A new campaign leveraging password cracking software to seize control of Programmable Logic Controllers (PLCs) and co-opt the machines to a botnet is targeting industrial engineers and operators. According to Dragos security researcher Sam Hanson, the…

A team of security researchers from Paluno, the Ruhr Institute for Software Technology at the University of Duisburg-Essen (UDE), has developed a new technique that allows fuzz testing of protected memory areas in modern processors for the first time.…

The Citizen Lab is an interdisciplinary research initiative focusing on information and communication technologies and human rights at the University of Toronto.  Citizen Lab has claimed that Pegasus spyware is being used against Thailand's pro-…

  Hot Topics in the Science of Security (HotSoS) 2022

FBI recently stated in an alert that fraudulent cryptocurrency investment apps bilked at least 244 victims out of nearly $43 million.  The fraudulent apps identified in the alert posed as legitimate banking institutions, inviting investors to…

The Tor Project recently updated its flagship anonymizing browser to make it easier for users to evade government attempts to block its use in various regions.  According to the US-based non-profit that manages the open source software, Tor Browser…

Researchers at Columbia Engineering, working with Arm, a semiconductor IP and software design company, has revealed key verification technologies for the Arm Confidential Compute Architecture (Arm CCA), a new feature of the Armv9-A architecture. Their…

Security researchers at AT&T discovered that the average person happens upon a suspicious online site or social media account 6.5 times a day.  The researchers surveyed 2000 general population Americans.  The researchers found that 54% of…

It is simple to counterfeit the metadata that developers look at when determining whether to use an open-source project on GitHub, giving attackers a chance to deceive users into downloading malicious code. The researchers at Checkmarx caution in a new…

Google has removed eight apps from its Google Play store that were spreading a new variant of the Joker spyware. However, the malicious apps had already been downloaded over 3 million downloads. Maxime Ingrao of the cybersecurity firm Evina discovered…

As part of an attack intended to exfiltrate data by downloading and running additional payloads, a web shell was dropped on the servers of VoIP phones running Digium's software. According to a report released by Palo Alto Networks Unit 42, the malware…

Guofei Gu, a professor in Texas A&M University's Department of Computer Science and Engineering, is the principal investigator of a research team that has received a $1 million grant from the National Science Foundation's (NSF) Resilient and…