Recent Activities

20 September 2023

Congratulations to Leyla Bilge (a former SecLab Ph.D. student) for being awarded a STEM award in NYC from Seramount for being a Women of Excellence.

09 August 2023

We attended USENIX Security in Anaheim, CA to present a paper.

17 March 2023

Ryan will be presenting a paper at SANER 2023.

06 September 2022

Engin will be co-chairing ACM CCS in 2023 and 2024. Do submit your best work!

06 August 2022

Quite a number of group members will be attending USENIX Security in Boston to present papers. Come talk to us!

20 May 2022

Andrea gave a talk at this year's CANSECWEST on exploiting speculative execution.

09 May 2022

We're looking forward to Andrea's hooding today!

25 Jan 2022

Congratulations to Andrea for defending his Ph.D. thesis! Looking forward to the hooding in May!

14 Jan 2022

Kaan published a blog post on our "Web cache deception escalates!" paper at USENIX '22.

12 Nov 2021

Andrea will be presenting his EuroSP 21 paper at PacSec 2021.

28 Oct 2021

Andrea's work on bypassing memory safety mechanisms through speculative control flow hijacks also got accepted as the finalist of CSAW'21 Applied Research Competition.

22 Oct 2021

Mansour, Reza, and Ryan's work on ML-based bug detection got accepted as the finalist of CSAW'21 Applied Research Competition.

05 Oct 2021

Tommaso was invited to present the results of his recent work on password reset procedures to the FTC (Federal Trade Commission).

14 Sep 2021

Congratulations to Bahruz and Steve for the acceptance of their CCS '21 paper! Also, congrats to Seyed Ali and Matteo for the acceptance of their USENIX '22 paper!

03 Sep 2021

Quite a bit of time has passed since we didn't post any updates. The semester and our teaching has started again, and we've published a number of works in different conferences (although sadly, all conferences are remote these days due to the pandemic).

12 May 2021

SecLab @ NEU has some upcoming Blackhat talks. Andrea will be giving a talk on the dark age of memory corruption mitigations in the Spectre era at Blackhat 2021. Our former lab member Michael will be talking on bridging the security infrastructure between the data Center and AWS Lambda

23 Dec 2020

Our KUBO paper, on precise and scalable detection of undefined behavior bugs in OS kernel, is to appear at NDSS 2021.

10 Oct 2020

Google will sponsor our research on hardware-based memory safety via an ASPIRE Award.

12 Sep 2020

NSF will fund our research on optimizing fuzzing for vulnerability coverage.

23 Aug 2020

Two papers, FICS (finding bugs using your own code) and PTAuth (points-to authentication for temporal safety), are accepted by USENIX Security'21

5 Jun 2020

Long is awarded (early) tenure at Northeastern.

4 May 2020

Our MEUZZ paper is accepted by RAID 2020.

28 Feb 2020

Long gave a talk at the Google Android Security Summit in Mountain View.

19 Nov 2019

Engin gave a talk at the US embassy in London on how to use AI to detect cyber attacks.

16 Sep 2019

Engin gave a keynote at the 22nd Information Security Conference in New York City.

09 Sep 2019

Engin gave a talk at the CROSSING conference in Darmstadt, Germany.

01 Sep 2019

Engin became the Executive Director of the Northeastern Cybersecurity and Privacy Institute.

07 Jul 2019

Engin attended AsiaCCS in Auckland, New Zealand.

18 Jun 2019

Engin lectured in the Real-World Crypto and Privacy Summer School in Croatia.

24 May 2019

Engin attended the Mozilla Security Summit in SF.

27 Mar 2019

Engin attended a panel at SecureWorld Boston.

25 Mar 2019

Engin gave a keynote at CODASPY 2019 in Dallas, TX.

11 Mar 2019

Some of our team members attended a workshop in Japan organized by Yokohama National University.

08 Dec 2018

Some of our team members attended ACSAC 2019 where we also presented a paper.

08 Nov 2018

Engin gave a keynote at IEEE Intelligence and Security Informatics (ISI) 2018 in Miami.

15 Sep 2018

Engin gave a keynote at RAID 2018 in Crete.

21 May 2018

Some of us attended the IEEE Security and Privacy Symposium, and Amin presented a paper.

27 Apr 2018

Toby presented a paper for us at this year's WWW conference in Lyon, France.

27 Feb 2018

Michael presented a paper at FTC's PrivacyCon.

