Name	SBA Research Cookie
Provider	SBA Research
Purpose	Saves the settings of the visitors selected in the cookie box.
Cookie name	sba-research-cookie
Cookie runtime	1 year

Name	YouTube
Provider	YouTube
Purpose	Used to unblock YouTube content.
Privacy policy	https://policies.google.com/privacy
Host(s)	google.com
Cookie name	NID
Cookie runtime	6 months

Name	Vimeo
Provider	Vimeo
Purpose	Used to unblock Vimeo content.
Privacy policy	https://vimeo.com/privacy
Host(s)	player.vimeo.com
Cookie name	vuid
Cookie runtime	2 years

SBA Security Advisory – Mediatek Modem – Selection of less-secure algorithm during negotiation ‘algorithm downgrade’ (CVE-2024-20069)

July 31, 2024

Vulnerability Overview In the modem, the client can be forced into accepting a less secure key exchange algorithm during the VoWiFi IKE handshake due to a missing downgrade check on the proposed Diffie-Hellman (DH) group. This could lead to remote information disclosure with no additional execution privileges needed. User interaction… Read More

SBA Security Advisory – Mediatek Modem – Selection of less-secure algorithm during negotiation ‘algorithm downgrade’ (CVE-2024-20069)

SBA Security Advisory – ZTE ZXUN-ePDG – Use of non-unique cryptographic keys under default configuration (CVE-2024-22064)

July 31, 2024

Vulnerability Overview ZTE ZXUN-ePDG product, which serves as the network node of the VoWiFi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection (IKE) with the mobile devices connecting over the internet. If the set of keys are leaked or cracked, the… Read More

SBA Security Advisory – ZTE ZXUN-ePDG – Use of non-unique cryptographic keys under default configuration (CVE-2024-22064)

SBA Security Advisory – Craft CMS – TOTP Token Stays Valid After Use (CVE-2024-41800)

July 26, 2024

The Craft CMS from version 5.0.0-beta.1 through 5.2.2 allows reuse of TOTP tokens multiple times within the validity period. ... Read More

SBA Security Advisory – Craft CMS – TOTP Token Stays Valid After Use (CVE-2024-41800)

IEEE Euro S&P 2024: A Resounding Success in Vienna!

July 25, 2024

We are thrilled to announce the successful conclusion of IEEE Euro S&P 2024, held in the city of Vienna! This year’s conference brought together more than 300 leading experts, researchers, and practitioners from 32 countries in the field of cybersecurity, offering an unparalleled platform for knowledge exchange and collaboration. Read More

IEEE Euro S&P 2024: A Resounding Success in Vienna!

Great success for the 1st sec4dev Dialogues!

July 15, 2024

We would like to thank all participants, sponsors, and speakers for their active participation and exchange at this year's sec4dev Dialogues! Under the motto "Security for Software Developers" there were six exciting talks on: Read More

SBA Research Receives Funding as a COMET Center for Next Generation Cybersecurity

July 4, 2024

We are proud to announce that SBA Research will once again be funded as one of six COMET Centers by the Austrian Research Promotion Agency (FFG), starting in 2025. This marks the third funding period since its establishment as a K-Ind (industrial competence center)… Read More

SBA Research Receives Funding as a COMET Center for Next Generation Cybersecurity

SBA @ TMA Conference 2024

July 1, 2024

Philipp Frenzel, Gabriel Gegenhuber, Florian Holzbauer, Markus Maier and Jakob Rosenblattl – all researchers from the ERIS research group – attended this year`s TMA PhD School and Conference in Dresden. Read More

group of 5 men in a huge yellow hall with pink seats and huge yellow sculptures behind them

Matthias Eckhart at the DCNA Young Scientists Networking Event

June 21, 2024

On June 14, 2024, Matthias Eckhart attended the DCNA Young Scientists Networking Event and pitched his research on “Security-by-Design for Industrial Control Systems (ICSs).” The event was organized by the Disaster Competence Network Austria (DCNA) and hosted by the… Read More

picture of group of people. in the back huge old painting on the wall

Out now: Two heise articles on LLM

June 20, 2024

Alexander Schatten, senior researcher at SBA Research and Marco Reiser published an interesting article on "What programming at prompt level leads to". Where can AI systems really help programmers and is the approach taken here really new? This article takes a look at their role. ... Read More

SBA Security Advisory – Paradox IP150 Internet Module – Cross-Site Request Forgery (CVE-2024-5676)

June 19, 2024

The Paradox IP150 Internet Module in version 1.40.00 is vulnerable to Cross-Site Request Forgery (CSRF) attacks due to a lack of countermeasures and the use of the HTTP method GET to introduce changes in the system. Read More

SBA Research is a research center for Information Security
funded partly by the national initiative for COMET Competence Centers for Excellent Technologies.

News