AspenPointe, a nonprofit mental health and behavioral health services provider based in Colorado Springs, Colorado, experienced a cyberattack in September 2020 that resulted in the exposure of protected health information (PHI) on more than 295,000…

Meet the HoTSoS 2021 Team: Undergraduate Co-Chairs This year HoTSoS has re-vamped the Program Committee to include several new chair positions. One such inclusion is the "Undergraduate Chair" position for which Divya Amirtharaj (Harvard…

Meet the HoTSoS 2021 Team: Student Presentation Co-Chairs The HoTSoS Program Committee is happy to have a newly created "Student Presentation Chair" position, and even happier to have Julie Haney (NIST) and Hanan Hibshi (CMU) co-serving! About the…

Researchers have recently discovered that the Magecart gang has come up with a new credit-card skimming technique for hijacking PayPal transactions during checkout just in time for the Christmas holiday shopping season. The technique uses postMessage to…

According to Trend Micro researchers, the hacking group dubbed APT32 or OceanLotus appears to be using an updated version of a tool that can infiltrate macOS computers. The malicious software comes as a .zip file that uses a Microsoft Word Icon. It is…

The National Security Agency and Science of Security annouced that "Spectre Attacks: Exploiting Speculative Execution” as the winner of its 8th Annual Best Cybersecurity Research Paper competition.  Originally published at the 2019 IEEE Security…

Cybersecurity researchers from the Ben-Gurion University of the Negev demonstrated an end-to-end attack that can change data on a bioengineer's computer. As this cyberattack could meddle with DNA orders, it could lead to the development of toxins and…

Cybercriminals have targeted victims with phishing emails hoping that many families would be using Zoom to call family and friends over the Thanksgiving weekend.  The major phishing campaign is aimed at stealing Microsoft credentials.  Threat…

A security researcher accidentally discovered a zero-day vulnerability that affects the Windows 7 and Windows Server 2008 R2 operating systems while working on a Windows security tool. The vulnerability stems from two misconfigured registry keys for the…

According to a report from the cloud security provider CDNetworks, the number of Distributed Denial-of-Service (DDoS), web application, and botnet attacks increased significantly in the first half of 2020 compared to that of 2019. The "State of the Web…

WatchGuard predicts that automation will shape cybersecurity attack and defense activities in 2021. According to the global leader in network security and intelligence, manual techniques will be replaced by automation tools to launch spear-phishing…

Researchers at vpnMetro have recently found an unsecured internet-facing database containing over 380 million individual records, including login credentials leveraged to break into 300,000 to 350,000 Spotify accounts. The exposed records were stored on…