phd in cyber security jobs

Earning A Ph.D. In Cybersecurity: Everything You Need To Know

Updated: Jan 1, 2024, 3:30pm

A Ph.D. in cybersecurity prepares graduates for advanced, high-level job opportunities, including roles in research, education and management.

Cybersecurity Ph.D. programs allow students and professionals to build on their knowledge and skills. Candidates gain experience working with emerging technologies across artificial intelligence, data science and cloud computing to optimize organizational performance. This article overviews cybersecurity doctoral degree options, including standard admission requirements, common coursework and potential career paths.

Why You Can Trust Forbes Advisor Education

Forbes Advisor’s education editors are committed to producing unbiased rankings and informative articles covering online colleges, tech bootcamps and career paths. Our ranking methodologies use data from the National Center for Education Statistics , education providers, and reputable educational and professional organizations. An advisory board of educators and other subject matter experts reviews and verifies our content to bring you trustworthy, up-to-date information. Advertisers do not influence our rankings or editorial content.

• 6,290 accredited, nonprofit colleges and universities analyzed nationwide
• 52 reputable tech bootcamp providers evaluated for our rankings
• All content is fact-checked and updated on an annual basis
• Rankings undergo five rounds of fact-checking
• Only 7.12% of all colleges, universities and bootcamp providers we consider are awarded

What to Expect From a Ph.D. in Cybersecurity

A Ph.D. in cybersecurity provides students with a comprehensive education encompassing technology, data science, leadership, management, ethics and policy. Requirements, course loads and curriculums for these programs vary by school. In most cases, students need to complete between 50 and 70 credits, which typically takes three to seven years.

Several components make up the Ph.D. curriculum, including professional research and theory, an extensive literature review and dissertation preparation. In addition to coursework, Ph.D. students must fulfill teaching and research responsibilities.

Core concepts and topics can include:

• Machine learning
• Information theory
• Applied cryptology
• Theory of computation
• Artificial intelligence
• Network security

Degree Finder

Doctor of philosophy vs. doctor of science vs. doctor of information technology.

When deciding which cybersecurity doctoral program to pursue, you can choose from the following degree options:

• Ph.D. in cybersecurity
• Doctor of Science (D.Sc.) in cybersecurity
• Doctor of Information Technology (DIT)

Ph.D. in Cybersecurity

In general, a Ph.D. in cybersecurity is a research-based degree program that prepares graduates for advanced roles in academia. This degree focuses on research and theory, catering to students and professionals looking to expand their teaching opportunities and become professors or researchers.

D.Sc. in Cybersecurity

A D.Sc. focuses on practical applications of theory in management and leadership roles. Students may research cybersecurity’s emerging theoretical and technical components. This degree suits students who are interested in policy development.

A D.I.T. program serves professionals who are looking to advance their knowledge and expertise in technology and computing. Learners may develop the skills needed to lead an organization. Students can choose a specialization, such as cybersecurity, computer science or data science.

What Kinds of Exams are Required During a Ph.D. Program?

In addition to coursework and a dissertation, students working toward their cybersecurity doctorate must complete exams. In most Ph.D. programs, learners must take three exams.

• A qualifying exam, which occurs during the early stages of the program
• A preliminary exam to demonstrate a candidate’s readiness to begin their dissertation and research
• The final exam, through which a candidate defends their dissertation and research work

Common Courses in a Cybersecurity Ph.D.

Coursework for cybersecurity Ph.D. programs varies among schools. Each program sets a unique curriculum. Below you’ll find just a few examples and variations of common course titles for cybersecurity doctoral programs.

Advanced Security Risk Management and Assessment

Courses on advanced security risk management and assessment provide an overview of methodologies for strategic decision-making. Students analyze various management techniques to develop cyber defense procedures to reduce and address breaches.

Research and Practice in Information Technology

In courses on research and practice in information technology, students analyze research across the spectrum of IT disciplines. Learners review concepts, methodologies and techniques used in computer science, information systems, information management and software engineering research.

This course introduces students to key research paradigms, including the principles of research ethics, design and methods of data collection and analysis as relevant to IT research.

Law, Policy, Ethics and Compliance

Courses on law, policy, ethics and compliance provide an overview of legal, ethical and policy-related cybersecurity issues. Students analyze domestic and international security law, compliance issues and legal principles. Learners critically evaluate policy documents across business sectors to understand how to comply with varying laws and regulations while addressing cybersecurity challenges.

Dissertation

Each doctoral candidate must write a dissertation, or a formal research paper, that presents findings from original research carried out during the duration of the program under the guidance of faculty advisors. Students create the documentation for their dissertation topic, obtain approval from advisors and submit any required information to their institution’s research board.

How to Get Admitted to a Cybersecurity Doctoral Program

The admission requirements for a cybersecurity doctoral program can differ depending on the school. Typically, applicants must have at least an undergraduate degree, such as a bachelor’s degree in cybersecurity . However, some programs require a master’s in cybersecurity or a related subject.

Ph.D. students coming from undergraduate programs may earn their master’s degrees as they complete their doctoral requirements. Those coming from master’s programs may have to complete fewer credits to earn their doctorate.

In addition to submitting a completed application and paying any application fees, standard admission requirements typically include the following.

• Submit undergraduate transcripts.
• Meet a minimum GPA requirement.
• Submit GRE scores.
• Submit letters of recommendation.
• Write an admissions essay or personal statement.
• Submit a résumé or CV with relevant professional experience and educational accomplishments.

What Can You Do With a Ph.D. in Cybersecurity?

Is this cybersecurity degree worth it? A Ph.D. in cybersecurity can help you qualify for various management positions, teaching jobs, research roles and other career opportunities in the information security field.

Below we list some potential careers for cybersecurity doctoral graduates. Cybersecurity job requirements vary widely depending on the specific title and organization. While the main responsibilities for each role are generally consistent across the field, details may vary among industries and workplaces.

We sourced the below salary data from Payscale .

Chief Information Security Officer

Average Annual Salary : Over $174,000 per year Qualifications : At least a master’s degree in cybersecurity, computer science, IT or a closely related field Job Description : A chief information security officer (CISO) is a C-suite management role. These professionals oversee information and data security for an organization, along with IT. CISOs offer strategic oversight on the design, development, implementation and maintenance of security solutions. They ensure organizations are adhering to necessary regulations, protocols and legal obligations.

Director of Operations

Average Annual Salary : Over $100,000 per year Qualifications : A master’s degree is the minimum educational requirement. Certifications and extensive experience can give you an advantage. Job Description : A director of operations oversees an organization’s cybersecurity operations and incident responses. They are responsible for building and cultivating integrated teams to address cyberattacks and threats. These professionals are accountable for timely and strategic responses to risks and security threats.

Education Program Director

Average Annual Salary : Over $68,000 per year Qualifications : At least a master’s degree and relevant work experience Job Description : Education program directors design and implement educational programs for the public or members of an organization. These professionals oversee all aspects of organizational initiatives, budgets and hiring staff. Education program directors develop various educational materials, including the curriculum for classes and content for conferences and lectures.

Featured Online Schools

Learn about start dates, transferring credits, availability of financial credit and much more by clicking 'Visit Site'

Frequently Asked Questions About Cybersecurity Ph.D.s

Is it worth getting a ph.d. in cybersecurity.

Earning a Ph.D. in cybersecurity can expand your career opportunities, increase your earning potential and help you qualify for high-level management positions. The U.S. Bureau of Labor Statistics (BLS) projects employment opportunities for information security specialists, including cybersecurity professionals, to grow by 32% from 2022 to 2032.

What can I do with a Ph.D. in cybersecurity?

