The SoS Reviews and Outreach highlights some of the exciting research, news, and events that impact our technical community.

Pub Crawl Archive  

The secure-by-design white paper from the US Cybersecurity and Infrastructure Security Agency (CISA) outlines three fundamental principles for software manufacturers: accept responsibility for customer security outcomes, embrace radical transpare

Cybersecurity advisories issued by the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) indicate that a specific threat warrants the immediate attention of organizations in the line of fire.

The Science of Security 5 Hard ProblemsThe Principal Investigators (PIs) of the Science of Security Lablets in collaboration with NSA Research, developed the 5 Hard Problems as a measure to establish the beginnings of a common language and gau

Unknown threat actors have published a fake proof-of-concept (PoC) exploit for CVE-2023-4047, a recently patched Remote Code Execution (RCE) flaw in WinRAR, in order to spread the VenomRAT malware.

Pizza Hut Australia recently announced that 190,000 customer's data had been accessed.  The information unauthorized entities accessed included customers' names, delivery addresses, email addresses, phone numbers, and order histories.

Selections by dgoff

According to security researchers at Norton, scams involving human manipulation comprised 75% of all desktop threats in the first half of 2023.

According to security researchers at Netacea, the typical business in the US and UK loses over 4% of their online revenue every year due to malicious bot attacks.

T-Mobile customers reported being able to see the account and billing information of others after logging into the company's official mobile app.

A financially motivated threat actor has been identified as an Initial Access Broker (IAB) who sells access to compromised organizations to other adversaries to perform follow-on attacks.