Atlassian has recently released multiple patches to fix a critical security vulnerability in Jira Service Management Server and Data Center.  The flaw (tracked CVE-2023-22501) has a CVSS score of 9.4 and can reportedly be exploited by attackers to…

According to security researchers at PwC, around a quarter of UK business leaders expect cyber threats to significantly increase this year, with a similar number of global firms having already suffered costly breaches in the past.  The researhcers…

A US man could face a maximum jail term of 40 years after being charged with fraudulently obtaining $110m of cryptocurrency from crypto exchange Mango Markets and its customers.  According to the Department of Justice (DoJ), Avraham Eisenberg, 27,…

In the 1990s, when Vern Paxson was a graduate student in the Network Research Group at Lawrence Berkeley National Laboratory (Berkeley Lab), he developed what is now known as Zeek software. He made this software at Berkeley Lab based on his Internet…

There are significant privacy concerns regarding using smartphones with camera-based assistive technology. Visually impaired users who rely on this technology for facial recognition and object identification may expose themselves and others to compromise…

​Pub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers.

Google recently announced an extension to its OSS-Fuzz rewards program, an initiative meant to reward contributors for integrating projects into OSS-Fuzz.  Launched in 2016, OSS-Fuzz is intended to help identify vulnerabilities in open source…

Hewlett Packard Enterprise (HPE) has issued an alert regarding its OneView infrastructure management platform, warning of a use-after-free vulnerability that enables remote attackers to execute arbitrary code on targeted systems, leak data, and more. The…

Researchers at Metabase Q found two security flaws in the open-source image manipulation software ImageMagick that could lead to information exposure or a Denial-of-Service (DoS) condition. ImageMagick is a free, open-source software suite for displaying…

According to a new report by Sophos, scammers were able to get two fraudulent apps onto both Google's Play Store and Apple's App Store, allowing them to persuade users into making fake cryptocurrency investments. Sophos researchers found Ace Pro and…

The cyber insurance company Coalition predicts that in 2023, there will be more than 1,900 new Common Vulnerabilities and Exposures (CVEs) every month, including 270 high-severity and 155 critical-severity vulnerabilities, a 13 percent rise from 2022.…

The Cybernews research team found an unprotected Azure storage blob holding around one million files belonging to Renewal by Andersen, a subsidiary of the international Andersen Corporation, on January 18, 2023. Andersen Corporation is the largest maker…