SBA Research

💪 𝗪𝗲 𝗻𝗲𝗲𝗱 𝘆𝗼𝘂𝗿 𝗵𝗲𝗹𝗽! The "𝗱𝗶𝗲 𝗜𝗧-𝗧𝗮𝗴" is still looking for 𝗳𝗲𝗺𝗮𝗹𝗲 𝗿𝗼𝗹𝗲 𝗺𝗼𝗱𝗲𝗹𝘀 𝗶𝗻 𝗜𝗧 who would like to inspire and engage with students (ages 10–14) on December 9th! 💡 This initiative is happening for the second time, with 95 schools and 200 classes from all over Austria already registered! 👉 𝗝𝗼𝗶𝗻 𝘂𝘀 in showing them how diverse, creative, and exciting the world of IT can be! https://lnkd.in/g5865JGf Our children, grandchildren, nieces, and godchildren should not only consume technology – they should create, question, and shape it. Let’s help them discover the potential that lies within them! 🧠 𝗟𝗲𝗮𝗿𝗻 𝗺𝗼𝗿𝗲: https://lnkd.in/eHTEuQhR An initiative by SheDigital, made possible by an amazing team: Maria Geir, Marina Kern, Claudia Kanonier, Julia Katovsky, and Stephanie J. – with great support from DigitalCity.Wien, UIV Urban Innovation Vienna, SBA Research, SAP, Octenticity, and many more. #WomenInTech #Inspiration #RoleModels #DigitalEducation #SheDigital #DiversityInTech #NextGeneration #SBAResearch

🔥 𝗖𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗔𝗹𝗲𝗿𝘁: 𝗖𝗵𝗲𝗰𝗸𝗺𝗸 𝗫𝗦𝗦 (𝗖𝗩𝗘-𝟮𝟬𝟮𝟱-𝟯𝟵𝟲𝟲𝟯) A Stored Cross-Site Scripting (XSS) vulnerability affects Checkmk versions before 2.4.0p14 and 2.3.0p39. In distributed setups, any connected remote site could inject malicious JavaScript into the central web interface. 𝗖𝗩𝗦𝗦 𝗕𝗮𝘀𝗲 𝗦𝗰𝗼𝗿𝗲: 9.1 (Critical) 𝗔𝗰𝘁𝗶𝗼𝗻: 1️⃣ Update to 2.4.0p14, 2.3.0p39 or later 2️⃣ Disable “Trust this site completely” for remote sites 𝗙𝘂𝗹𝗹 𝗱𝗲𝘁𝗮𝗶𝗹𝘀: https://lnkd.in/d78PemTu *** ⚠️ 𝗖𝗵𝗲𝗰𝗸𝗺𝗸 𝗔𝗴𝗲𝗻𝘁 𝗣𝗿𝗶𝘃𝗶𝗹𝗲𝗴𝗲 𝗘𝘀𝗰𝗮𝗹𝗮𝘁𝗶𝗼𝗻 (𝗖𝗩𝗘-𝟮𝟬𝟮𝟱-𝟯𝟮𝟵𝟭𝟵) A Privilege Escalation vulnerability in the win_license plugin of Checkmk agents for Windows allows low-privileged users to gain Local System access due to insecure temporary file handling. 𝗖𝗩𝗦𝗦 𝗕𝗮𝘀𝗲 𝗦𝗰𝗼𝗿𝗲: 8.8 (High) 𝗙𝘂𝗹𝗹 𝗱𝗲𝘁𝗮𝗶𝗹𝘀: https://lnkd.in/gBhzkXu8 *** ⚠️ 𝗖𝗵𝗲𝗰𝗸𝗺𝗸 𝗣𝗮𝘁𝗵 𝗧𝗿𝗮𝘃𝗲𝗿𝘀𝗮𝗹 (𝗖𝗩𝗘-𝟮𝟬𝟮𝟱-𝟯𝟵𝟲𝟲𝟰) 𝗙𝘂𝗹𝗹 𝗱𝗲𝘁𝗮𝗶𝗹𝘀: https://lnkd.in/gUf-X2mY *** 🔐 Don’t wait – patch now! CVE Program #CyberSecurity #Checkmk #CVE #VulnerabilityAlert #PatchNow #SBASecurityAdvisory #ProfessionalServices

