Security news aggregator

Latest coverage for Study

Studies provide evidence on cyber threats, vulnerabilities, defensive controls, and user behavior, helping assess security risks and protections.

4 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Study in this tag covers systematic research, measurement, evaluation, or analysis of information-security technologies, threats, and practices. It may include experiments on attack techniques, assessments of defensive controls, surveys of security behavior, analysis of incidents, or research into vulnerabilities and privacy risks. The relevant question is usually what evidence the work provides, how broadly its findings apply, and whether its methods support reproducible conclusions.

For practitioners, studies can reveal exploitable conditions, estimate how often a weakness occurs, or test whether a control detects and contains attacks under realistic conditions. Interpret results cautiously when samples are small, environments are artificial, or a claimed vulnerability has not been independently validated. Research involving telemetry, users, or personal data also raises privacy and ethical requirements. Useful findings should translate into specific actions, such as prioritizing vulnerability remediation, changing configurations, improving detection logic, or revising secure-development and risk-assessment practices.

Volume over time

Weekly headline count for the current query.

Showing 4 most recent headlines Filtered view

Direct navigation -- the act of visiting a website by manually typing a domain name in a web browser -- has never been riskier: A new study finds the vast majority of "parked" domains -- mostly expired or dormant domain names, or common misspellings of popular websites -- are now configured to redirect visitors to sites that foist scams and malware.

Krebs on Security 1 year, 1 month ago

Proxy Services Feast on Ukraine’s IP Address Exodus

Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of proxy and anonymity services nested at some of America's largest Internet service providers (ISPs).

Most accomplished cybercriminals go out of their way to separate their real names from their hacker handles. But among certain old-school Russian hackers it is not uncommon to find major players who have done little to prevent people from figuring out who they are in real life. A case study in this phenomenon is "x999xx," the nickname chosen by a venerated Russian hacker who specializes in providing the initial network access to various ransomware groups.

Krebs on Security 3 years, 2 months ago

Re-Victimization from Police-Auctioned Cell Phones

Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found. In response, the largest online marketplace for items seized in U.S. law enforcement investigations says it now ensures that all phones sold through its platform will be data-wiped prior to auction.