Education and Academia


  • Using Botnets to Manipulate Energy Markets for Big Profits

    August 6, 2020

    Researchers are warning that a new class of botnets could be marshaled and used to manipulate energy markets via zombie armies of power-hungry connected devices such as air conditioners, heaters, dryers and digital thermostats. A coordinated attack could cause an energy stock index to predictably go up or down – creating an opportunity for a ...

  • ‘Lamphone’ Hack Uses Lightbulb Vibrations to Eavesdrop on Homes

    June 15, 2020

    Researchers have discovered a novel way to spy on conversations that are happening in houses from almost a hundred feet away. The hack stems simply from a lightbulb hanging in the home. The hack, dubbed “lamphone,” is performed by analyzing the tiny vibrations of a hanging lightbulb, which are caused by nearby sounds. All an attacker ...

  • NCA launches UK ad campaign to divert kids searching for cybercrime tools

    May 29, 2020

    The UK’s National Crime Agency (NCA) has launched a new advertising campaign designed to divert young people searching for cybercrime services to white hat alternatives. As spotted by cybersecurity expert Brian Krebs, using a UK IP address when searching Google for particular terms that can relate to cybercrime, such as Distributed Denial-of-service (DDoS) for hire, booters, stressers, ...

  • Academics demand answers from NHS over potential data timebomb ticking inside new UK contact-tracing app

    April 29, 2020

    A group of nearly 175 UK academics has criticised the NHS’s planned COVID-19 contact-tracing app for a design choice they say could endanger users by creating a centralised store of sensitive health and travel data about them. In the open letter published this afternoon, the 173 scholars called on NHSX, the state-run health service’s app-developing and ...

  • Academics steal data from air-gapped systems using PC fan vibrations

    April 17, 2020

    Academics from an Israeli university have proven the feasibility of using fans installed inside a computer to create controlled vibrations that can be used to steal data from air-gapped systems. The technique, codenamed AiR-ViBeR, is the latest in a long list of wacky data exfiltration techniques devised by Mordechai Guri, the head of R&D at the ...

  • Bluetooth LE devices impacted by SweynTooth vulnerabilities

    February 15, 2020

    A team of academics from Singapore has published this week a research paper detailing a collection of vulnerabilities named SweynTooth that impact devices running the Bluetooth Low Energy (BLE) protocol. More specifically, the SweynTooth vulnerabilities impact the software development kits (SDKs) responsible for supporting BLE communications. Read more… Source: ZDNet  

  • Researchers Use Smart Light Bulbs to Infiltrate Networks

    February 6, 2020

    Researchers successfully infiltrated networks through a vulnerability in Philips Hue light bulbs. The CVE-2020-6007 vulnerability, which involves the ZigBee communication protocol, can be abused to remotely install malicious firmware in smart light bulbs and spread malware to other internet-of-things (IoT) devices. To make the discovery, Check Point researchers built on earlier studies that showed how to control smart light bulbs. The new finding focused ...

  • Ransomware Hits Maastricht University, All Systems Taken Down

    December 27, 2019

    Maastricht University (UM) announced that almost all of its Windows systems have been encrypted by ransomware following a cyber-attack that took place on Monday, December 23. UM is a university from the Netherlands with over 18,000 students, 4,400 employees, and 70,000 alumni, UM being placed in the top 500 universities in the world by five ranking tables in the last two ...

  • New Plundervolt attack impacts Intel CPUs

    December 10, 2019

    Academics from three universities across Europe have disclosed today a new attack that impacts the integrity of data stored inside Intel SGX, a highly-secured area of Intel CPUs. The attack, which researchers have named Plundervolt, exploits the interface through which an operating system can control an Intel processor’s voltage and frequency — the same interface that allows ...

  • Alexa, Siri, Google Smart Speakers Hacked Via Laser Beam

    November 4, 2019

    Researchers have discovered a new way to hack Alexa and Siri smart speakers merely by using a laser light beam. No physical access of the victims’ device, or owner interaction, is needed to launch the hack, which allows attackers to send voice assistants inaudible commands such as unlocking doors. The attack, dubbed “light commands,” leverages the ...

