​Pub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers.

Security researchers at SlashNext have discovered that roughly four out of five employees (71%) store sensitive work passwords on their personal phones, and 66% use their personal texting apps for work.  The researchers also found that 95% of…

According to cybersecurity researchers at Wiz, a misconfiguration in Azure Active Directory (AAD) that exposed applications to unauthorized access could have led to a Bing[.]com takeover.  Microsoft's AAD, a cloud-based identity and access…

National accounts receivable management company and debt buyer NCB Management Services has recently started informing roughly 500,000 individuals that their personal information was compromised in a data breach.  The company stated that an…

Security experts at OpenText have warned that websites displaying a padlock in the browser should be treated with caution after revealing a sharp increase in phishing sites using HTTPS.  During the study, researchers analyzed data collected from 95…

The SafeMoon token liquidity pool lost $8.9 million following a hacker's exploitation of a new 'burn' smart contract function that artificially raised the price, allowing the actor to sell SafeMoon at a significantly higher price. Liquidity pools in…

AlienFox, a new toolset enabling threat actors to harvest credentials from Application Programming Interface (API) keys and secrets from popular cloud service providers, is being distributed on Telegram. Alex Delamotte, a security researcher at…

Several cybersecurity companies have warned that the official Windows desktop app for the widely used 3CX softphone solution has been trojanized by malicious actors suspected to be state-sponsored. 3CX is Private Automatic Branch Exchange (PABX) software…

There is a critical bug in IBM's popular Aspera Faspex file transfer stack that enables the execution of arbitrary code. This bug is attracting an increasing number of cybercriminals, including ransomware gangs, as organizations fail to patch it. Rapid7…

Even though over 70 percent of companies claim to have an Insider Risk Management (IRM) program, a new report from Code42 Software found that data loss incidents increased by 32 percent among the same organizations. Based on a survey of 700 cybersecurity…

Google's Threat Analysis Group (TAG) released information regarding two different attack campaigns involving the exploitation of multiple zero-day flaws against Android, iOS, and Chrome. According to researchers, both campaigns were limited and highly…

Security researchers at Salt Security have discovered that attacks targeting application programming interfaces (APIs) have increased by 400% in the last six months.  The researchers also found that 80% of these attacks happened over authenticated…