News
-
"Over 300,000 Internet-Exposed Databases Identified in 2021"Group-IB discovered over 91,000 publicly-exposed databases in the first quarter of 2022, which is significantly more than that of 2021. In 2021, the cybersecurity firm identified a total of 308,000 exposed databases, with over 165,000 discovered in the…
-
Pub Crawl #61Pub Crawl summarizes, by hard problems, sets of publications that have been peer reviewed and presented at SoS conferences or referenced in current work. The topics are chosen for their usefulness for current researchers.
-
"North Korean Hackers Targeting Journalists with Novel Malware"Ricochet Chollima is a North Korean state-sponsored hacking group, also known as APT37, that has been targeting journalists covering the country. The group has been delivering a novel malware strain called Goldbackdoor to journalists through phishing…
-
"Report: Four Cybercrime Statistics To Watch"The security platform Atlas VP recently released a report highlighting different types of cybercrime that intensified over the past year. Romance scams made a bigger impact than ever before as they cost Americans nearly $350 million in 2021. This type of…
-
SoS Musings #60 - Nature-Inspired Cybersecurity EnhancementsSoS Musings #60 - Nature-Inspired Cybersecurity Enhancements
-
Spotlight on Lablet Research #29 - Analytics for Cyber-Physical Systems Cybersecurity (archived)Spotlight on Lablet Research #29 - Analytics for Cyber-Physical Systems Cybersecurity
-
Cybersecurity Snapshots #29 - The LAPSUS$ Hacking GroupCybersecurity Snapshots #29 - The LAPSUS$ Hacking Group
-
"Firms Push for CVE-Like Cloud Bug System"Security firms are pushing for improved cloud vulnerability and risk management. Significant gaps exist in the Common Vulnerability and Exposures (CVE) system as dangerous flaws contained by cloud services are not addressed. Oftentimes, cloud providers…
-
"Researchers Takeover Unpatched 3rd-Party Antivirus Sandboxes via VirusTotal"Security researchers at CySource discovered a security flaw that attackers could have exploited to use the VirusTotal platform as a channel for achieving Remote Code Execution (RCE) on unpatched third-party sandboxing machines used by antivirus engines.…
-
"41% of Businesses Had an API Security Incident Last Year"Web Application Program Interfaces (APIs) have grown as integrated web and mobile-based offerings require more data sharing across products. Security challenges such as broken authentication, accidental disclosure, or the breach of data come with the…
-
"These Hackers Showed Just How Easy It Is to Target Critical Infrastructure"Two Dutch researchers won $90,000 and a championship trophy at Pwn2Own Miami 2022, a hacking contest focused on Industrial Control Systems (ICS), by hitting the software that runs the world's power grids, gas pipelines, and more. Daan Keuper and Thijs…