A Ph.D. in cybersecurity is the highest academic credential available in the field. Depending on your degree option, you can qualify for positions in the education sector to teach, apply for leadership positions and pursue other high-level positions in the field.

• Best Online Cybersecurity Degrees
• Best Master’s In Computer Science Online
• Best Online Data Science Master’s Degrees
• Online Master’s In Computer Engineering
• Best Online Master’s In Information Technology Programs
• Best Software Engineering Master’s Online
• Best Online Computer Science Degrees
• How To Become A Cybersecurity Analyst
• How To Become a Web Developer
• How To Become A Sales Engineer
• Careers In Cybersecurity
• 10 Careers In Game Design To Consider
• Earning An Associate In Computer Science
• Earning A Bachelor’s Degree In Cybersecurity
• How To Become A Cybersecurity Specialist
• What Is A Typical Cybersecurity Salary?
• The 7 Best Programming Languages To Learn For Beginners
• How Long Does It Take To Learn Coding? And Other Coding Questions
• How To Learn Python For Free
• Ask A Tech Recruiter

How To Become A Computer Programmer: A Step-By-Step Guide

2024 Tech Industry Statistics

Computer Science Degree Guide: Courses, Careers And Online Options

How To Become A Network Engineer: Job Outlook And Salary

How To Become A Cloud Developer: Salary, Education And Job Outlook

Where To Earn A Ph.D. In Data Science Online In 2024

Mariah is a Berlin-based writer with six years of experience in writing, localizing and SEO-optimizing short- and long-form content across multiple niches, including higher education, digital marketing and travel. Her writing expertise extends to brand strategies and driving small business growth through targeted content. In the last three years, she's primarily produced education-focused content, writing on topics like degree programs, trade schools and career pathways.

Cybersecurity Guide

From scholar to expert: Cybersecurity PhD options

In this guide

• Industry demand
• 2024 rankings
• Preparation
• Considerations
• School listings

The cybersecurity landscape is not just growing—it’s evolving at a breakneck pace. And what better way to stay ahead of the curve than by pursuing a PhD in cybersecurity?

This advanced degree is no longer confined to the realm of computer science. Today, it branches into diverse fields like law, policy, management, and strategy, reflecting the multifaceted nature of modern cyber threats.

If you’re looking to become a thought leader in this dynamic industry, a PhD in cybersecurity offers an unparalleled opportunity to deepen your expertise and broaden your horizons.

This guide is designed to give prospective cybersecurity PhD students a general overview of available cybersecurity PhD programs. It will also outline some of the factors to consider when trying to find the right PhD program fit, such as course requirements and tuition costs. 

Industry demand for PhDs in cybersecurity

Like other cutting-edge technology fields, until recently, cybersecurity PhD programs were often training grounds for niche positions and specialized research, often for government agencies (like the CIA, NSA, and FBI),  or closely adjacent research organizations or institutions. 

Today, however, as the cybersecurity field grows to become more pervasive and consumer-oriented, there are opportunities for cybersecurity PhDs to work at public-facing companies like startups and name-brand financial, software, infrastructure, and digital service firms.

One trend that is emerging in the cybersecurity field is that cybersecurity experts need to be well-versed in a variety of growing threats. If recent headlines about cybersecurity breaches are any indication, there are a number of new attack vectors and opportunities for cybercrime and related issues. Historically, committing cybercrime took resources and a level of sophistication that required specialized training or skill.

But now, because of the pervasiveness of the internet, committing cybercrime is becoming more commonplace. So training in a cybersecurity PhD program allows students to become an experts in one part of a growing and multi-layered field.

In fact, this trend of needing well-trained, but adaptable cybersecurity professionals is reflected by the move by cybersecurity graduate schools to offer specialized master’s degrees , and many companies and professional organizations offer certifications in cybersecurity that focus on particular issues related to cybersecurity technology, cybersecurity law , digital forensics , policy, or related topics.

That said, traditional research-oriented cybersecurity positions continue to be in demand in academia and elsewhere — a trend that will likely continue. 

One interesting facet of the cybersecurity field is trying to predict what future cybersecurity threats might look like and then develop tools and systems to protect against those threats.

As new technologies and services are developed and as more of the global population begins using Internet services for everything from healthcare to banking — new ways of protecting those services will be required. Often, it’s up to academic researchers to think ahead and examine various threats and opportunities to insulate against those threats.

Another key trend coming out of academic circles is that cybersecurity students are becoming increasingly multidisciplinary.

As cybersecurity hacks impact more parts of people’s everyday lives, so too do the academic programs that are designed to prepare the next generation of cybersecurity professionals. This emerging trend creates an enormous amount of opportunity for students who have a variety of interests and who are looking to create a non-traditional career path.

The best cybersecurity PhD programs for 2024

Georgia institute of technology, northeastern university, marymount university, school of technology and innovation, nova southeastern university, college of computing & engineering, purdue university, stevens institute of technology, worcester polytechnic institute, university of illinois at urbana-champaign, mississippi state university, new york institute of technology.

These rankings were compiled from data accessed in November 2023 from the Integrated Post-Secondary Education Data System (IPEDS) and College Navigator (both services National Center for Education Statistics). Tuition data was pulled from individual university websites and is current as of November 2023.

What is required to get a PhD in cybersecurity?

Good news first: Obtaining a PhD in a field related to cybersecurity will likely create tremendous employment opportunities and lead to interesting and dynamic career options.

Bad news: Getting a PhD requires a lot of investment of time and energy, and comes with a big opportunity cost (meaning you have to invest four to five years, or longer, or pursue other opportunities to obtain a doctoral degree. 

Here’s a quick breakdown of what is required to get a PhD in cybersecurity. Of course, specific degree requirements will vary by program. One growing trend in the field is that students can now obtain degrees in a variety of formats, including traditional on-campus programs, online degree programs , and hybrid graduate degree programs that combine both on-campus learning with online learning. 

Related resources

• Online PhD in cybersecurity – A guide to finding the right program
• Cybersecurity degree programs
• Podcast episodes and expert interviews

Preparing for a cybersecurity doctorate program

Cybersecurity is a relatively new formalized technology field, nonetheless, there are several ways that students or prospective PhD candidates can get involved or explore the field before and during a graduate school program. A few examples of ways to start networking and finding opportunities include: 

Join cybersecurity organizations with professional networks

Specialized professional organizations are a good place to find the latest in career advice and guidance. Often they publish newsletters or other kinds of information that provide insights into the emerging trends and issues facing cybersecurity professionals. A couple of examples include:

The Center for Internet Security  (CIS) is a non-profit dedicated to training cybersecurity professionals and fostering a sense of collaboration. The organization also publishes information and analysis of the latest cybersecurity threats and issues facing the professional community.

The SANS Institute runs several different kinds of courses for students (including certification programs) as well as ongoing professional cybersecurity education and training for people working in the field. The organization has several options including webinars, online training, and live in-person seminars. Additionally, SANS also publishes newsletters and maintains forums for cybersecurity professionals to interact and share information.

Leverage your social network

Places like LinkedIn and Twitter are good places to start to find news and information about what is happening in the field, who the main leaders and influencers are, and what kinds of jobs and opportunities are available.

Starting a professional network early is also a great opportunity. Often professionals and members of the industry are willing to provide guidance and help to students who are genuinely interested in the field and looking for career opportunities. 

Cybersecurity competitions 

Cybersecurity competitions are a great way to get hands-on experience working on real cybersecurity problems and issues. As a PhD student or prospective student, cybersecurity competitions that are sponsored by industry groups are a great way to meet other cybersecurity professionals while getting working on projects that will help flesh out a resume or become talking points in later job interviews.

