🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

North Korean actors 🇰🇵 are targeting security researchers again including use of at least one 0-day. IOCs in the blog ⬇️ If you've been in contact, please reach out blog.google/threat-analysi…

I'm looking for a postdoc to work with us on lattice-based cryptography See martinralbrecht.wordpress.com/2023/10/12/pos… and kcl.ac.uk/jobs/076525-re… Closing date: 31 January, 2 year contract in London, salary £42k to £60k. Please help me reach potential candidates.

We conducted a penetration test of the #IdP of WAYF (run by @deic1). Their #IdP acts as an intermediary in the federation ecosystem supporting both #SAML and #OIDC. Find the summary of the weaknesses and the full public penetration test report here: hackmanit.de/en/blog-en/179…

This is a good explainer why you shouldn’t buy a new quantum key-distribution system for Christmas next year. Or ever. bsi.bund.de/SharedDocs/Dow…

Fuzzing is hard, evaluating fuzzing is harder 🔥 For our new IEEE S&P paper, we studied 150 fuzzing evals and found issues such as lackluster documentation, bad experiment setups, or questionable CVEs 📄 Paper mschloegel.me/paper/schloege… 🔧 Help us fix this github.com/fuzz-evaluator…

Template engines are very popular in web applications. A severe threat posing a risk for the application, its data, and its users: Template Injection Vulnerabilities Detect them – manually and automatically: Blog 🌐hackmanit.de/en/blog-en/178… Tool 🛠️ hackmanit.de/en/penetration…

As a PC member, did you ever get a mail from an author pointing you to their “interesting” submission so you can bid on it and review it? At ICSE, such behavior will now result in the paper being rejected without review: icse2025.hotcrp.com

Very happy and honored to see my name on the list, thank you NDSS Symposium x.com/JoeBeOne/statu…

Ross Anderson Professor Ross Anderson, FRS, FREng Dear friend and treasured long term campaigner for privacy and security, Professor of Security Engineering at Cambridge University and Edinburgh University, Lovelace Medal winner, has died suddenly at home in Cambridge.

We found a critical vulnerability in #PuTTY SSH client with NIST P-521 keys, that allows private key recovery from only 60 signatures, CVE-2024-31497! If you use #Putty or #Filezilla with ECDSA P-521, upgrade now and generate a new key! Joint work with @TrueSkrillor, details ⬇️

In May 2024, the Federal Office for Information Security (BSI) hosted the 20th German IT Security Congress. Our colleague Conrad Schmidt and Marcel Maehren (RUB) held a talk on "Combinatorial testing of TLS libraries". ➡️ KoTeBi Talk (German) youtu.be/4lOpB-49VRY?si…

[1/4] If you've ever tried finding timing side channels by actually measuring, you probably know that this can be incredibly frustrating. But it does not have to! While major side-channels are easy to detect, more subtle ones, especially when the measurements are noisy, are not!

The call for presentations of #RuhrSec 2025 is now open! ✅ Bring your expertise to the stage—submit your proposal today! 🎯 👉 ruhrsec.de/2025/cfp.html #cfp #conference #ITSecurityConference #NRW #Bochum #itsecurity #itsicherheit #cybersicherheit

Come join us at the SPIQE workshop in Munich in June! spiqe-workshop.github.io - we are now open for paper submissions and talk proposals on all aspects of secure protocol implementation for the post-quantum era.