𝗖𝗮𝗽𝗮𝗰𝗶𝘁𝘆 𝗕𝘂𝗶𝗹𝗱𝗶𝗻𝗴 𝗶𝗻 𝗖𝘆𝗯𝗲𝗿 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆: 𝗘𝗺𝗽𝗼𝘄𝗲𝗿𝗶𝗻𝗴 𝘁𝗵𝗲 𝗙𝘂𝘁𝘂𝗿𝗲 In today's rapidly evolving digital landscape, building capacity in cyber security is more critical than ever. As cyber threats become increasingly sophisticated, so must our defenses. At SBA Research, we're dedicated to empowering individuals and organizations to strengthen their security posture through targeted training and education.    Here’s why capacity building in cyber security is essential:  🌟 𝗘𝗺𝗽𝗼𝘄𝗲𝗿𝗶𝗻𝗴 𝗧𝗮𝗹𝗲𝗻𝘁  By equipping security professionals with the latest skills and knowledge, we ensure they are prepared to tackle emerging threats and challenges. 🔄 𝗦𝘁𝗮𝘆𝗶𝗻𝗴 𝗔𝗵𝗲𝗮𝗱 𝗼𝗳 𝗧𝗵𝗿𝗲𝗮𝘁𝘀  Capacity building helps us stay ahead of e.g. cybercriminals, adapting to new attack vectors and vulnerabilities. 🤝 𝗙𝗼𝘀𝘁𝗲𝗿𝗶𝗻𝗴 𝗖𝗼𝗹𝗹𝗮𝗯𝗼𝗿𝗮𝘁𝗶𝗼𝗻  Capacity building isn't just about individual growth—it's about creating a community of skilled professionals who can collaborate and share knowledge to protect our digital world. 🚀 𝗗𝗿𝗶𝘃𝗶𝗻𝗴 𝗜𝗻𝗻𝗼𝘃𝗮𝘁𝗶𝗼𝗻  With the right training, security experts can innovate and develop cutting-edge solutions that protect our data and systems. Let’s work together to build a more secure future! ⬇ What new skills or knowledge are you excited to learn about? Share in the comments below! ️ 📷: Marcel Lehner

🎓 𝗝𝗼𝗶𝗻 𝗼𝘂𝗿 𝘀𝗲𝗺𝗶𝗻𝗮𝗿 𝗼𝗻 “𝗠𝗮𝗰𝗵𝗶𝗻𝗲 𝗟𝗲𝗮𝗿𝗻𝗶𝗻𝗴 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆, 𝗣𝗿𝗶𝘃𝗮𝗰𝘆 & 𝗟𝗲𝗴𝗮𝗹 𝗔𝘀𝗽𝗲𝗰𝘁𝘀” Together with Research Institute AG & Co KG, we invite you to join our colleagues Tanja Šarčević and Anastasia Pustozerova on November 24, 2025, for a half-day session on “Machine Learning Security, Privacy & Legal Aspects.”

✨𝗦𝗕𝗔 𝗥𝗲𝘀𝗲𝗮𝗿𝗰𝗵 𝗷𝗼𝗶𝗻𝘀 𝘁𝗵𝗲 𝗟𝗶𝗻𝘂𝘅 𝗙𝗼𝘂𝗻𝗱𝗮𝘁𝗶𝗼𝗻 𝗘𝘂𝗿𝗼𝗽𝗲 We have joined the Linux Foundation Europe, strengthening our role in the international open-source community and underlining our commitment to security and resilience in digital infrastructures. One important initiative is the 𝗦𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝗕𝗶𝗹𝗹 𝗼𝗳 𝗕𝗲𝗵𝗮𝘃𝗶𝗼𝗿 (𝗦𝗕𝗼𝗕), which enhances traceability and security in the software supply chain and enables real-time anomaly detection. This approach helps create greater transparency and trust in software development and deployment. 💬 Designing secure software supply chains is one of the key challenges of our time. Through our involvement with the Linux Foundation Europe, we aim to develop practical, open-standard-based solutions that sustainably strengthen Europe’s digital resilience. – Constanze B. Roedig, Key Researcher at SBA Research As Austria’s largest research center for information security, we have long been committed to applied security research, with the goal of transforming research findings into practical solutions that benefit both economy and society. 💬 Trustworthy software supply chains require robust security research. The Linux Foundation Europe works closely with cybersecurity experts and the OpenSSF to embed proven best practices in the open source ecosystem. We are pleased to welcome SBA Research, an outstanding contributor with expertise in anomaly detection and software transparency, to our community. – Mirko Boehm, Linux Foundation Europe This collaboration opens new opportunities for exchange with international partners and for shaping a secure digital future together. 📷: Constanze Roedig, Lesya Koerbaecher, Linux Foundation Europe Vadim Bauer #OpenSource #CyberSecurity #SoftwareSupplyChain #DigitalResilience #ForschungWirkt #SecurityResearch