The US Cyber Challenge , for example, is a series of competitions and hackathon-style events hosted by the Department of Homeland Security Science and Technology Directorate and the Center for Internet Security to prepare the next generation of cybersecurity professionals.

Internships

Internships also continue to be a tried and true way to gain professional experience. Internships in technical fields like cybersecurity can also pay well. Like the industry itself, cybersecurity internships are available across a wide range of industries and can range from academic research-oriented to more corporate kinds of work. 

Things to consider when choosing a cybersecurity PhD program

There are many considerations to evaluate when considering any kind of graduate degree, but proper planning is essential to be able to obtain a doctoral degree. It’s also important to note that these are just guidelines and that each graduate program will have specific requirements, so be sure to double-check.

What you will need before applying to a cybersecurity PhD program:

• All undergraduate and graduate transcripts
• A statement of intent, which is like a cover letter outlining interest
• Letters of reference
• Application fee
• Online application
• A resume or CV outlining professional and academic accomplishments

What does a cybersecurity PhD program cost?

Obtaining a PhD is a massive investment, both in terms of time and money. Cybersecurity PhD students are weighing the cost of becoming an expert in the field with the payoff of having interesting and potentially lucrative career opportunities on the other side.

Degree requirements are usually satisfied in 60-75 hours, so the cost of a doctoral degree can be well into the six-figure range. Here’s a more specific breakdown:

Tuition rates

The Cybersecurity Guide research team looked at 26 programs that offer a cybersecurity-related PhD degree. Here’s a breakdown of tuition rates (all figures are based on out-of-state tuition).

$17,580 is the most affordable PhD program option and it is available at the Georgia Institute of Technology.

$86,833 is the average cost of a cybersecurity PhD and is based on tuition rates from all 26 schools.

$197,820 is the most expensive cybersecurity PhD program and is available at Indiana University Bloomington.

The good news is that by the time students get to the PhD level there are a lot of funding options — including some graduate programs that are completely funded by the university or academic departments themselves.

Additionally, funding in the form of research grants and other kinds of scholarships is available for students interested in pursuing cybersecurity studies. 

One example is the CyberCorps: Scholarships for Service program. Administered by the National Science Foundation, PhD students studying cybersecurity are eligible for a $34,000 a year scholarship, along with a professional stipend of $6,000 to attend conferences in exchange for agreeing to work for a government agency in the cybersecurity space after the PhD program. 

Frequently asked questions about cybersecurity PhD programs

Most traditional and online cybersecurity graduate programs require a minimum number of credits that need to be completed to obtain a degree. On average, it takes 71 credits to graduate with a PhD in cybersecurity — far longer (almost double) than traditional master’s degree programs. In addition to coursework, most PhD students also have research and teaching responsibilities that can be simultaneously demanding and great career preparation.

At the core of a cybersecurity doctoral program is a data science doctoral program, you’ll be expected to learn many skills and also how to apply them across domains and disciplines. Core curriculums will vary from program to program, but almost all will have a core foundation of statistics.  

All PhD candidates will have to take a series of exams that act as checkpoints during the lengthy PhD process. The actual exam process and timing can vary depending on the university and the program, but the basic idea is that cybersecurity PhD candidates generally have to sit for a qualifying exam, which comes earlier in the program (usually the winter or spring of the second year of study), a preliminary exam, which a candidate takes to show they are ready to start the dissertation or research portion of the PhD program, and a final exam where PhD students present and defend their research and complete their degree requirements. 

A cybersecurity PhD dissertation is the capstone of a doctoral program. The dissertation is the name of a formal paper that presents the findings of original research that the PhD candidate conducted during the program under the guidance of faculty advisors. Some example cybersecurity research topics that could potentially be turned into dissertation ideas include: * Policies and best practices around passwords * Ways to defend against the rise of bots * Policies around encryption and privacy * Corporate responsibility for employee security * Internet advertising targeting and privacy * The new frontier of social engineering attacks * Operation security (OpSec) strategy and policy * Network infrastructure and defense * Cybersecurity law and policy * The vulnerabilities of biometrics * The role of ethical hacking * Cybersecurity forensics and enforcement

A complete listing of cybersecurity PhD programs

The following is a list of cybersecurity PhD programs. The listing is intended to work as a high-level index that provides enough basic information to make quick side-by-side comparisons easy. 

You should find basic data about what each school requires (such as a GRE score or prior academic work) as well as the number of credits required, estimated costs, and a link to the program.

Arizona State University

• Aim: Equip students with in-depth expertise in cybersecurity.
• Study Modules: Delve into advanced computer science subjects and specific cybersecurity courses.
• Research Component: Students undertake groundbreaking research in the cybersecurity domain.

Carnegie Mellon University

• CNBC Collaboration: A joint effort between Carnegie Mellon and the University of Pittsburgh to train students in understanding the brain's role in cognition.
• Training Program: Students take four main neuroscience courses and participate in seminars and ethics training.
• Course Integration: Whether students have a B.S. or M.S. degree, they can combine the CNBC and ECE Ph.D. courses without extra workload.

Colorado School of Mines

• Research Focus: Cybersecurity: Studying online security and privacy.
• Cost and Financial Aid: Provides details on program costs and available financial support.
• Current Mines Community: Offers specific information for those already affiliated with Mines.

Indiana University Bloomington

• Focus Areas: Options include Animal Informatics, Bioinformatics, Computer Design, and more.
• Information Sessions: The university holds events to guide potential students about admissions and study options.
• Minor Requirement: All Ph.D. students must complete a minor, which can be from within the Luddy School of Informatics or from another approved school at IU Bloomington.

Iowa State University

• Details: The program is open to both domestic and international students.
• Time to Complete: Ph.D.: About 5.2 years
• Goals: Students should gain deep knowledge, follow ethics, share their findings, and do advanced research if they're writing a thesis.
• Learning Goals: Master core areas of Computer Science, achieve in-depth knowledge in a chosen subfield, obtain expertise to perform original research, and demonstrate the ability to communicate technical concepts and research results.
• Duration: Median time to earn the doctorate is 5.8 years.
• Application Information: The program is open to both domestic and international students.
• Program's Aim: The Ph.D. program is tailored to produce scholars proficient in leading research initiatives, undertaking rigorous industrial research, or imparting high-level computer science education.
• Entry Routes: The program welcomes both students holding a B.S. degree for direct admission and those with an M.S. degree.
• Dissertation's Role: It stands as the pivotal component of the Ph.D. journey. Collaboration between the student, their dissertation director, and the guiding committee is essential.

Naval Postgraduate School

• Program Essence: The Computer Science Ph.D. is a top-tier academic program in the U.S.
• Admission Criteria: Open to military officers from the U.S. and abroad, U.S. governmental employees, and staff of foreign governments.
• Curriculum: Designed to deepen knowledge in computing, with a focus on the needs of the U.S. Department of Defense.
• Emphasis on Research: The college showcases its strength in research through sections dedicated to Research Areas, affiliated Institutes & Centers, ongoing Research Projects, and specialized Labs & Groups.
• Holistic Student Growth: The college promotes a comprehensive student experience, spotlighting Clubs & Organizations, campus Facilities, and tech Systems.
• Guidance for Future Students: Provides tailored insights for students considering joining at various academic levels, from Undergraduate to PhD.
• Broad Learning: The program covers many areas, from software and policy to psychology and ethics, reflecting the wide scope of cybersecurity.
• Course Design: Students learn foundational security topics first and then dive into specialized areas, like cyber forensics.
• Successful Alumni: Past students now work in places like NASA, Amazon, and Google.
• Feature: Students can apply to up to three different campuses and/or majors using a single application and fee payment.
• Preparing for a Globalized World: Courses such as Global Supply Chain Management equip students for international careers.
• Tech-Forward Curriculum: Purdue's commitment to advanced technology is evident.

