Name	SBA Research Cookie
Provider	SBA Research
Purpose	Saves the settings of the visitors selected in the cookie box.
Cookie name	sba-research-cookie
Cookie runtime	1 year

Name	YouTube
Provider	YouTube
Purpose	Used to unblock YouTube content.
Privacy policy	https://policies.google.com/privacy
Host(s)	google.com
Cookie name	NID
Cookie runtime	6 months

Name	Vimeo
Provider	Vimeo
Purpose	Used to unblock Vimeo content.
Privacy policy	https://vimeo.com/privacy
Host(s)	player.vimeo.com
Cookie name	vuid
Cookie runtime	2 years

Sebastian Schrittwieser @ RIOT Summit 2024

September 17, 2024

At the beginning of September, Sebastian Schrittwieser, key researcher at SBA Research, gave this year's keynote on Firmware Forensics: Semantic Functionality Identification Through Symbolic Execution and Program Simulation. Read More

Mathias Tausig @ Vienna DevOps and Security Meetup

September 11, 2024

Mathias Tausig is information security consultant at SBA Research and gave an interesting talk on The monster in your basement: Security risks of CI/CD systems. Read More

ARES 2024 Recap: Where Availability, Reliability, and Security Converged in the City of Vienna

September 9, 2024

The 19th International Conference on Availability, Reliability, and Security (ARES 2024) took center stage in Vienna from July 30 to August 2, 2024, offering a platform for experts and enthusiasts to explore the latest developments in the field. Co-located with ARES 2024 was the International Workshop on Dynamics of Disasters:… Read More

Reinhard Kugler @WeAreDevelopers 2024

August 31, 2024

This year’s WeAreDevelopers Congress 2024, held in Berlin from July 17th to 19th with intriguing sessions covering the latest trends and advancements across the industry. Reinhard Kugler, lead of the MARC team, contributed to the congress with his standout presentations titled “A Hitchhiker’s Guide to Container… Read More

International Workshop on Dynamics of Disasters: Hybrid Threats (DoD 2024) – A Recap

August 16, 2024

The International Workshop on Dynamics of Disasters: Hybrid Threats (DoD 2024) took place from July 30 to August 1, 2024, in Vienna, Austria, alongside the 19th International Conference on Availability, Reliability, and Security (ARES 2024). Hosted by the University of Vienna’s Faculty of Computer Science, this event brought together leading… Read More

International Workshop on Dynamics of Disasters: Hybrid Threats (DoD 2024) – A Recap

Reinhard Kugler @Troopers 2024

August 13, 2024

The annual international IT security event, Troopers 2024, recently marked its 15th anniversary in the historic city of Heidelberg. This milestone event took place from the 24th until the 28th of June, bringing together security experts, researchers, and enthusiasts from around the globe to share cutting-edge developments in the field… Read More

Austrian Security Researchers Uncover Multiple Critical Vulnerabilities in VoWiFi – Affecting Austrian Mobile Operator!

July 31, 2024

Significant global security vulnerabilities and the possibility of eavesdropping in Voice over WiFi (VoWiFi) – one of the prevailing communication protocols in the mobile sector – have been exposed by security researchers from SBA Research, the University of Vienna, and the CISPA Helmholtz Center for Information Security in Saarbrücken. VoWiFi… Read More

SBA Security Advisory – Mediatek Modem – Selection of less-secure algorithm during negotiation ‘algorithm downgrade’ (CVE-2024-20069)

July 31, 2024

Vulnerability Overview In the modem, the client can be forced into accepting a less secure key exchange algorithm during the VoWiFi IKE handshake due to a missing downgrade check on the proposed Diffie-Hellman (DH) group. This could lead to remote information disclosure with no additional execution privileges needed. User interaction… Read More

SBA Security Advisory – ZTE ZXUN-ePDG – Use of non-unique cryptographic keys under default configuration (CVE-2024-22064)

July 31, 2024

Vulnerability Overview ZTE ZXUN-ePDG product, which serves as the network node of the VoWiFi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connection (IKE) with the mobile devices connecting over the internet. If the set of keys are leaked or cracked, the… Read More

SBA Security Advisory – Craft CMS – TOTP Token Stays Valid After Use (CVE-2024-41800)

July 26, 2024

The Craft CMS from version 5.0.0-beta.1 through 5.2.2 allows reuse of TOTP tokens multiple times within the validity period. ... Read More

SBA Research is a research center for Information Security
funded partly by the national initiative for COMET Competence Centers for Excellent Technologies.

Upcoming Events:

Recent News:

Sebastian Schrittwieser @ RIOT Summit 2024

Mathias Tausig @ Vienna DevOps and Security Meetup

ARES 2024 Recap: Where Availability, Reliability, and Security Converged in the City of Vienna

Reinhard Kugler @WeAreDevelopers 2024

International Workshop on Dynamics of Disasters: Hybrid Threats (DoD 2024) – A Recap

Reinhard Kugler @Troopers 2024

Austrian Security Researchers Uncover Multiple Critical Vulnerabilities in VoWiFi – Affecting Austrian Mobile Operator!

SBA Security Advisory – Mediatek Modem – Selection of less-secure algorithm during negotiation ‘algorithm downgrade’ (CVE-2024-20069)

SBA Security Advisory – ZTE ZXUN-ePDG – Use of non-unique cryptographic keys under default configuration (CVE-2024-22064)

SBA Security Advisory – Craft CMS – TOTP Token Stays Valid After Use (CVE-2024-41800)

SBA Newsletter

Upcoming events @ SBA

SBA Research at a glance

Highlights of the past years:

Privacy settings

SBA Research is a research center for Information Security funded partly by the national initiative for COMET Competence Centers for Excellent Technologies.

Upcoming Events:

Recent News:

SBA Newsletter

Highlights of the past years:

SBA Research is a research center for Information Security
funded partly by the national initiative for COMET Competence Centers for Excellent Technologies.