𝗢𝗰𝘁𝗼𝗯𝗲𝗿 𝗶𝘀 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗔𝘄𝗮𝗿𝗲𝗻𝗲𝘀𝘀 𝗠𝗼𝗻𝘁𝗵!  We’re excited to be part of this global initiative to spread cybersecurity awareness!  At SBA Research, we are committed to promoting cybersecurity knowledge all year round by sharing insights, best practices, and research findings to help individuals and organizations strengthen their cybersecurity posture.  Here are some of our key initiatives and events: ➡️ 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗔𝘄𝗮𝗿𝗲𝗻𝗲𝘀𝘀 𝗦𝘁𝗮𝗺𝗺𝘁𝗶𝘀𝗰𝗵 in cooperation with Österreichisches Institut für angewandte Telekommunikation (ÖIAT) 👩💻 𝗦𝗵𝗲𝗰𝘂𝗿𝗶𝘁𝘆 – 𝗛𝗮𝗰𝗸𝗲𝗿𝗶𝗻𝗻𝗲𝗻 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴 in cooperation with CyberSecurityAustria CSA and Cybersecurity Center TU Wien – 21st October https://lnkd.in/g-bZ9sY7 📅 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗠𝗲𝗲𝘁𝘂𝗽𝘀 - 29th October https://lnkd.in/ghQnzWV9 🍕 𝗦𝗲𝗰𝘂𝗿𝗲.𝗽𝗶𝘇𝘇𝗮𝗰𝗹𝘂𝗯 for students - 6th November https://lnkd.in/gh94-N-r Let’s work together to make the internet a safer place for everyone!  ⬇ How are you contributing to Cybersecurity Awareness Month? Share in the comments below! 📷: Presidential Office, Shecurity - Women in Security, SBA #CyberSecurityMonth #SBAResearch #CyberAwareness

✨ 𝗗𝗶𝘀𝘁𝗶𝗻𝗴𝘂𝗶𝘀𝗵𝗲𝗱 𝗣𝗮𝗽𝗲𝗿 𝗔𝘄𝗮𝗿𝗱 𝗮𝘁 𝗔𝗖𝗠 𝗖𝗖𝗦 𝟮𝟬𝟮𝟱 👏 Congratulations to David Schmidt, Sebastian Schrittwieser, and Edgar Weippl from Universität Wien and SBA Research for receiving the Distinguished Paper Award at ACM CCS 2025 (A*-rated)! Their outstanding work, 𝗟𝗲𝗮𝗸𝘆 𝗔𝗽𝗽𝘀: 𝗟𝗮𝗿𝗴𝗲-𝘀𝗰𝗮𝗹𝗲 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀 𝗼𝗳 𝗦𝗲𝗰𝗿𝗲𝘁𝘀 𝗗𝗶𝘀𝘁𝗿𝗶𝗯𝘂𝘁𝗲𝗱 𝗶𝗻 𝗔𝗻𝗱𝗿𝗼𝗶𝗱 𝗮𝗻𝗱 𝗶𝗢𝗦 𝗔𝗽𝗽𝘀, makes a significant contribution to understanding and improving the security of mobile ecosystems. This recognition at one of the world’s top venues in cybersecurity highlights the impact and excellence of their research. ACM, Association for Computing Machinery #ACMCCS2025 #CyberSecurity #ResearchExcellence #MobileSecurity #DistinguishedPaperAward #SBAResearch

