Education and Academia


  • Silent Librarian Retools Phishing Emails to Hook Student Credentials

    October 16, 2019

    Silent Librarian is targeting university students in full force with a revamped phishing campaign. The threat group, aiming to steal student login credentials, is using new tricks that bring more credibility to its phishing emails and helping it avoid detection. The threat group (also known as TA407 and Cobalt Dickens), which operates out of Iran, has ...

  • Hack Breaks PDF Encryption, Opens Content to Attackers

    October 2, 2019

    Researchers in Germany have invented a new hack that can allow someone to break the encryption of PDF files and access their content  — or even forge signed PDF files under certain circumstances. A team from Ruhr University Bochum, FH Münster University of Applied Sciences and Hackmanit GmbH developed the attack, called PDFex, that can allow an attacker to view the ...

  • Universities a ‘huge target’ for nation-state attackers, warns NCSC

    September 19, 2019

    Universities are the gatekeepers and creators of highly valuable information, which makes them attractive targets of cyber crime and state-sponsored espionage, so it’s important that these institutions remain cyber secure. Ask key contributors to the economy, skills development and innovation in the UK, universities handle highly sensitive and valuable personal data an intellectual property that outside ...

  • Router Network Isolation Broken By Covert Data Exfiltration

    August 18, 2019

    Software-based network isolation provided by routers is not as efficient as believed, as hackers can smuggle data between the networks for exfiltration. Most modern routers offer the possibility to split the network into multiple segments that work separately. One example is a guest network that works in parallel with the host. The boundary insulates sensitive or critical ...

  • UK gov launches second audit of cyber security labour market

    August 2, 2019

    The UK government has launched a second audit of the country’s cyber security labour market in an effort to assess how companies across the country are handling the employment and training of IT professionals. Organisations across the public and private sector have been chosen at random to contribute to the study, with responses helping to shape ...

  • Popular Samsung, LG Android Phones Open to ‘Spearphone’ Eavesdropping

    July 23, 2019

    A Spearphone attacker can use the accelerometer in LG and Samsung phones to remotely eavesdrop on any audio that’s played on speakerphone, including calls, music and voice assistant responses. A new way to eavesdrop on people’s mobile phone calls has come to light in the form of Spearphone – an attack that makes use of Android ...

  • Lancaster University students’ data stolen by cyber-thieves

    July 23, 2019

    Students’ personal data has been stolen in a “sophisticated and malicious” phishing attack at Lancaster University. Officials said the information had been used to send bogus invoices to applicants. “A very small number” of student records, phone numbers and ID documents were also accessed, it said. The breach has been reported to police and the Information Commissioner’s Office. In ...

  • Cybersecurity staff burnout risks leaving organisations vulnerable to cyberattacks

    June 25, 2019

    Cybersecurity professionals are overworked and stressed out to such an extent that it threatens to provide hackers and cybercriminals with a better chance of conducting cyberattacks against the enterprise. A study by Goldsmiths, University of London and cybersecurity company Symantec surveyed over 3,000 CISOs and senior cybersecurity decision makers across the UK, France and Germany and ...

  • Is it still a good idea to publish proof-of-concept code for zero-days?

    March 18, 2019

    More often than not, the publication of proof-of-concept (PoC) code for a security flaw, especially a zero-day, has led to the quick adoption of a vulnerability by threat actors who usually start attacks within hours or days, and don’t give end-users enough time to patch impacted systems. There has been a debate about this issue, especially ...

  • Theoretical Ransomware Attack Could Lead to Global Damages Says Report

    January 29, 2019

    According to a speculative cyber risk scenario prepared by Cambridge University for risk management purposes, a ransomware strain that would manage to impact more than 600,000 businesses worldwide within 24 hours would potentially lead to damages of billions not covered by insurers. First of all, it is important to understand that although the numbers look very scary, this type of ...

  • Government Should Name And Shame Companies With Poor Cyber Security, Say Academics

    January 22, 2019

    The UK government should name and shame companies whose cyber security measures fail to protect consumers’ data, according to a new report from King’s College London’s Cyber Security Research Group, which promotes research into cyber security, and the Policy Institute, an independent research institution which works to solve societal challenges with evidence. The report, called UK Active ...

  • IDA and CIT champion new ‘Cyber Ireland’ infosec cluster

    December 13, 2018

    Could ambitious endeavour make Ireland the Fort Knox of infosec? IDA Ireland and Cork Institute of Technology (CIT) have joined forces on an initiative to establish Cyber Ireland, a national cybersecurity cluster. Cyber Ireland will provide a collective voice to represent the needs of the cybersecurity sector across the country and will address key challenges including skills needs, ...

  • Rowhammer attacks can now bypass ECC memory protections

    November 22, 2018

    Academics from the Vrije University in Amsterdam, Holland, have published a research paper today describing a new variation of the Rowhammer attack. For readers unfamiliar with the term, Rowhammer is the name of a class of exploits that takes advantage of a hardware design flaw in modern memory cards. By default, a memory card stores temporary data ...

  • New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

    November 3, 2018

    A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled. The vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the list of other dangerous side-channel vulnerabilities ...

  • Hungary increases its scientific cooperation with NATO

    October 12, 2018

    Scientists and other experts from NATO and Hungary discussed future projects of cooperation at the NATO Science for Peace and Security (SPS) Programme Information Day held in Budapest on 11 October 2018. ungary is currently leading an SPS project in the area of chemical, biological, radiological and nuclear (CBRN) defence. The multi-year initiative aims to develop ...

  • OilRig APT Continues Its Ongoing Malware Evolution

    September 13, 2018

    The Iran-linked APT appears to be in a state of continuous tool development, analogous to the DevOps efforts seen in the legitimate software world. OilRig, an APT group believed to have ties to Iran, has been spotted in yet another campaign in the Middle East – this time targeting victims within an undisclosed government using an ...

  • Side-Channel Attack Allows Remote Listener to ‘Hear’ On-Screen Images

    August 27, 2018

    A stealthy side-channel tactic for digital surveillance has been uncovered, which allows an attacker to “hear” on-screen images. According to a team of academic researchers from Columbia University, the University of Michigan, University of Pennsylvania and Tel Aviv University, inaudible acoustic noises emanating from within computer screens can be used to detect the content displayed on ...

  • Researchers Disclose New Foreshadow (L1TF) Vulnerabilities Affecting Intel CPUs

    August 14, 2018

    Academics and private sector researchers have revealed details today about three new vulnerabilities affecting Intel CPUs. All three are Spectre-class attacks that take advantage of a CPU design feature named speculative execution —a feature found in all modern CPUs that has the role of improving performance by computing operations in advance and later discarding unneeded data. These flaws target ...

  • Researchers Developed Artificial Intelligence-Powered Stealthy Malware

    August 9, 2018

    Artificial Intelligence (AI) has been seen as a potential solution for automatically detecting and combating malware, and stop cyber attacks before they affect any organization. However, the same technology can also be weaponized by threat actors to power a new generation of malware that can evade even the best cyber-security defenses and infects a computer network ...

  • How to Steal Bitcoin Wallet Keys (Cold Storage) from Air-Gapped PCs

    April 23, 2018

    Dr. Mordechai Guri, the head of R&D team at Israel’s Ben Gurion University, who previously demonstrated various methods to steal data from an air-gapped computer, has now published new research named “BeatCoin.” BeatCoin is not a new hacking technique; instead, it’s an experiment wherein the researcher demonstrates how all previously discovered out-of-band communication methods can be ...