Name	SBA Research Cookie
Provider	SBA Research
Purpose	Saves the settings of the visitors selected in the cookie box.
Cookie name	sba-research-cookie
Cookie runtime	1 year

Name	YouTube
Provider	YouTube
Purpose	Used to unblock YouTube content.
Privacy policy	https://policies.google.com/privacy
Host(s)	google.com
Cookie name	NID
Cookie runtime	6 months

Name	Vimeo
Provider	Vimeo
Purpose	Used to unblock Vimeo content.
Privacy policy	https://vimeo.com/privacy
Host(s)	player.vimeo.com
Cookie name	vuid
Cookie runtime	2 years

Young Researchers´ Day @ ICT Security Conference 2025 – Recap

July 2, 2025

A group of dedicated young researchers presented their work at the 21st ICT Security Conference on 25 and 26 June 2025, which was organized by the Austrian Armed Forces. They impressed the audience with their… Read More

Young Researchers´ Day @ ICT Security Conference 2025 – Recap

Second edition of sec4dev Dialogues brings insightful content and lively exchange

June 26, 2025

On June 17, SBA Research and its partner Condignum hosted the second edition of the sec4dev Dialogues event series. Security for Software Developers is essential. The current threat landscape and security incidents in recent years make it clear: the topic is more relevant than ever. This… Read More

SBA Security Advisory – Cyberduck and Mountain Duck – Weak Hash Algorithm for Certificate Fingerprint (CVE-2025-41256)

June 25, 2025

Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate's fingerprint is stored as SHA-1, although SHA-1 is considered weak and should be replaced with SHA-256 or SHA-512. ... Read More

SBA Security Advisory – Cyberduck and Mountain Duck – Improper Certificate Store Handling (CVE-2025-41255)

June 25, 2025

Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), unnecessary installing it to the Windows Certificate Store of the current user without any restrictions. This potentially allows attackers to bypass certificate-based authentication or authorization of other programs that trust this certificate store. ... Read More

AI5Production – Test Before Invest Project with Spusu

June 16, 2025

Spusu is an Austrian mobile network operator and operates as a mobile virtual network operator (MVNO) using the Drei network. Spusu offers premium-quality mobile plans at affordable prices. Since 2021, Spusu has also been fulfilling its role as a technology leader by expanding regional… Read More

SBA @ Conference on Excellent research requires the right framework

June 10, 2025

In mid-May, Jeanine Lefèvre, head of Office of Equal Opportunities at SBA Research, attended the important Viennese conference on Excellent research requires the right framework which set the tone for non-discriminatory research. Around 80 experts in science, politics, and gender equality came together to discuss strategies for… Read More

SBA @ Conference on Excellent research requires the right framework

Detection of Null Pointer Dereference in MediaTek VoLTE Stack Firmware with sipgate and ISMK Stralsund

June 6, 2025

Together with sipgate and ISMK Stralsund, Gabriel Gegenhuber, researcher at SBA Research and University of Vienna, and Michael Pucher, researcher at SBA research, discovered and investigated a vulnerability in the Voice of LTE (VoLTE) stack that is broadly used within MediaTek-based smartphones. Read More

SBA Security Advisory – Null pointer dereference in MediaTek Modem (CVE-2025-20647)

June 6, 2025

In the Mediatek modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Read More

SBA @ Security Forum Hagenberg

June 4, 2025

In mid-May, our colleague Reinhard Kugler, applied research consultant at SBA Research, gave a talk on Tracing the Invisible: how to create Observability on Edge Devices with eBPF. His presentation focused on tracing protocols in embedded systems by instrumenting the kernel. He discussed protocols such as SPI, I2C, and… Read More

SBA Security Meetup – Secure Coding with Extra SLSA

May 31, 2025

In Midmay, we invited to our SBA Security Meetup on Secure Coding with Extra SLSA: A Secure & Spicy take, on Software Supply Chains! ... Read More

SBA Research is a research center for Information Security
funded partly by the national initiative for COMET Competence Centers for Excellent Technologies.

News