Security researchers from the Pen Test Partners have discovered several issues with the software used by exercise equipment maker Peloton, which may have leaked sensitive customer information to unauthenticated users.  The researchers stated that…

The cybercriminals behind the Buer malware loader are using a new variant called RustyBuer. According to researchers with Proofpoint, the variant is rewritten in the Rust programming language to evade detection and increase the effectiveness of the…

Group-IB and the United Nations International Computing Centre (UNICC) took down a massive spam campaign involving 134 fraudulent websites. The fake websites were discovered impersonating the World Health Organization (WHO) on World Health Day,…

Researchers from Snyk conducted a new survey and discovered that over half of organizations had suffered a security incident due to misconfiguration or a known vulnerability in their cloud native applications.  The adoption of cloud native…

A new information stealer called Panda Stealer is going after cryptocurrency wallets and credentials for applications including NordVPN, Telegram, Discord, and Steam.  Panda Stealer uses spam emails and the same hard-to-detect fileless distribution…

A patch has been released for a critical vulnerability in PHP Composer, a tool used for the management and installment of software dependencies in the PHP ecosystem. According to the security researchers at SonarSource, who discovered the flaw, it could…

  Hot Topics in the Science of Security (HotSoS) 2021  

Cybersecurity researchers and software security analysts face several challenges in the disclosure process for software vulnerabilities. They are faced with an ethics versus efficacy dilemma in the realm of security bug reporting and sharing. Publicly…

In collaboration with researchers at the IMDEA Software Institute and the Purdue University, the security and privacy research unit at TU Wien analyzed problems associated with Bitcoin transactions such as possible fraud, users' discovery of each other's…

Scientists at the Daegu Gyeongbuk Institute of Science and Technology (DGIST) in Korea have developed algorithms to more efficiently measure how difficult it would be for an attacker to guess cryptographic systems' secret keys. Their approach could make…

Pulse Secure has patched a critical zero-day vulnerability that multiple APT groups were exploiting to target US defense companies, among other entities.  The new security update fixes CVE-2021-22893, a critical authentication bypass vulnerability…

Researchers from Ponemon Institute and third-party remote access provider SecureLink conducted a new study and published their findings in a report titled “A Crisis in Third-party Remote Access Security." The researchers stated that organizations expose…