Rochester Institute of Technology

• Cyberinfrastructure Focus: The program dives deep into how hardware, data, and networks work together to create secure and efficient digital tools.
• Broad Applications: The program uses computing to solve problems in fields like science, arts, and business.
• Success Rate: All RIT graduates from this program have found relevant roles, especially in the Internet and Software sectors.

Sam Houston State University

• Program's Objective: The course aims to nurture students to be technically adept and also to take on leadership roles in the digital and cyber forensic domain across various industries.
• Assessments: Students undergo comprehensive tests to evaluate their understanding.
• Research Paper (Dissertation): Once students reach the doctoral candidacy phase, they must produce and defend a significant research paper or dissertation.
• Funding: All Ph.D. students get financial help, so they can start their research right away.
• Teachers: The program has top experts, including those who've made big discoveries in computer science.
• Research Areas: Students can study the latest topics like AI, computer vision, and online security.

The University of Tennessee

• Study Areas: Options include Cybersecurity, Data Analytics, Computer Vision, and more.
• Tests: You'll have to pass a few exams, including one when you start, one before your final project, and then present your final project.
• Courses: Some specific courses are needed, and your main professor will help decide which ones.
• Big Exam: Before moving forward, you'll take a detailed exam about your research topic.
• Final Step: You'll present and defend your research project to experts.
• Overview: This program is for those with a degree in Computer Science or similar fields. It has special focus areas like Cybersecurity and Machine Learning.

University of Arizona

• Study Plan: Students start with learning research basics and then dive into modern tech topics.
• Support for Students: All PhD students get funding that covers their studies, a stipend, and health insurance. Money for travel to conferences is also available.
• After Graduation: Alumni work at top universities and big companies like Google and Microsoft.

University of California-Davis

• About the Program: Students engage in deep research, ending with a dissertation.
• Jobs After Graduation: Roles in companies or academic positions.
• Vibrant Community: Beyond academics, students join a supportive community, enriching their Ph.D. experience.

University of Colorado - Colorado Springs

• Recognition: UCCS is recognized by the National Security Agency (NSA) and the Department of Homeland Security for excellence in Information Assurance Education.
• Course Approval: The NSA has approved UCCS's courses as meeting national security training standards.
• Overview: This program focuses on vital areas like cyber security, physical security, and homeland security.

University of Idaho

• Partnership with NSA and DHS: The university is part of a program to boost cyber defense education.
• Recognition: The University of Idaho is among the institutions recognized as Centers of Academic Excellence in Cyber Defense.
• Objective: To minimize vulnerabilities in the national information infrastructure.
• Overview: This program is meticulously crafted to deliver premier legal education to its students.
• Courses: Encompasses a balanced mix of traditional legal doctrines, theoretical viewpoints, and hands-on practical experiences.
• Aim: The primary objective is to equip students with top-notch legal education.

University of Missouri-Columbia

• Seminars: PhD students should attend 20 seminars. If they were previously Master's students, their past attendance counts.
• Timeline Requirements: Comprehensive Exam must be completed within five years of starting the program.
• Dissertation and Publication: At least one journal paper must be submitted, accepted, or published.

University of North Carolina at Charlotte

• Faculty: The faculty members are renowned for their impactful research contributions on a global scale.
• Curriculum: The curriculum is versatile, catering to individuals aiming for academia as well as those targeting roles in the corporate, commerce, or public sectors.
• Program: A blend of theoretical and hands-on research is emphasized, offering a well-rounded educational experience.

Virginia Tech

• Seminars and Ethics: Students attend special seminars and complete training on scholarly ethics and diversity.
• Guidance: Each student gets a faculty advisor. A group of faculty members, called a committee, also guides them.
• Major Exams: Students go through four main stages: a qualifying process, a preliminary proposal, a research presentation, and a final defense.
• Strong Research: WPI's PhD program is recognized for its excellent research contributions.
• Practical Focus: The program teaches students to tackle real tech challenges.
• Modern Labs: Students use the latest labs like the Human-Robot Interaction Lab.

Dakota State University

• Program Goal: Train students to handle and prevent cyber threats.
• Awards: The university has received top cybersecurity awards.
• What You'll Learn: Research skills, cyber defense techniques, and ethical decision-making.

New Jersey City University, College of Professional Studies

• About: Focuses on best practices in areas like national security, cyber defense, and crisis communication.
• Recognitions: The program has been honored by the National Security Agency since 2009 and was recognized for excellence in intelligence studies.
• Jobs: Graduates are prepared for top roles in sectors like government and education.
• Program Content: The course dives deep into modern cybersecurity topics, from new tech and artificial intelligence to specialized research areas.
• Location Benefits: The university is near many cybersecurity companies and government agencies, giving students unique opportunities.
• For Working People: It's crafted for professionals, allowing them to experience various cybersecurity roles, from tech firms to government.
• Completion Time: Students have up to ten years from starting to finish their dissertation.
• Program: Trains students for roles in academia, government, and business.
• Multidisciplinary Approach: The program combines both technical and managerial aspects of cybersecurity, offering a comprehensive understanding of the field.

The University of Rhode Island

• Research Focus: The Ph.D. program is centered around a big research project in Computer Science.
• Qualifying Exams: Students take exams on core topics, but some might get exemptions if they're already skilled in certain areas.
• Equal Opportunity: The University of Rhode Island is committed to the principles of affirmative action and is an equal opportunity employer.

University of North Texas

• Team Effort: The program is a collaboration between various UNT departments for a well-rounded view of cybersecurity.
• Goals: The course aims to develop critical thinkers who are passionate about the role of information in our lives and can work across different fields.
• Skills Gained: Students will learn about research, teaching methods, decision-making, leadership, and analyzing data.

New York University Tandon School of Engineering

• Scholarships: Many students get scholarships that pay for tuition and give a monthly allowance.
• Research Interest: Research areas include cybersecurity, computer games, web search, graphics, and more.
• Experience: Students can also research in NYU's campuses in Shanghai or Abu Dhabi.
• One Degree for All: Every student gets the same Ph.D., regardless of their specific area of study.
• Research Focus: The program emphasizes deep research and prepares students for advanced roles.
• Major Project: Students work on a big research project, adding new knowledge to the computing world.
• Program: Prepares students for leadership roles in different sectors.
• Opportunities: Qualified students might get opportunities as Research or Teaching Assistants.
• Overview: Focuses on advanced research and modern technologies.

Augusta University

• Goal: The program prepares students for research roles and to make new discoveries in tech.
• Benefits: A Ph.D. opens up leadership opportunities in tech sectors.
• Overview: It focuses on new discoveries in areas like security, artificial intelligence, and virtual reality.

University of Texas at San Antonio

• Financial Support: Full-time students can get funding, which covers tuition and offers roles like teaching assistants.
• Job Prospects: UTSA trains students for jobs that are in high demand, using data from official sources.
• Overview: The program focuses on in-depth research and teaching.

University of Central Florida

• Mix of Subjects: Students can take courses from different areas, giving them a broad view of security topics.
• Many Job Options: Graduates can work in government, big companies, or teach in universities.
• Hands-on Learning: The program offers research, study projects, and internships for real-world experience.

