A patch has been released for a critical vulnerability in PHP Composer, a tool used for the management and installment of software dependencies in the PHP ecosystem. According to the security researchers at SonarSource, who discovered the flaw, it could…

  Hot Topics in the Science of Security (HotSoS) 2021  

Cybersecurity researchers and software security analysts face several challenges in the disclosure process for software vulnerabilities. They are faced with an ethics versus efficacy dilemma in the realm of security bug reporting and sharing. Publicly…

In collaboration with researchers at the IMDEA Software Institute and the Purdue University, the security and privacy research unit at TU Wien analyzed problems associated with Bitcoin transactions such as possible fraud, users' discovery of each other's…

Scientists at the Daegu Gyeongbuk Institute of Science and Technology (DGIST) in Korea have developed algorithms to more efficiently measure how difficult it would be for an attacker to guess cryptographic systems' secret keys. Their approach could make…

Pulse Secure has patched a critical zero-day vulnerability that multiple APT groups were exploiting to target US defense companies, among other entities.  The new security update fixes CVE-2021-22893, a critical authentication bypass vulnerability…

Researchers from Ponemon Institute and third-party remote access provider SecureLink conducted a new study and published their findings in a report titled “A Crisis in Third-party Remote Access Security." The researchers stated that organizations expose…

Since the discovery of the original Spectre vulnerability, computer scientists from industry and academia have developed software patches and hardware defenses to protect the most vulnerable points in the speculative execution process without sacrificing…

A research team at Northeastern University finds code defects and some vulnerabilities by detecting inconsistent programming in which programmers use different code snippets to implement the same functions. The researchers used Machine Learning (ML) to…

Hackers and cybercriminals can do a lot of damage using mobile phone numbers. Using mobile phone numbers, malicious actors could execute SIM swapping attacks, conduct surveillance, and gain access to an individual's online profiles such as Facebook,…

Security researchers from Recorded Future have found that new deepfake products and services are cropping up across the Dark Web.  Cybercriminals are increasingly sharing, developing, and deploying deepfake technologies to bypass biometric security…

Security researchers at vpnMentor have discovered a misconfigured AWS S3 bucket leaking personal information on 70,000 customers of a popular paleolithic lifestyle site.  The researchers found the 290MB trove on February 4 and traced it back to…