Yvonne Poul has successfully completed her MBA studies in “Innovation Management and Entrepreneurship”, conducted by WU Vienna and TU Vienna.

Congratulations!

The IKT-Sicherheitskonferenz hosted by the Austrian Armed Forces has taken place in Alpbach from October 16-17, 2018.

In addition to Wilfried Mayer giving a talk on current development in the TOR network SBA has once more hosted the Young Researchers´ Day.

IKT-Sicherheitskonferenz
Young Researchers´Day

Philipp Reisinger will hold an exciting talk today entitled “Two Worlds and One Reality – Approaching Security and Risk in the Real and the Virtual World” at the Congress Center Alpbach (IKT Security Conference 2018).

Interested people will have the opportunity  to attend the talk/lecture also on November 14, in the context of the “15. Österreichischer Sicherheitstag 2018” in Puch/Salzburg.

Date: 14.11.2018, 12:20

Place: FH Salzburg, Campus Urstein, Puch / Salzburg

Stephanie Jakoubi represented SBA at the 4th blockchain networking meeting hosted by Digital City Wien and Accenture.

CVE -2018-17532: Teltonika RUT9XX Unauthenticated OS Command Injection

Teltonika TUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.

Full Security advisory: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319-01_Teltonika_OS_Command_Injection

CVE-2018-17533: Teltonika RUT9XX Reflected Cross-Site Scripting (XSS)

Teltonika Rut9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.

Full security advisory: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180410-01_Teltonika_Cross_Site_Scripting

CVE-2018-17534: Teltonika RUT9XX Missing Acces Control to UART Root Terminal

Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges.

Full security advisory: https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319-02_Teltonika_Incorrect_Access_Control

Security & Safety: 2 schools of thought – 1 goal?

The (ISC)2 / ISACA Conference hosted in TU Wien´s dome hall on October 11, 2018 counted a total of 170 participants and 9 talks contributing experience and knowledge from different fields.

The agenda addressed the independent yet inseparable function of security and safety aiming to prevent still stand, blackouts and manipulation.  The thematic focus was put on potential future problems as well as their possible solution.

Edgar Weippl gave a keynote on Research Methods and Examples of Research in Distributed Systems Security at the SST 2018 in Osijek, Croatia.

Abstract: Over the past few years an increasing number of descriptive works have helped explain complex phenomena in the area of distributed systems security. These include the efficiency of spam campaigns, the distribution of bots, or the likelihood of users to accept false identities as friends in social networks. Studies in this field are characterized by the necessity of empirical research based on observing, describing and inferring the behaviour of complex systems.

Aljosha Judmayer talked about the latest Security fails and the role of IT-Security in Blockchain at the Blockchain in corporate practice event hosted by the Austrian Innovation Forum.

Martina Lindorfer was selected as the winner of the 2018 Cor Baayen Young Researcher Award. The award committee recognises Martina’s impressive achievements and outstanding quality of her research in the field of systems security, especially the analysis of malicious software and mobile operating system vulnerabilities.

The ceremony takes place on Oct 10 in Goteburg. Edgar Weippl was her supervisor and we are happy that after some time as a PostDoc at UC Santa Barbara she returns to Vienna on a tenure track position.

» Continue reading “Martina Lindorfer is awarded the 2018 Cor Baayen Award.”

Alexei Zamyatin and Dominik Harz (Imperail College London) gave an invited talk entitled „Interoperability with Cryptocurrency-backed Tokens“ at Scaling Bitcoins 2018 in Tokyo.
Slides
Paper