Explore your training options in 10 minutes Get Started

• Graduate Stories
• Partner Spotlights
• Bootcamp Prep
• Bootcamp Admissions
• University Bootcamps
• Coding Tools
• Software Engineering
• Web Development
• Data Science
• Tech Guides
• Tech Resources
• Career Advice
• Online Learning
• Internships
• Apprenticeships
• Tech Salaries
• Associate Degree
• Bachelor's Degree
• Master's Degree
• University Admissions
• Best Schools
• Certifications
• Bootcamp Financing
• Higher Ed Financing
• Scholarships
• Financial Aid
• Best Coding Bootcamps
• Best Online Bootcamps
• Best Web Design Bootcamps
• Best Data Science Bootcamps
• Best Technology Sales Bootcamps
• Best Data Analytics Bootcamps
• Best Cybersecurity Bootcamps
• Best Digital Marketing Bootcamps
• Los Angeles
• San Francisco
• Browse All Locations
• Digital Marketing
• Machine Learning
• See All Subjects
• Bootcamps 101
• Full-Stack Development
• Career Changes
• View all Career Discussions
• Mobile App Development
• Cybersecurity
• Product Management
• UX/UI Design
• What is a Coding Bootcamp?
• Are Coding Bootcamps Worth It?
• How to Choose a Coding Bootcamp
• Best Online Coding Bootcamps and Courses
• Best Free Bootcamps and Coding Training
• Coding Bootcamp vs. Community College
• Coding Bootcamp vs. Self-Learning
• Bootcamps vs. Certifications: Compared
• What Is a Coding Bootcamp Job Guarantee?
• How to Pay for Coding Bootcamp
• Ultimate Guide to Coding Bootcamp Loans
• Best Coding Bootcamp Scholarships and Grants
• Education Stipends for Coding Bootcamps
• Get Your Coding Bootcamp Sponsored by Your Employer
• GI Bill and Coding Bootcamps
• Tech Intevriews
• Our Enterprise Solution
• Connect With Us
• Publication
• Reskill America
• Partner With Us

• Resource Center
• Bachelor’s Degree
• Master’s Degree

Best Doctorates in Cyber Security: Top PhD Programs, Career Paths, and Salaries

With the growing rate of cyber attacks, the demand for cyber security professionals and their services has increased. The Bureau of Labor Statistics (BLS) projects that there will be a 33 percent growth rate for information security analysts within the decade. Earning one of the best PhDs in Cyber Security is the best way to prepare yourself for senior-level cyber security jobs.

A cyber security PhD is a prestigious degree that teaches students the advanced topics and skills needed to become cyber security engineers . If you would like to prepare for advanced research positions in the tech field, this guide informs you about the best cyber security PhD programs and jobs.

Find your bootcamp match

What is a phd in cyber security.

A PhD in Cyber Security is a degree program focused on the fundamentals of hardware and software security required for top cyber security jobs. Common courses include computer hardware and system security, software vulnerabilities and security, compliance management, and assurance controls. This degree usually takes four to five years to complete and requires 48 to 75 credits.

How to Get Into a Cyber Security PhD Program: Admission Requirements

The requirements to get into a cyber security PhD degree include a Bachelor’s Degree or Master’s Degree in Cyber Security, Computer Science, or a related field. Other admission requirements may include a minimum GPA of 3.0, letters of recommendation, a resume or CV, transcripts from your graduate coursework, writing samples, and satisfactory GRE scores.

Note that some schools have course prerequisites for their cyber security programs that must be met to qualify for admission. A good example of additional admission requirements is proficiency in a specific programming language.

PhD in Cyber Security Admission Requirements

• Bachelor’s degree in a related field
• Master’s degree in a related field
• Average GPA of 3.00
• Letters of recommendation
• Application fee
• Proof of English proficiency
• Resume or CV
• Transcripts
• Writing samples

Cyber Security PhD Acceptance Rates: How Hard Is It to Get Into a PhD Program in Cyber Security?

It can be difficult to get into a PhD program for cyber security as it is the highest level degree a student can achieve. A study by Duke Graduate School shows that the acceptance rate for their most recent computer science PhD cohort was 15.74 percent.

How to Get Into the Best Universities

[query_class_embed] how-to-get-into-*school

Best PhDs in Cyber Security: In Brief

Best Universities for Cyber Security PhDs: Where to Get a PhD in Cyber Security

The best universities for cyber security PhDs offer flexible programs and teach all the in-demand skills for successful careers in the industry. If you’re wondering where to get a PhD in Cyber Security, consult the list below for details about course content, tuition, and admission requirements.

Founded in 1885, Arizona State University is a public research university in the metropolitan area of Tempe. Its PhD programs offer first-class labs and venues, along with direct access to top researchers. The school ensures that graduate students are supported during their thesis and dissertation process.

PhD in Computer Science (Cybersecurity)

This program provides students with advanced skills and knowledge in cyber security. The course is certified by the Information Assurance Courseware Evaluation Program. The program requires 84 credit hours and you must have a grade of B or better in your core courses in order to graduate.

PhD in Computer Science (Cybersecurity) Overview

• Program Length: 4-6 years
• Acceptance Rate: N/A
• Tuition: $11,720/year (in state); $23,544/year (out of state)
• PhD Funding Opportunities: Teaching assistantship, research assistantship, graduate services assistantship fellowships, financial aid

PhD in Computer Science (Cybersecurity) Admission Requirements

• Bachelor's Degree in Computer Science, Computer Engineering, or any closely related area
• CGPA of 3.5 in the last 60 hours of first bachelor’s degree and master’s degree programs
• Official transcripts from previous universities attended
• 3 letters of recommendation
• Statement of purpose 

Auburn University is a renowned public research university founded in 1856. The school is the second-largest university in the state of Alabama. Its graduate PhD programs include aerospace engineering, biomedical sciences, civil engineering, chemistry, computer science, and software engineering. The school is ranked 84th among the national graduate education programs. 

PhD in Computer Science and Software Engineering

This program is recognized for its unique offerings of research and development skills to doctoral students in computer science and software engineering disciplines. The dissertation covers the major portion of the degree’s requirements. You’ll need to take at least 66 credit hours of graduate work and take a minimum of 18 credit hours of research and dissertation.

PhD in Computer Science and Software Engineering Overview

• Program Length: 4 years beyond bachelor’s, 3 years beyond master’s
• Acceptance Rate: 24%
• Tuition and Fees: $5,913/semester (in state); $15,993/semester (out of state)
• PhD Funding Opportunities: Military tuition assistance, school financial assistance, assistantships, engineering research fellowships, graduate tuition fellowships, Merriwether fellowships

PhD in Computer Science and Software Engineering Admission Requirements

• Bachelor’s Degree or Master's Degree in Computer Science, Cyber Security Engineering, Software Engineering, or equivalent from any institution of recognized standing
• Minimum GPA of 3.0
• GRE exam combined score of at least 300
• IELTS score of at least 6.5 and TOEFL iBT score of at least 79 (for international students)

Founded in 1891, Drexel University is a private university located in Philadelphia. Its graduate programs are highly recognized by the US News & World Report and ranked as the 103rd best school in the United States . The PhD programs offered include computing and informatics and biomedical engineering.

PhD in Cybersecurity

The cyber security program is offered by the Cybersecurity Institute. Students in this program are either admitted into the Electronic and Computer Engineering Department or the College of Computing and Informatics. You will take core courses that are designed to build your theoretical foundation in computer networking, policy, ethics, and privacy.

PhD in Cybersecurity Overview 

• Program Length: 4 years
• Tuition and Fees: $1,342/credit hour
• PhD Funding Opportunities: Assistantships , incentive programs , student loans, tuition remission, merit-based scholarships

PhD in Cybersecurity Admission Requirements 

• Completed application
• Bachelor’s or master’s degree from an accredited school
• 2 professional letters of recommendation
• GRE test scores 
• Personal essay or statement 
• Official transcripts from all previous schools
• Minimum of 3.25 CGPA
• Writing sample
• In-person or telephone interview

Established in 1855, Michigan State University is one of the top research universities in the country. The school is recognized for its world-class standards and its innovative graduate programs. It has prestige for its publications, research grant funding, editorial positions, and community leadership. 