  • Equipping the Education Sector With Threat Intelligence to Defend Against Cyberattacks

    October 17, 2019

    When you think about sophisticated cyberattacks, certain targeted industries probably come to mind immediately — government, critical infrastructure, and financial services, to name a few. It’s fair to say that for most people, the education sector isn’t generally first on that list. Despite this, educational institutions (particularly those in higher education) have become an increasingly popular ...

  • Silent Librarian Retools Phishing Emails to Hook Student Credentials

    October 16, 2019

    Silent Librarian is targeting university students in full force with a revamped phishing campaign. The threat group, aiming to steal student login credentials, is using new tricks that bring more credibility to its phishing emails and helping it avoid detection. The threat group (also known as TA407 and Cobalt Dickens), which operates out of Iran, has ...

  • Hack Breaks PDF Encryption, Opens Content to Attackers

    October 2, 2019

    Researchers in Germany have invented a new hack that can allow someone to break the encryption of PDF files and access their content  — or even forge signed PDF files under certain circumstances. A team from Ruhr University Bochum, FH Münster University of Applied Sciences and Hackmanit GmbH developed the attack, called PDFex, that can allow an attacker to view the ...

  • Universities a ‘huge target’ for nation-state attackers, warns NCSC

    September 19, 2019

    Universities are the gatekeepers and creators of highly valuable information, which makes them attractive targets of cyber crime and state-sponsored espionage, so it’s important that these institutions remain cyber secure. Ask key contributors to the economy, skills development and innovation in the UK, universities handle highly sensitive and valuable personal data an intellectual property that outside ...

  • Router Network Isolation Broken By Covert Data Exfiltration

    August 18, 2019

    Software-based network isolation provided by routers is not as efficient as believed, as hackers can smuggle data between the networks for exfiltration. Most modern routers offer the possibility to split the network into multiple segments that work separately. One example is a guest network that works in parallel with the host. The boundary insulates sensitive or critical ...

  • UK gov launches second audit of cyber security labour market

    August 2, 2019

    The UK government has launched a second audit of the country’s cyber security labour market in an effort to assess how companies across the country are handling the employment and training of IT professionals. Organisations across the public and private sector have been chosen at random to contribute to the study, with responses helping to shape ...

  • Popular Samsung, LG Android Phones Open to ‘Spearphone’ Eavesdropping

    July 23, 2019

    A Spearphone attacker can use the accelerometer in LG and Samsung phones to remotely eavesdrop on any audio that’s played on speakerphone, including calls, music and voice assistant responses. A new way to eavesdrop on people’s mobile phone calls has come to light in the form of Spearphone – an attack that makes use of Android ...

  • Lancaster University students’ data stolen by cyber-thieves

    July 23, 2019

    Students’ personal data has been stolen in a “sophisticated and malicious” phishing attack at Lancaster University. Officials said the information had been used to send bogus invoices to applicants. “A very small number” of student records, phone numbers and ID documents were also accessed, it said. The breach has been reported to police and the Information Commissioner’s Office. In ...

  • Cybersecurity staff burnout risks leaving organisations vulnerable to cyberattacks

    June 25, 2019

    Cybersecurity professionals are overworked and stressed out to such an extent that it threatens to provide hackers and cybercriminals with a better chance of conducting cyberattacks against the enterprise. A study by Goldsmiths, University of London and cybersecurity company Symantec surveyed over 3,000 CISOs and senior cybersecurity decision makers across the UK, France and Germany and ...

  • Is it still a good idea to publish proof-of-concept code for zero-days?

    March 18, 2019

    More often than not, the publication of proof-of-concept (PoC) code for a security flaw, especially a zero-day, has led to the quick adoption of a vulnerability by threat actors who usually start attacks within hours or days, and don’t give end-users enough time to patch impacted systems. There has been a debate about this issue, especially ...