 9.8, enables remote attackers to escape the Virtual File System (VFS) sandbox, gain administrative privileges, and execute arbitrary code. This article continues to discuss the vulnerability of more than 1,400 CrushFTP servers to an actively exploited zero-day for which Proof-of-Concept (PoC) code has been published.
Several Brocade SANnav Storage Area Network (SAN) management application flaws could compromise vulnerable appliances. Pierre Barre, an independent security researcher, found and reported 18 flaws in all versions up to 2.3.0. Due to incorrect firewall rules, insecure root access, Docker misconfigurations, and lack of authentication and encryption, an attacker can intercept credentials, overwrite arbitrary files, and breach the device. This article continues to discuss the potential exploitation and impact of the Brocade SANnav SAN security vulnerabilities.
A new campaign called "Dev Popper" is using fake job interviews to trick software developers into installing a Python Remote Access Trojan (RAT). To make the interview seem legitimate, developers are asked to download and run code from GitHub.