PhD in Information Technology Management

This program will prepare you for a successful career as an information systems researcher and professor at a renowned institution. It will require a dissertation, defense presentation, informal meeting, and research workshop with outside speakers. You will be given professors’ guidance throughout your dissertation and also be allowed to apply for funding to execute it.

PhD in Information Technology Management Overview

• Program Length: 5 years
• Tuition and Fees: $817.25/credit hour (in state); $1,605.75/credit hour (out of state)
• PhD Funding Opportunities : Teaching assistantships, research assistantship, fellowships, traineeships, student grant, loans, scholarships

PhD in Information Technology Management Admission Requirements

• At least a bachelor’s degree program from a recognized institution
• GMAT score of 600 or equivalent GRE score
• Personal qualifications of demonstrated interest in scholarly research, sound character, and others
• Statement of purpose
• Official transcripts from previous schools
• Minimum 3.0 GPA
• In-person or Skype\Zoom interview
• TOEFL minimum score of 600 (for international students)

Northeastern University was founded in 1898. It is recognized for its professional education and signature cooperative co-education programs. The university is ranked 49th in the nation for its excellent educational performance by US News. Northeastern University is highly recognized for its 33 graduate programs.

This PhD program in cyber security is a research-based, interdisciplinary degree that combines its technical foundation with a security policy perspective. It will prepare you to advance in management and understand the state of the art security in the Internet industry, systems, academia, government, and networks.

PhD in Cybersecurity Overview

• Program Length: 4-5 years
• Acceptance Rate: 18.38%
• Tuition: $1,532/credit hour
• PhD Funding Opportunities: Graduate assistantship, scholarship, tuition waiver, stipend, tuition remission

PhD in Cybersecurity Admission Requirements

• GRE score (but not required for Fall 2022)
• Minimum 3.0 CGPA
• TOEFL minimum score of 100, IELTS of 7.5, SAT: 1049, Duolingo: 125 (for international students)

Founded in 1964, Nova Southeastern University is a private institution nationally recognized for its highly competitive and rigorous professional programs in a variety of fields. Its programs give students a hands-on approach to educational leadership to enable them to gain a competitive edge in their respective fields of study.

PhD in Cybersecurity Management

This graduate program prepares students to work in academic, governmental positions, and business industries. Students with a bachelor’s degree must complete 66 credits, while students with a master’s degree must only complete 51. Core courses include information security governance, research methods, ethics in computing, and data mining.

PhD in Cybersecurity Management Overview

• Program Length: Maximum of 5 years
• Tuition and Fees: $1,346/credit hour 
• PhD Funding Opportunities: Fellowships, grants, scholarships

PhD in Cybersecurity Management Admission Requirements

• Online application
• 50$ application fee
• Bachelor’s or master’s degree from an accredited institution
• Minimum GPA of 3.25 

Known for its in-person and online education programs for graduate and undergraduate students, Portland State University is a public research school founded in 1946. The school offers over 200 degree programs and is recognized as the most diverse and affordable school in the state of Oregon.

PhD in Computer Science with a Specialization in Networks and Security

Portland’s computer science PhD program has a networks and security specialization that enhances the skills and training of students in advanced computer science study. The program combines theory with core coursework in programming, to provide a deep understanding of both current and fundamental issues in the field. 

The program requires a total of 90 credits, which consists of core courses, elective courses, and a dissertation, which you will execute with guidance from an assigned research expert. Core courses include machine learning, programming languages, cryptography, and internetworking protocols.

PhD in Computer Science with a Specialization in Networks and Security Overview

• Acceptance Rate: 95.2%
• Tuition and Fees: $501.50/credit hour (in state); $728.50/credit hour (out of state)
• PhD Funding Opportunities: Graduate assistantships, scholarships, fellowships, awards, grants, federal student aid

PhD in Computer Science with a Specialization in Networks and Security Admission Requirements

• Copies of transcripts
• Personal essay or statement of purpose
• Standardized test scores
• Letters of recommendation 
• Bachelor’s degree in a related program
• Minimum GPA of 2.75

University of Colorado Colorado Springs has a student population of 26,284. The 15-to-one student-to-faculty ratio ensures that students have a personalized and quality education. PhD students have access to a wide variety of campus resources. 

PhD in Security

This program stands out amongst the rest because it has a strong self-learning component. Independent studies help students establish their independence skills. Students must complete 60 credit hours in courses such as computer architecture, software security, computer communications, and system administration and security in order to graduate.

PhD in Security Overview

• Program Length: Maximum of 7 years
• Tuition and Fees: $1,012.94/credit hour (in state); $1,674.94/credit hour (out of state)
• PhD Funding Opportunities: Graduate student grants, graduate student scholarships, graduate research fellowships, teaching and research assistantships, student employment

PhD in Security Admission Requirements

• Bachelor’s or master’s degree in a related field
• Minimum GPA of 3.3
• Applicants who haven’t graduated from a recognized institution must take the GRE
• Personal statement

Founded in 1892, the University of Rhode Island is a public institution that is known for its innovative and mentor-based graduate programs. Some of its research programs are ranked as the best in the Northeast due to their scientific excellence.

"Career Karma entered my life when I needed it most and quickly helped me match with a bootcamp. Two months after graduating, I found my dream job that aligned with my values and goals in life!"

Venus, Software Engineer at Rockbot

PhD in Computer Science with a Specialization in Cyber Security

This research degree is designed to equip students with relevant experience and knowledge for the professional education field. The graduate program consists of three core areas, namely mathematical foundations, programming languages, and architecture and systems. Core courses include computer algebra, theory of compilers, and advanced computer organization.

PhD in Computer Science with a Specialization in Cyber Security Overview

• Tuition and Fees: $16,858/9-15 credits (in state); $30,652/9-15 credits (out-of-state)
• PhD Funding Opportunities: teaching assistantships, research assistantships, enhancement of graduate research awards, tuition scholarship, dean’s fellowship

PhD in Computer Science with a Specialization in Cyber Security Admission Requirements

• Bachelor’s degree from an accredited institution in a related field
• All transcripts

University of Tennessee is a public institution founded in 1794. It is well recognized for its high-quality academic and extracurricular activities. Alongside its doctoral programs, the university has nationally competitive fellowships that help support graduate students during and after their program.

PhD in Computer Science with a Concentration in Cyber Security

This PhD program has a concentration in cyber security. You will be required to pass a comprehensive examination with excellence as well as an oral part in which you’ll defend your dissertation. The exam will be written six months after your defense. Master’s degree holders will need to complete 48 credits while bachelor’s degree graduates must complete 72.

PhD in Computer Science with a Concentration in Cyber Security Overview

• Tuition and Fees: $639/credit hour (in state); $1,650/credit hour (out of state)
• PhD Funding Opportunities: Graduate fellowships, graduate assistantships, student loans

PhD in Computer Science with a Concentration in Cyber Security Admission Requirements

• Bachelor’s or master’s degree in related field
• Completed online admission
• Unofficial transcripts
• IELTS or TOEFL English certification (for international students)
• GRE or GMAT score
• Proof of citizenship

Can You Get a PhD in Cyber Security Online?

Yes, you can get a PhD in Cyber Security online. If you prefer the flexibility that comes with online programs rather than the traditional on-campus lectures, then you should opt for one of the best online PhDs in Cyber Security. Asynchronous courses allow you to view and take your lectures when it’s convenient for you. However, there will be deadlines for assignment submission and for taking exams.

