Education and Academia


  • Bluetooth LE devices impacted by SweynTooth vulnerabilities

    February 15, 2020

    A team of academics from Singapore has published this week a research paper detailing a collection of vulnerabilities named SweynTooth that impact devices running the Bluetooth Low Energy (BLE) protocol. More specifically, the SweynTooth vulnerabilities impact the software development kits (SDKs) responsible for supporting BLE communications. Read more… Source: ZDNet  

  • Researchers Use Smart Light Bulbs to Infiltrate Networks

    February 6, 2020

    Researchers successfully infiltrated networks through a vulnerability in Philips Hue light bulbs. The CVE-2020-6007 vulnerability, which involves the ZigBee communication protocol, can be abused to remotely install malicious firmware in smart light bulbs and spread malware to other internet-of-things (IoT) devices. To make the discovery, Check Point researchers built on earlier studies that showed how to control smart light bulbs. The new finding focused ...

  • Ransomware Hits Maastricht University, All Systems Taken Down

    December 27, 2019

    Maastricht University (UM) announced that almost all of its Windows systems have been encrypted by ransomware following a cyber-attack that took place on Monday, December 23. UM is a university from the Netherlands with over 18,000 students, 4,400 employees, and 70,000 alumni, UM being placed in the top 500 universities in the world by five ranking tables in the last two ...

  • New Plundervolt attack impacts Intel CPUs

    December 10, 2019

    Academics from three universities across Europe have disclosed today a new attack that impacts the integrity of data stored inside Intel SGX, a highly-secured area of Intel CPUs. The attack, which researchers have named Plundervolt, exploits the interface through which an operating system can control an Intel processor’s voltage and frequency — the same interface that allows ...

  • Alexa, Siri, Google Smart Speakers Hacked Via Laser Beam

    November 4, 2019

    Researchers have discovered a new way to hack Alexa and Siri smart speakers merely by using a laser light beam. No physical access of the victims’ device, or owner interaction, is needed to launch the hack, which allows attackers to send voice assistants inaudible commands such as unlocking doors. The attack, dubbed “light commands,” leverages the ...

  • Equipping the Education Sector With Threat Intelligence to Defend Against Cyberattacks

    October 17, 2019

    When you think about sophisticated cyberattacks, certain targeted industries probably come to mind immediately — government, critical infrastructure, and financial services, to name a few. It’s fair to say that for most people, the education sector isn’t generally first on that list. Despite this, educational institutions (particularly those in higher education) have become an increasingly popular ...

  • Silent Librarian Retools Phishing Emails to Hook Student Credentials

    October 16, 2019

    Silent Librarian is targeting university students in full force with a revamped phishing campaign. The threat group, aiming to steal student login credentials, is using new tricks that bring more credibility to its phishing emails and helping it avoid detection. The threat group (also known as TA407 and Cobalt Dickens), which operates out of Iran, has ...

  • Hack Breaks PDF Encryption, Opens Content to Attackers

    October 2, 2019

    Researchers in Germany have invented a new hack that can allow someone to break the encryption of PDF files and access their content  — or even forge signed PDF files under certain circumstances. A team from Ruhr University Bochum, FH Münster University of Applied Sciences and Hackmanit GmbH developed the attack, called PDFex, that can allow an attacker to view the ...

  • Universities a ‘huge target’ for nation-state attackers, warns NCSC

    September 19, 2019

    Universities are the gatekeepers and creators of highly valuable information, which makes them attractive targets of cyber crime and state-sponsored espionage, so it’s important that these institutions remain cyber secure. Ask key contributors to the economy, skills development and innovation in the UK, universities handle highly sensitive and valuable personal data an intellectual property that outside ...

  • Router Network Isolation Broken By Covert Data Exfiltration

    August 18, 2019

    Software-based network isolation provided by routers is not as efficient as believed, as hackers can smuggle data between the networks for exfiltration. Most modern routers offer the possibility to split the network into multiple segments that work separately. One example is a guest network that works in parallel with the host. The boundary insulates sensitive or critical ...

  • UK gov launches second audit of cyber security labour market

    August 2, 2019

    The UK government has launched a second audit of the country’s cyber security labour market in an effort to assess how companies across the country are handling the employment and training of IT professionals. Organisations across the public and private sector have been chosen at random to contribute to the study, with responses helping to shape ...

  • Popular Samsung, LG Android Phones Open to ‘Spearphone’ Eavesdropping

    July 23, 2019

    A Spearphone attacker can use the accelerometer in LG and Samsung phones to remotely eavesdrop on any audio that’s played on speakerphone, including calls, music and voice assistant responses. A new way to eavesdrop on people’s mobile phone calls has come to light in the form of Spearphone – an attack that makes use of Android ...

  • Lancaster University students’ data stolen by cyber-thieves

    July 23, 2019

    Students’ personal data has been stolen in a “sophisticated and malicious” phishing attack at Lancaster University. Officials said the information had been used to send bogus invoices to applicants. “A very small number” of student records, phone numbers and ID documents were also accessed, it said. The breach has been reported to police and the Information Commissioner’s Office. In ...

  • Cybersecurity staff burnout risks leaving organisations vulnerable to cyberattacks

    June 25, 2019

    Cybersecurity professionals are overworked and stressed out to such an extent that it threatens to provide hackers and cybercriminals with a better chance of conducting cyberattacks against the enterprise. A study by Goldsmiths, University of London and cybersecurity company Symantec surveyed over 3,000 CISOs and senior cybersecurity decision makers across the UK, France and Germany and ...

  • Is it still a good idea to publish proof-of-concept code for zero-days?

    March 18, 2019

    More often than not, the publication of proof-of-concept (PoC) code for a security flaw, especially a zero-day, has led to the quick adoption of a vulnerability by threat actors who usually start attacks within hours or days, and don’t give end-users enough time to patch impacted systems. There has been a debate about this issue, especially ...

  • Theoretical Ransomware Attack Could Lead to Global Damages Says Report

    January 29, 2019

    According to a speculative cyber risk scenario prepared by Cambridge University for risk management purposes, a ransomware strain that would manage to impact more than 600,000 businesses worldwide within 24 hours would potentially lead to damages of billions not covered by insurers. First of all, it is important to understand that although the numbers look very scary, this type of ...

  • Government Should Name And Shame Companies With Poor Cyber Security, Say Academics

    January 22, 2019

    The UK government should name and shame companies whose cyber security measures fail to protect consumers’ data, according to a new report from King’s College London’s Cyber Security Research Group, which promotes research into cyber security, and the Policy Institute, an independent research institution which works to solve societal challenges with evidence. The report, called UK Active ...

  • IDA and CIT champion new ‘Cyber Ireland’ infosec cluster

    December 13, 2018

    Could ambitious endeavour make Ireland the Fort Knox of infosec? IDA Ireland and Cork Institute of Technology (CIT) have joined forces on an initiative to establish Cyber Ireland, a national cybersecurity cluster. Cyber Ireland will provide a collective voice to represent the needs of the cybersecurity sector across the country and will address key challenges including skills needs, ...

  • Rowhammer attacks can now bypass ECC memory protections

    November 22, 2018

    Academics from the Vrije University in Amsterdam, Holland, have published a research paper today describing a new variation of the Rowhammer attack. For readers unfamiliar with the term, Rowhammer is the name of a class of exploits that takes advantage of a hardware design flaw in modern memory cards. By default, a memory card stores temporary data ...

  • New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

    November 3, 2018

    A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled. The vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the list of other dangerous side-channel vulnerabilities ...