15 Dec 2017

Engin gave an invited talk at the TUSIAD data security in business informational event in Istanbul.

03 Oct 2017

Engin attended the Euro SP PC meeting in London.

03 Oct 2017

Engin gave a talk at FS-ISAC in Baltimore on sandboxing systems and malware.

29 Sep 2017

Engin attended a Ph.D. thesis defense at Eurecom -- our sister lab in France.

28 Sep 2017

Amin just visited UIUC and gave a talk there.

16 Sep 2017

A bunch of us will be attending RAID in Atlanta, and we'll have two papers to present.

12 Sep 2017

Engin gave a talk on ransomware at the Healthcare Security Forum in downtown Boston.

22 Aug 2017

A bunch of us just attended USENIX Security in Vancouver, and Engin co-chaired it.

01 Aug 2017

Engin visited the National University of Singapore, and spent some time there for a joint project. Thanks to NUS for hosting us!

22 May 2017

A number of us are attending IEEE Security and Privacy in San Jose, CA.

10 May 2017

We hosted the USENIX Security 2017 PC meeting in Boston at ISEC.

27 Feb 2017

Engin gave a keynote at the 24th IEEE International Conference on Software Analysis, Evolution, and Reengineering (SWANER).

26 Feb 2017

A number of us are attending NDSS 2017 in San Diego.

21 Nov 2016

Kaan defended his Ph.D.! Congratulations!

22 Oct 2016

Some lab members attended the ACM CCS conference in Vienna, Austria.

11 Aug 2016

A bunch of us just attended USENIX Security in Austin.

01 Jun 2016

Andrea just attended IEEE S&P in San Jose.

22 Feb 2016

Ahmet will be doing a presentation at Blackhat Asia in Singapore.

20 Feb 2016

Some of us will be at FC 2016 in Barbados.

29 Jan 2016

Some of us will be at NDSS in San Diego.

26 Jan 2016

Some of us will be at Blackhat Asia in Singapore to give a presentation.

Press

22 September 2023

The Rappler quoted Engin on review bombing attacks.

28 Feb 2022

The GW Hatchet reported that attacks against universities surged, and quoted Engin.

25 Nov 2021

The Daily Swig reported on T-Reqs.

04 May 2021

Dark Reading reported on the latest USENIX paper from Reza, Ryan, and Long on using ML to find bugs.

16 Dec 2020

What are the Russian hackers searching for this time?

30 Oct 2020

Here’s why electronic voting won’t happen anytime soon.

13 Oct 2020

Engin authored an interdisciplinary article with Prof. Miller from BU on Cyberwarfare.

5 Jun 2020

VMware snaps up network security firm Lastline that Engin co-founded.

28 Feb 2020

CNet interviewed Engin on red flags for apps.

22 Feb 2020

We are honored that PortSwigger named our web cache deception paper the top web hacking technique of 2019!

25 Dec 2019

ZDNet, PortSwigger, CyWare Hacker News, Technology Decisions, and The Cyber Security Place have reported on our recent measurement study showing that web cache deception attacks remain a threat to Internet safety.

26 Nov 2019

NPR talked to Engin about potential USB attacks at airports.

21 Oct 2019

eFM South Korea interviewed Engin on the dark web and how criminals misuse Tor.

21 Oct 2019

Yahoo News quoted Engin on Northeastern defending its title in the 2nd Boston Cybersecurity Beanpot Challenge.

26 Sep 2019

CNET News quoted Engin on Amazon's plans for Sidewalk.

21 Mar 2019

USA Today quoted Engin on Facebook storing passwords unencrypted.

22 Jan 2019

Reuters, MSN, and Yahoo Finance featured a video interview of Engin on Facebook blocking Russian-connected accounts.

07 Dec 2018

Andrea gave an interview to The Register on Speculator.

23 Nov 2018

Metro talked to Engin on attacks during Cyber Monday.

12 Oct 2018

Dark Reading printed an article from Kaan on how Security Researchers Struggle with Bot Management Programs.

27 Apr 2018

Security Boulevard quoted Engin on security issues when enabling a mobile security workforce.

26 Apr 2018

A number of articles 1, 2 quoted Engin on the BGP security incident that Amazon faced.

04 Apr 2018

ZDNet quoted Engin on how to write a good security policy for BYOD or company-owned mobile devices.

31 Mar 2018

A number of articles 1,2,3,4,5 quoted Engin on the attacks against MyFitnessPal.