Some online PhD programs in cyber security are more affordable than on-campus programs, while others offer hybrid programs which feature both online and in-person academic activities. Below are some of the best online PhD programs in the cyber security field.

Best Online PhD Programs in Cyber Security

How Long Does It Take to Get a PhD in Cyber Security?

It takes three to seven years to get a PhD in Cyber Security. The number of credits, intense research requirements, and dissertation can be very lengthy endeavors. You will spend time demonstrating your ability to practically apply your knowledge in cyber security, conducting research, and contributing theories in your field. The exact length varies based on the specific program and individual.

Is a PhD in Cyber Security Hard?

Yes, a PhD in Cyber Security can be hard. If you are willing to put in the required effort and time, your degree will be easier. Although cyber security doesn’t necessarily involve math, which makes it easier to navigate than most other tech fields, it does involve programming languages.

The program can be challenging and rigorous as it is tailored to prepare you for research-based jobs such as corporate researchers, policy advisors, and college professors. It is the final educational component of the field and will require you to complete multiple hands-on projects.

How Much Does It Cost to Get a PhD in Cyber Security?

It costs $19,314 per year to get a PhD in Cyber Security, according to the National Center for Education Statistics (NCES). The cost of PhD in Cyber Security programs varies by school, but students can apply for fellowships, scholarships, and assistantships to reduce costs. This PhD will cost you an average of $12,171 per year at a public institution and $25,929 per year at a private institution.

Some of the factors that determine the cost of a PhD in Cyber Security include the type of university you attend, whether you pay out-of-state tuition or in-state tuition, and the format of your program.

How to Pay for a PhD in Cyber Security: PhD Funding Options

The PhD funding options that students can use to pay for a PhD in Cyber Security include scholarships, loans, grants, research fellowships, and graduate assistantships. While most schools offer partially-funded programs, some schools offer fully-funded doctoral programs in the cyber security field. This way, you can earn your degree without paying any tuition.

Best Online Master’s Degrees

[query_class_embed] online-*subject-masters-degrees

What Is the Difference Between a Cyber Security Master’s Degree and PhD?

The differences between a cyber security master’s degree and a PhD are the entry requirements, the duration of the program, the courses taught, graduation requirements, and the number of credits required. Master’s degrees require a bachelor’s degree for acceptance, while PhD programs often require both a bachelor’s and a master’s.

A master’s degree program takes one to two years, requires 30 to 36 credits, and requires you to complete a capstone or thesis to be awarded your degree. A PhD in Cyber Security takes four to five years, requires 48 to 84 credit units, and requires students to complete a doctoral research dissertation to be awarded a degree.

Master’s vs PhD in Cyber Security Job Outlook

According to the Bureau of Labor and Statistics (BLS), the job outlook for cyber security master’s degree positions such as computer and information research scientist is projected to grow by 22 percent, which is much faster than average. Meanwhile, the job outlook for PhD positions such as computer science professors is projected to grow by 12 percent.

Difference in Salary for Cyber Security Master’s vs PhD

As reported by PayScale, you can earn an average salary of $172,000 with a PhD in Cyber Security in top roles in the field such as director of operations, education program director, head of business continuity planning, chief information security officer, and cyber security architect.

PayScale also states that Master’s Degree in Cyber Security holders can earn an average of $94,000 per year. Some cyber security master’s degree positions include senior engineer, risk manager, and enterprise architecture.

Related Cyber Security Degrees

[query_class_embed] https://careerkarma.com/blog/cyber-security-bachelors-degrees/ https://careerkarma.com/blog/best-online-cyber-security-bachelors-degrees/ https://careerkarma.com/blog/cyber-security-masters-degrees/

Why You Should Get a PhD in Cyber Security

You should get a PhD in Cyber Security because you will develop the relevant technical skills and experience required to qualify for professional opportunities in this fast-growing industry. The outlook for jobs in this field grows is high and most of the relevant positions have very high salaries. PhDs in Cyber Security also allow you to do extensive research and make a difference in the field.

Reasons for Getting a PhD in Cyber Security

• Job security. With the increase in cyber threats and attacks, the demand for professionals in the field of cyber security has far outpaced the supply. A position in this field gives you job security. Professionals in this field receive competing offers from multiple companies.
• High salary potential. Cyber security professionals are among the most highly-paid employees in the technology sector due to the severe shortage of skilled workers. According to PayScale, the average salary of a cyber security engineer is $97,766 .
• Fast-growing career options. According to the Bureau of Labor Statistics, the job market for professionals in this field is growing at a rate of 33 percent, which is faster than the average growth of other lines of work. It has vast opportunities with job openings in almost every sector.
• Research opportunities. A PhD in Cyber Security gives you an opportunity to focus on a particular research topic or question that is faculty-mentored. This allows you to chase your interests, challenge yourself, and hone your technical, research, and problem-solving skills.

Getting a PhD in Cyber Security: Cyber Security PhD Coursework

Getting a PhD in Cyber Security will require you to complete courses that will help you hone the necessary skills required for the job market ahead of you. The on-campus curriculum differs slightly from that of an online cyber security PhD. The PhD coursework consists of classes in information privacy, information security risk management, and information protection.

Information Privacy

This course typically covers common privacy issues and how they relate to information systems. Technological and theoretical-based systems may also be topics of discussion. Methods to maintain the necessary level of privacy for the purpose of the safety of systems will also be discussed.

Research Seminar in Cyber Security Management

This course covers the basic research topics that are associated with cyber security. Relevant literature will also be reviewed and discussed by students in the course of study. It may also cover technical and human-centric topics.

Information Protection

Students will be introduced to and discuss various threats and protections to host-based systems. The course also covers the various methods of malicious activity, with the discussion of networks and mobile systems.

Secure Systems Analysis and Design

Topics related to the analysis and assessment of security systems are covered in this course. The scope of the course will also cover vulnerabilities and potential threats. Research opportunities and possible future threats may also be looked at.

Information Security Risk Management

This course will cover theories of risk management in the IT field. Most times, the course is research-related and may cover topics such as theories, best practices, and frameworks in risk management. Students will learn about current issues and how to practically access what future directions may follow in the cyber security environment.

Best Master’s Degrees

[query_class_embed] *subject-masters-degrees

How to Get a PhD in Cyber Security: Doctoral Program Requirements

If you’re wondering how to get a PhD in Cyber Security, find out more about graduation requirements below. The doctoral program requirements for cyber security include credit hour completion, satisfactory comprehensive examination performance, dissertation submission, and successful dissertation defense. Some schools may demand residency, publication in a journal, or paper submission.

Before you are awarded a PhD in Cyber Security, you will be required to complete a certain number of credit hours. This depends on the school and program. The average is 66 credit hours. At some schools, you need to complete up to six research credit hours, 18 credit hours of core courses, and 12 credit hours of electives in interdisciplinary courses.

A core requirement for the graduation of all PhD in Cyber Security programs is a dissertation submission showing a high achievement in independent investigation and scholarship. Students will be assigned at least one research supervisor. After submission, a dissertation committee approves your dissertation proposal and scores you after your dissertation defense.

You will need to pass all comprehensive examinations to qualify for a PhD in Cyber Security. The exams are usually held after the second-year paper and during the Fall of your third year. The exams have both a written section and an oral component.

Some schools require that all cyber security PhD students satisfy the teaching requirement before they are awarded the degree. Students need to work as a teaching assistant (TA) or as an instructor of record (IoR) during a semester. The total duration of your teaching should be a minimum of three hours of classes and come at least one semester before the scheduling of your PhD defense.

