Ryan Hilger, Colorado State University, and Senior Non-Resident Fellow, Cyber Statecraft Initiative, Atlantic Council 
Steve Simske, Professor, Colorado State University
George Kesidis, David J. Miller, and Jayaram Raghuram
Anomalee Inc., State College, PA & Penn State University, University Park, PA
Sayan Mitra, Coordinated Science Laboratory Department of Electrical and Computer Engineering , University of Illinois, Urbana-Champaign
Ufuk Topcu, The University of Texas at Austin
Michael G. Yankoski, William & Mary and Colby College (Affiliate)
Trenton W. Ford, William & Mary
According to security researchers at Patchstack, a vulnerability in the popular LiteSpeed Cache plugin for WordPress could allow attackers to retrieve user cookies and potentially take over websites. The issue, tracked as CVE-2024-44000, exists because the plugin may include the HTTP response header for set-cookie in the debug log file after a login request. The researchers noted that because the debug log file is publicly accessible, an unauthenticated attacker could access the information exposed in the file and extract any user cookies stored in it.
According to security researchers at LexisNexis Risk Solutions, as many as one in four password reset attempts from desktop browsers are fraud. The researchers found that there are 70,000 password reset attacks in the UK every week, with fraudsters aiming to take over individuals’ online accounts. This includes changing users’ passwords and phone numbers and locking them out of services. These “detail change” attacks rose by 232% in 2023. Criminal hackers then use the personal information from accounts for further fraud.
"The International Conference on Engineering Digital Twins (EDTconf) aims to bring together researchers and practitioners on digital twins, from both academia and industry to shape the future of systematically designing, developing, evolving, maintaining, and validating digital twins."
Topics of interest include, but are not limited to security.
"The ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) is the leading research symposium on software testing and analysis, bringing together academics, industrial researchers, and practitioners to exchange new ideas, problems, and experience on how to analyze and test software systems."
Topics of interest include, but are not limited to security.
Hackers have stolen over $27 million in cryptocurrency from the Penpie Decentralized Finance (DeFi) protocol. Due to the theft, Penpie has shut down withdrawals and deposits. Penpie filed a complaint with the Federal Bureau of Investigation's (FBI) Internet Crime Complaint Center (IC3) and messaged the hacker, promising a negotiated bounty payment for the safe return of funds. The attack happened the same day the FBI warned cryptocurrency companies of attacks launched by hackers in North Korea. This article continues to discuss the $27 million cryptocurrency theft.