30 Mar 2018

Bloomberg quoted Engin on the cyber-attack against Underarmour.

23 Mar 2018

CNBC quoted Engin on the security of tax software.

22 Mar 2018

Engin talked to Northeastern News about the recent reported attacks against critical infrastructures.

22 Mar 2018

Engin was cited by the Washington Post on the security of SMBs.

21 Mar 2018

Engin was cited by TechRepublic on the security of SMBs.

08 Mar 2018

Engin was cited in an article on 5 easy ways to keep yourself cybersecure at work.

05 Sep 2017

Engin was cited in an article about self-driving cars.

16 Aug 2017

Some of our thoughts on AI and computer security.

18 Jul 2017

Healthcare IT news interviewed Engin on some of the recent attacks.

12 Jul 2017

Our Lastline has compiled $28.5 million Series C funding.

24 May 2017

Our Lastline doubles business by taking guesswork out of malware fight.

16 May 2017

Moneyish cites some suggestions from us for protection against malware attacks.

14 Apr 2017

Some of our comments on security-related scenes in the The Fate of the Furious film.

08 Mar 2017

Some of our comments on the CIA hacking documents that were leaked.

16 Feb 2017

Some of our thoughts on charging stations hacking phones.

10 Feb 2017

IT Security News talked to Engin on malware. Here is the podcast.

22 Dec 2016

Some of Engin's thoughts on the Russian DNC hacking.

05 Dec 2016

Engin had some comments on the Computer Science Education Week.

30 Oct 2016

WalletHub talked to Engin on identity theft and fraud.

24 Aug 2016

Tech Republic reported on Olympic Scams and talked to Engin.

18 Aug 2016

Archer News just quoted Engin on ransomware for wearable systems.

11 Aug 2016

Bankinfosecurity reported on UNVEIL, our ransomware detection system.

29 Jul 2016

MIT Technology Review reported on UNVEIL, our ransomware detection system.

06 Jun 2016

SC Magazin reported on a Trojan in the Google Play Store and talked to Engin.

23 May 2016

The Conversation featured an article by Amin on ransomware attacks.

21 Apr 2016

DarkReading quoted Engin on steps to take for backing up data against ransomware attacks.

05 Apr 2016

Threatpost reported on our research on Firefox extension-reuse vulnerabilities.

16 Mar 2016

Fusion reported on ransomware, and quoted Engin.

20 Feb 2016

Christian Science Monitor reported on ransomware, and quoted Engin.

25 Sep 2015

Christian Science Monitor reported on targeted attacks, and quoted Engin.

04 Aug 2015

Network World reported on our research on ransomware.

16 Jul 2014

ThreatPost reported on our research on the challenges in CSP adoption.

17 Apr 2014

Slashdot reported on our research on the effect of Heartbleed on Tor.

17 Apr 2014

ThreatPost reported on our research on the effect of Heartbleed on Tor.

17 Apr 2014

Heise reported on our research on the effect of Heartbleed on Tor.

26 Mar 2014

ThreatPost reported on our GUI vulnerability detection approach.

25 Mar 2014

CNET reported on our mobile security research presented at CanSecWest.

05 Mar 2014

Business Insider discusses air-gapped malware with us.

01 Mar 2013

SC Magazine reports on Collin's panel discussion at the RSA conference on the safety of iOS versus Android.

20 Jan 2013

Le Monde also referenced our Clickonomics paper in a recent news article (in French).

11 Jan 2013

A report on our Clickonomics paper was published by TorrentFreak.

08 Jan 2013

iSecLab's Lastline listed as must-watch security startup Network World.

02 Dec 2012

A report on our upload payments paper was published by TorrentFreak.

13 Nov 2012

DarkReading reports on Lastline, Inc., a new startup from the SecLab.

23 Oct 2012

DarkReading reports on our ACSAC paper on large-scale botnet analysis.

08 Oct 2012

DarkReading reports on our USENIX Security paper on PubCrawl, a detector for automated abuse of websites.

11 Aug 2012

Forbes reports on our paper on the security of Amazon Cloud services.

15 Mar 2012

Forbes reports on our recent work on HTTP parameter pollution.

08 Feb 2012

New Scientist published a report on our EXPOSURE, our service for identifying malicious domains.

25 Jan 2012

The MIT Technology Review published on article on our study of privacy-violating iPhone apps.