SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies. Within a network of more than 70 companies, 15 Austrian and international universities and research institutions, and many additional international research partners we jointly work on research challenges ranging from organizational to technical security to strengthen Europe’s Cybersecurity capabilities.
ISIS @ TU Wien IAIK @ TU Graz DKE @ Uni Wien NM @ WU Wien FH St. Pölten AIT


Tomasz Miksa chaired the DMP Common Standards WG session at the 12th RDA Plenary in Gaborne

The 12th Plenary of the Research Data Alliance was held 5-8 November 2018 in Gaborone under the theme “The Digital Frontiers of Global Science”. The meeting has gathered scientists, experts and practitioners engaged in the advancement of data-driven science and economy from around the world.

Tomasz Miksa chaired a session of the DMP Common Standards working group. He presented current progress of the group that focused on narrowing scope of the common data model and defining an ecosystem of services and processes that will utilise the common model for machine-actionable data management plans.

The detailed agenda and collaborative notes can be found here.

To follow the activities and learn more about the DMP Commons Standards WG please visit its official web page.

Vulnerability Disclosures made from MaTRIS Group acknowledged at CVE MITRE: CVE 2015-4631, CVE 2015-4632, CVE 2015-4633

Some of the vulnerabilities found in the Koha Library software in the past from the combinatorial security testing team of SBA Research, now part of the MaTRIS group, have been officially acknowledged in the CVE-MITRE database.More details can be found below, below:

CVE-2015-4631 (Multiple cross-site scripting (XSS in Koha library)

Full vulnerability disclosure at CVE-MITRE database:

CVE-2015-4632 (Multiple directory traversal vulnerabilities at Koha library)

Full vulnerability disclosure at CVE-MITRE database:

CVE-2015-4633 (Multiple SQL injection vulnerabilities in Koha library)

Full vulnerability disclosure at CVE-MITRE database:


Yvonne Poul completed MBA studies

Yvonne Poul has successfully completed her MBA studies in “Innovation Management and Entrepreneurship”, conducted by WU Vienna and TU Vienna.


IKT-Sicherheitskonferenz and Young Researchers´ Day 2018

The IKT-Sicherheitskonferenz hosted by the Austrian Armed Forces has taken place in Alpbach from October 16-17, 2018.

In addition to Wilfried Mayer giving a talk on current development in the TOR network SBA has once more hosted the Young Researchers´ Day.


Young Researchers´Day

Philipp Reisinger gives a talk at the IKT Security Conference 2018

Philipp Reisinger will hold an exciting talk today entitled “Two Worlds and One Reality – Approaching Security and Risk in the Real and the Virtual World” at the Congress Center Alpbach (IKT Security Conference 2018).

Interested people will have the opportunity  to attend the talk/lecture also on November 14, in the context of the “15. Österreichischer Sicherheitstag 2018” in Puch/Salzburg.

Date: 14.11.2018, 12:20

Place: FH Salzburg, Campus Urstein, Puch / Salzburg

Impressions of the 4th Blockchain Networking Meeting

Stephanie Jakoubi represented SBA at the 4th blockchain networking meeting hosted by Digital City Wien and Accenture.

Security Advisories: Teltonika RUT9XX OS Command Injection, XSS, Missing Access Control (CVE-2018-17532, CVE-2018-17533, CVE-2018-17534)

CVE -2018-17532: Teltonika RUT9XX Unauthenticated OS Command Injection

Teltonika TUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.

Full Security advisory:

CVE-2018-17533: Teltonika RUT9XX Reflected Cross-Site Scripting (XSS)

Teltonika Rut9XX routers with firmware before are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.

Full security advisory:

CVE-2018-17534: Teltonika RUT9XX Missing Acces Control to UART Root Terminal

Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges.

Full security advisory:

(ISC)2 / ISACA Conference 2018 at TU Wien

Security & Safety: 2 schools of thought – 1 goal?

The (ISC)2 / ISACA Conference hosted in TU Wien´s dome hall on October 11, 2018 counted a total of 170 participants and 9 talks contributing experience and knowledge from different fields.

The agenda addressed the independent yet inseparable function of security and safety aiming to prevent still stand, blackouts and manipulation.  The thematic focus was put on potential future problems as well as their possible solution.

Edgar Weippl holds Keynote at SST

Edgar Weippl gave a keynote on Research Methods and Examples of Research in Distributed Systems Security at the SST 2018 in Osijek, Croatia.

Abstract: Over the past few years an increasing number of descriptive works have helped explain complex phenomena in the area of distributed systems security. These include the efficiency of spam campaigns, the distribution of bots, or the likelihood of users to accept false identities as friends in social networks. Studies in this field are characterized by the necessity of empirical research based on observing, describing and inferring the behaviour of complex systems.


By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.