🔐 𝗦𝗕𝗔 𝗥𝗲𝘀𝗲𝗮𝗿𝗰𝗵 𝗮𝘁 𝗵𝗲𝗶𝘀𝗲 𝗱𝗲𝘃𝗦𝗲𝗰() 𝟮𝟬𝟮𝟱 𝗶𝗻 𝗥𝗲𝗴𝗲𝗻𝘀𝗯𝘂𝗿𝗴 On October 1st, our colleagues Michael Koppmann, Senior Information Security Consultant, and Mathias Tausig, Information Security Consultant, shared their expertise at the heise 𝗱𝗲𝘃𝗦𝗲𝗰() conference in Regensburg, Germany.   💬 𝗚𝗼𝘁 𝗔𝗻𝘆 𝗘𝘅𝗰𝘂𝘀𝗲𝘀? 𝗪𝗶𝗲 𝗺𝗮𝗻 𝘀𝗶𝗰𝗵𝗲𝗿𝗲𝗻 𝗧𝘆𝗽𝗲𝗦𝗰𝗿𝗶𝗽𝘁-𝗖𝗼𝗱𝗲 𝗲𝗿𝘇𝘄𝗶𝗻𝗴𝗲𝗻 𝗸𝗮𝗻𝗻 Michael Koppmann explored how to enforce security in TypeScript through thoughtful design, compiler flags, and functional programming patterns – showing how to make the type system itself an ally in writing secure code. 💬 𝗗𝗮𝘀 𝗧𝗣𝗠 𝘂𝗻𝗱 𝗗𝘂: 𝗪𝗶𝗲 𝗺𝗮𝗻 𝗱𝗮𝘀 𝗧𝗣𝗠 𝘁𝗮𝘁𝘀𝗮𝗰𝗵𝗹𝗶𝗰𝗵 𝘃𝗲𝗿𝘄𝗲𝗻𝗱𝗲𝗻 𝗸𝗮𝗻𝗻 Mathias Tausig demonstrated how developers can make practical use of the Trusted Platform Module (TPM) to simplify key management and strengthen cryptographic operations in everyday development. 👉 𝗥𝗲𝗮𝗱 𝗺𝗼𝗿𝗲: https://lnkd.in/gpeMwCxZ #CyberSecurity #TypeScript #TPM #SoftwareSecurity #ProfessionalServices #SBAResearch #heisedevSec

🔒 𝗦𝗕𝗔 𝗮𝘁 𝘁𝗵𝗲 𝗟𝗦𝗭 𝗖𝘆𝗯𝗲𝗿 𝗖𝗿𝗶𝗺𝗲 𝗙𝗼𝗿𝘂𝗺 𝗚𝗿𝗮𝘇 𝟮𝟬𝟮𝟱 At this year’s LSZ Cyber Crime Forum in Graz, our colleagues Nicolas Petri (Information Security Consultant) and Gerald Sendera (Data Protection Supervisor & Legal Counsel) shared their insights on a topic many developers can relate to: 🎤 “𝗜𝗰𝗵 𝘄𝗼𝗹𝗹𝘁𝗲 𝗻𝘂𝗿 𝗦𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝗯𝗮𝘂𝗲𝗻 – 𝘂𝗻𝗱 𝗷𝗲𝘁𝘇𝘁 𝗺𝗮𝗰𝗵 𝗶𝗰𝗵 𝗖𝗥𝗔-𝗖𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲.” More and more legal acts of the European Union require the mandatory implementation of cybersecurity measures. The consequences of non-compliance go beyond potential fines and the associated security risks. They include personal liability of management bodies (NIS-2) or loss of market access for non-compliant products (Cyber Resilience Act – CRA). As of today, harmonized cybersecurity standards for products have not yet been issued, while European certification schemes – such as certifications under the EUCC scheme – involve complex processes that generate high costs. Often, there is a lack of awareness of a low-threshold approach that would allow organizations and software developers to review and improve the security of their processes and products already during design and development. Using selected Essential Security Requirements from Annex I of the Cyber Resilience Act and an approach based on OWASP SAMM and OWASP ASVS, we demonstrate one way to address these requirements. The outcome could already serve as the foundation for a self-assessment of CRA conformity or as evidence in the context of third-party evaluation within a certification process. A big thank you to the LSZ - Future Connections team for hosting another great exchange of expertise at the intersection of law, technology, and security. 👉 Want to learn more about how to get ready for CRA and NIS-2? 𝗟𝗲𝘁’𝘀 𝘁𝗮𝗹𝗸! Reach out to us or visit www.sba-research.org 📷: LSZ #CyberSecurity #CyberResilienceAct #NIS2 #Compliance #SoftwareSecurity #ProfessionalServices 

🔐 𝗖𝗥𝗔, 𝗔𝗦𝗩𝗦 & 𝗦𝗔𝗠𝗠 – 𝗧𝗵𝗿𝗲𝗲 𝗮𝗰𝗿𝗼𝗻𝘆𝗺𝘀 𝘄𝗶𝘁𝗵 𝗶𝗺𝗽𝗮𝗰𝘁! At the LSZ Cyber Crime Forum Salzburg, Mathias Tausig and Stefan Jakoubi presented a practical approach to assess and demonstrate CRA conformity using OWASP SAMM and OWASP ASVS. 💡 Great discussions showed how awareness of the Cyber Resilience Act is growing – and how secure software development and compliance are coming closer together. #CyberSecurity #CRA #SoftwareSecurity #SBAResearch #OWASPSAMM #OWASPASVS #LSZ