News and Press Updates from the NEU SecLab

Andrea gave a talk at this year's CANSECWEST on exploiting speculative execution.

We're looking forward to Andrea's hooding today!

Congratulations to Andrea for defending his Ph.D. thesis! Looking forward to the hooding in May!

Kaan published a blog post on our "Web cache deception escalates!" paper at USENIX '22.

Andrea will be presenting his EuroSP 21 paper at PacSec 2021.

Andrea's work on bypassing memory safety mechanisms through speculative control flow hijacks also got accepted as the finalist of CSAW'21 Applied Research Competition.

Mansour, Reza, and Ryan's work on ML-based bug detection got accepted as the finalist of CSAW'21 Applied Research Competition.

Tommaso was invited to present the results of his recent work on password reset procedures to the FTC (Federal Trade Commission).

Congratulations to Bahruz and Steve for the acceptance of their CCS '21 paper! Also, congrats to Seyed Ali and Matteo for the acceptance of their USENIX '22 paper!

Quite a bit of time has passed since we didn't post any updates. The semester and our teaching has started again, and we've published a number of works in different conferences (although sadly, all conferences are remote these days due to the pandemic).

SecLab @ NEU has some upcoming Blackhat talks. Andrea will be giving a talk on the dark age of memory corruption mitigations in the Spectre era at Blackhat 2021. Our former lab member Michael will be talking on bridging the security infrastructure between the data Center and AWS Lambda

Our KUBO paper, on precise and scalable detection of undefined behavior bugs in OS kernel, is to appear at NDSS 2021.

Google will sponsor our research on hardware-based memory safety via an ASPIRE Award.

NSF will fund our research on optimizing fuzzing for vulnerability coverage.

Two papers, FICS (finding bugs using your own code) and PTAuth (points-to authentication for temporal safety), are accepted by USENIX Security'21

Long is awarded (early) tenure at Northeastern.

Our MEUZZ paper is accepted by RAID 2020.

Long gave a talk at the Google Android Security Summit in Mountain View.

Engin gave a talk at the US embassy in London on how to use AI to detect cyber attacks.

Engin gave a keynote at the 22nd Information Security Conference in New York City.

Engin gave a talk at the CROSSING conference in Darmstadt, Germany.

Engin became the Executive Director of the Northeastern Cybersecurity and Privacy Institute.

Engin attended AsiaCCS in Auckland, New Zealand.

Engin lectured in the Real-World Crypto and Privacy Summer School in Croatia.

Engin attended the Mozilla Security Summit in SF.

Engin attended a panel at SecureWorld Boston.

Engin gave a keynote at CODASPY 2019 in Dallas, TX.

Some of our team members attended a workshop in Japan organized by Yokohama National University.

Some of our team members attended ACSAC 2019 where we also presented a paper.

Engin gave a keynote at IEEE Intelligence and Security Informatics (ISI) 2018 in Miami.

Engin gave a keynote at RAID 2018 in Crete.

Some of us attended the IEEE Security and Privacy Symposium, and Amin presented a paper.

Toby presented a paper for us at this year's WWW conference in Lyon, France.

Michael presented a paper at FTC's PrivacyCon.

Engin gave an invited talk at the TUSIAD data security in business informational event in Istanbul.

Engin attended the Euro SP PC meeting in London.

Engin gave a talk at FS-ISAC in Baltimore on sandboxing systems and malware.

Engin attended a Ph.D. thesis defense at Eurecom -- our sister lab in France.

Amin just visited UIUC and gave a talk there.

A bunch of us will be attending RAID in Atlanta, and we'll have two papers to present.

Engin gave a talk on ransomware at the Healthcare Security Forum in downtown Boston.

A bunch of us just attended USENIX Security in Vancouver, and Engin co-chaired it.

Engin visited the National University of Singapore, and spent some time there for a joint project. Thanks to NUS for hosting us!

A number of us are attending IEEE Security and Privacy in San Jose, CA.

We hosted the USENIX Security 2017 PC meeting in Boston at ISEC.

Engin gave a keynote at the 24th IEEE International Conference on Software Analysis, Evolution, and Reengineering (SWANER).

A number of us are attending NDSS 2017 in San Diego.

Kaan defended his Ph.D.! Congratulations!

Some lab members attended the ACM CCS conference in Vienna, Austria.

A bunch of us just attended USENIX Security in Austin.

Andrea just attended IEEE S&P in San Jose.

Ahmet will be doing a presentation at Blackhat Asia in Singapore.

Some of us will be at FC 2016 in Barbados.

Some of us will be at NDSS in San Diego.

Some of us will be at Blackhat Asia in Singapore to give a presentation.

The Daily Swig reported on T-Reqs.

Dark Reading reported on the latest USENIX paper from Reza, Ryan, and Long on using ML to find bugs.

What are the Russian hackers searching for this time?

