SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies.
The Easy FancyBox WordPress Plugin Version 1.8.17 is susceptible to Stored cross-site Scripting in the Settings > Media admin page due to improper encoding of arbitrarily submitted setting parameters. The vulnerability affects every publicly accessible page of the WordPress site. Full security advisory: https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190911-01_Easy_FancyBox_WP_Plugin_Stored_XSS… Read More
Philipp Reisinger gives a talk on the mitigation of cyber security risks in a connected world at the “logical thinkers club” on September 25, 2019. Logical Thinkers Club… Read More
20 hand picked computer science students joined the “Ethical Hacking-Boot-camp” hosted by the St. Pölten University of Applied Sciences from September 4-6, 2019. The workshop was organized by the IT Security Hub Austria, SBA Research and the St. Pölten University of Applied Sciences, represented among others by Mr. FH-Prof. Univ.-Doz. Read More
As an educational outreach event organized by TU Wien, Princeton University, and SBA Research, the 1st International Summer School on Security & Privacy for Blockchains and Distributed Ledger Technologies took place between September 2-5, 2019. Held in Vienna, Austria in its first year, it was organized as a mix of… Read More
This year´s ARES & CD-MAKE conference took place at the University of Kent in Canterbury, UK from August 26-29, 2019. On campus accommodation provided a great possibility for 230 participants from 33 countries to discuss the various aspects of security from early morning until late evening. For the third year… Read More
Prof. Ilias S. Kotsireas (https://www.wlu.ca/academics/faculties/faculty-of-science/faculty-profiles/ilias-s-kotsireas/index.html) from Wilfrid Laurier University in Waterloo, Canada, visited MatRIS research group for exploration of new scientific ideas in the field of applied combinatorial mathematics, strengthening the collaboration which recently resulted in the joint publication of a paper to the 8th International Conference on Algebraic… Read More
1,300 gigabytes of data were stolen from the ÖVP server. SBA Research as one of three Experts explain how the attack took place and how you can protect yourself. But keep in mind: “There are technical ways to minimize the scale of such attacks, but there is no one hundred… Read More
Ping Identity Agentless Integration Kit before 1.5 is susceptible to Reflected Cross-site Scripting at the /as/authorization.oauth2 endpoint due to improper encoding of an arbitrarily submitted HTTP GET parameter name. Full security advisory: https://github.com/sbaresearch/advisories/tree/public/2019/SBA-ADV-20190305-01_Ping_Identity_Agentless_Integration_Kit_Reflected_XSS… Read More
Ludwig Kampel joined the International IFIP Cross Domain Conference for Machine Learning & Knowledge Extraction (CD-MAKE) 2019, a conference aiming to bridge and connect the domains of data fusion, preprocessing, mapping, knowledge representation as well as data protection, safety ans security amongst others. On the third day of the… Read More