Here’s why electronic voting won’t happen anytime soon.

Engin authored an interdisciplinary article with Prof. Miller from BU on Cyberwarfare.

VMware snaps up network security firm Lastline that Engin co-founded.

CNet interviewed Engin on red flags for apps.

We are honored that PortSwigger named our web cache deception paper the top web hacking technique of 2019!

ZDNet, PortSwigger, CyWare Hacker News, Technology Decisions, and The Cyber Security Place have reported on our recent measurement study showing that web cache deception attacks remain a threat to Internet safety.

NPR talked to Engin about potential USB attacks at airports.

eFM South Korea interviewed Engin on the dark web and how criminals misuse Tor.

Yahoo News quoted Engin on Northeastern defending its title in the 2nd Boston Cybersecurity Beanpot Challenge.

CNET News quoted Engin on Amazon's plans for Sidewalk.

USA Today quoted Engin on Facebook storing passwords unencrypted.

Reuters, MSN, and Yahoo Finance featured a video interview of Engin on Facebook blocking Russian-connected accounts.

Andrea gave an interview to The Register on Speculator.

Metro talked to Engin on attacks during Cyber Monday.

Dark Reading printed an article from Kaan on how Security Researchers Struggle with Bot Management Programs.

Security Boulevard quoted Engin on security issues when enabling a mobile security workforce.

A number of articles 1, 2 quoted Engin on the BGP security incident that Amazon faced.

ZDNet quoted Engin on how to write a good security policy for BYOD or company-owned mobile devices.

A number of articles 1,2,3,4,5 quoted Engin on the attacks against MyFitnessPal.

Bloomberg quoted Engin on the cyber-attack against Underarmour.

CNBC quoted Engin on the security of tax software.

Engin talked to Northeastern News about the recent reported attacks against critical infrastructures.

Engin was cited by the Washington Post on the security of SMBs.

Engin was cited by TechRepublic on the security of SMBs.

Engin was cited in an article on 5 easy ways to keep yourself cybersecure at work.

Engin was cited in an article about self-driving cars.

Some of our thoughts on AI and computer security.

Healthcare IT news interviewed Engin on some of the recent attacks.

Our Lastline has compiled $28.5 million Series C funding.

Our Lastline doubles business by taking guesswork out of malware fight.

Moneyish cites some suggestions from us for protection against malware attacks.

Some of our comments on security-related scenes in the The Fate of the Furious film.

Some of our comments on the CIA hacking documents that were leaked.

Some of our thoughts on charging stations hacking phones.

IT Security News talked to Engin on malware. Here is the podcast.

Some of Engin's thoughts on the Russian DNC hacking.

Engin had some comments on the Computer Science Education Week.

WalletHub talked to Engin on identity theft and fraud.

Tech Republic reported on Olympic Scams and talked to Engin.

Archer News just quoted Engin on ransomware for wearable systems.

Bankinfosecurity reported on UNVEIL, our ransomware detection system.

MIT Technology Review reported on UNVEIL, our ransomware detection system.

SC Magazin reported on a Trojan in the Google Play Store and talked to Engin.

The Conversation featured an article by Amin on ransomware attacks.

DarkReading quoted Engin on steps to take for backing up data against ransomware attacks.

Threatpost reported on our research on Firefox extension-reuse vulnerabilities.

Fusion reported on ransomware, and quoted Engin.

Christian Science Monitor reported on ransomware, and quoted Engin.

Christian Science Monitor reported on targeted attacks, and quoted Engin.

Network World reported on our research on ransomware.

ThreatPost reported on our research on the challenges in CSP adoption.

Slashdot reported on our research on the effect of Heartbleed on Tor.

ThreatPost reported on our research on the effect of Heartbleed on Tor.

Heise reported on our research on the effect of Heartbleed on Tor.

ThreatPost reported on our GUI vulnerability detection approach.

CNET reported on our mobile security research presented at CanSecWest.

Business Insider discusses air-gapped malware with us.

SC Magazine reports on Collin's panel discussion at the RSA conference on the safety of iOS versus Android.

Le Monde also referenced our Clickonomics paper in a recent news article (in French).

A report on our Clickonomics paper was published by TorrentFreak.

iSecLab's Lastline listed as must-watch security startup Network World.

A report on our upload payments paper was published by TorrentFreak.

DarkReading reports on Lastline, Inc., a new startup from the SecLab.

DarkReading reports on our ACSAC paper on large-scale botnet analysis.

DarkReading reports on our USENIX Security paper on PubCrawl, a detector for automated abuse of websites.

Forbes reports on our paper on the security of Amazon Cloud services.

Forbes reports on our recent work on HTTP parameter pollution.

New Scientist published a report on our EXPOSURE, our service for identifying malicious domains.

The MIT Technology Review published on article on our study of privacy-violating iPhone apps.