You will be required to submit a PhD thesis on cyber security before your graduation. The purpose of this research work is to showcase your knowledge and expertise in the field. The topic of your research should be centered on a certain problem and how to tackle it. It is a critically written scholarly research paper relevant to your field. 

Potential Careers With a Cyber Security Degree

[query_class_embed] how-to-become-a-*profession

PhD in Cyber Security Salary and Job Outlook

The Bureau of Labor Statistics projects that the job outlook for computer and information research scientists will grow 22 percent from 2020 to 2030, which is faster than the average for all occupations. Due to the growing threat of hacking and the risk of data breaches, there is a growing demand for cyber security engineers to secure networks.

What Can You Do With a PhD in Cyber Security?

With a PhD in Cyber Security, you can land senior-level and high-paying jobs in the field. Due to the surge in cyber attacks, you can also land openings in healthcare, government, software and networking, and financial services.

A PhD qualifies you for jobs such as chief information security officer, cyber security architect, lead software security engineer, penetration tester, information security analyst, information security manager, information security director, and security researcher.

Best Jobs with a PhD in Cyber Security

• Chief Information Security Officer
• Cyber Security Architect
• Lead Software Security Engineer
• Penetration Tester
• Information Security Analyst

What Is the Average Salary for a PhD in Cyber Security?

The average salary for a PhD in Cyber Security graduate is $91,000, according to PayScale. Professionals with this degree can earn between $51,000 and $154,000 per year. These numbers will vary depending on your level of expertise, position, location, and the company for which you work.

Highest-Paying Cyber Security Jobs for PhD Grads

Best Cyber Security Jobs with a Doctorate

The best cyber security jobs with a doctoral degree include chief information security officer, cyber security architect, lead software security engineer, penetration tester, and information security analyst. They are jobs that require three to five years of experience. These roles are senior-level roles in the cyber security field.

Chief information security officers (CISO) are responsible for maintaining a company’s security systems. This is a senior-level executive in an organization. They overview the strategies and programs needed to protect the enterprise’s security system.

• Salary with a Cyber Security PhD: $168,687
• Job Outlook: 33% job growth from 2020 to 2030
• Number of Jobs: 141,200
• Highest-Paying States: California, New York, Maryland, Iowa, District of Colombia

Cyber security architects build, design, and maintain computer and network security systems in an organization. They also conduct testing to ensure that these systems keep working effectively.

• Salary with a Cyber Security PhD: $129,870

Similar to other professions, information security analysts make sure cyber attackers cannot access an organization’s sensitive data. They prevent attacks and hackers and analyze security reports to fix any bugs. You need problem-solving and research skills to become an information security analyst .

• Salary with a Cyber Security PhD: $102,600

This head position is in charge of creating and maintaining security requirements, policies, and procedures. They work alongside and manage other experts in the field to prepare and perfect engineering designs for software solutions.

• Salary with a Cyber Security PhD: $97,766
• Job Outlook: 22% job growth from 2020 to 2030
• Number of Jobs: 1,847,900
• Highest-Paying States: California, Washington, Maryland, New York, Rhode Island

Penetration testers test various computer and network systems to find any bugs or issues that may make them susceptible to attacks. They are known as ethical hackers because they hack into systems, but with the intent to help instead of harm.

• Salary with a Cyber Security PhD: $88,376

Is a PhD in Cyber Security Worth It?

Yes, a PhD in Cyber Security is worth it. If you have a passion for the security of computer systems and are willing to put in the required time and dedication, you will find it challenging but exciting. Although you may run into a few hiccups, advisor support, dedication, and hard work will get you through.

There are a wide variety of exciting opportunities for cyber security professionals. Companies are looking for cyber security engineers to secure their networks. A PhD in Cyber Security will help you develop a combination of soft skills and technical skills that will enable you to land a job in cyber security across different fields.

Additional Reading About Cyber Security

[query_class_embed] https://careerkarma.com/blog/introduction-to-cyber-security/ https://careerkarma.com/blog/cyber-security-best-practices/ https://careerkarma.com/blog/how-to-get-a-job-in-cyber-security/

PhD in Cyber Security FAQ

Yes, a cyber security PhD will require prior knowledge in coding. As a bachelor’s or master’s degree is required for a PhD in Cyber Security, it is likely you will have already learned those skills in your previous degrees.

Yes, cyber security is in high demand. Not only will this degree prepare you for the highest-paying jobs in the field, but these skills are also transferable to a multitude of career paths. Graduates are sure to find a stable job after school.

If you’re interested in protecting your data, defending computer systems, and staying up to date on the latest in cyber protection, then you should get a PhD in Cyber Security. Learning cyber security opens up several career opportunities, many of which are in high demand and very lucrative.

Cyber security can sometimes be more difficult than programming because it includes many different elements, including programming itself. Students must understand how to code, infiltrate code, and prevent infiltration. This is one of the most difficult aspects of cyber security.

About us: Career Karma is a platform designed to help job seekers find, research, and connect with job training programs to advance their careers. Learn about the CK publication .

What's Next?

Get matched with top bootcamps

Ask a question to our community, take our careers quiz.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

• Doing a PhD in Cyber Security

What Does a PhD in Cyber Security Focus On?

A PhD in Cyber Security equips students with expert knowledge in computing, cybercrime and digital technology policy. A PhD involves original research into a specific field of cybersecurity and can allow cyber security graduate students to work with emerging technologies and tools to tackle issues society faces as technology rapidly advances.

According to the UK National Cyber Security Strategy 2016-2021 , there will be an estimated shortage of 350,000 cybersecurity professionals by 2022. There is therefore a high demand for cyber security graduates and doctorates. A PhD in Cyber Security could lead to a career in an emerging industry.

A list of Cybersecurity topics at doctorate level is provided below:

• Cryptography
• Artificial Intelligence and Robotics
• Systems Security and Testing
• Cryptocurrency and Blockchains
• Privacy, Confidentiality and Ethics
• Software Security
• Digital Forensics
• Security Risk Management
• Network Security
• Digital Technology Policy
• Quantum Computing

Minimum Entry Requirements for A PhD in Cyber Security

UK Doctoral Cyber Security programmes usually require graduate students to possess, or expect to achieve, as a minimum a 2:1 upper second class bachelor’s degree in computer science, or related subject such as Mathematics. It should be noted that due to the interdisciplinary challenges in cyber security, related subjects can vary depending on the focus of research and may include areas such as Electrical Engineering , Civil Engineering, Social Sciences, Psychology and Law. A lower second class (2:2) bachelor’s degree may be accepted if the graduate student has a master’s degree or graduate cyber security work experience. Applicants with international equivalent qualifications are also considered.

Another requirement for research projects is proof of English Language ability. Universities will expect international students to provide English Level Qualifications, for example IELTS, TOEFL (iBT) or Pearson PTE scores.

Browse PhDs in Cyber Security

Application of artificial intelligence to multiphysics problems in materials design, from text to tech: shaping the future of physics-based simulations with ai-driven generative models, study of the human-vehicle interactions by a high-end dynamic driving simulator, coventry university postgraduate research studentships, discovery of solid state electrolytes using deep learning, how long does it take to get a phd in cyber security.

In the UK, a full time cybersecurity research project lasts around 3 to 4 years. The first year is usually probationary and will be used to develop a thesis proposal that outlines your research degree. The remaining time will be used to carry out your research, produce and submit your thesis and undertake the Viva . Part-time cybersecurity projects may take 6 to 7 years to complete. A full-time cyber security MPhil usually lasts for 1 to 2 years.

In addition to developing your thesis proposal, the first year is also used to allow your supervisor to identify additional cybersecurity training that would assist in your research project. This may come in the form of online PhD cybersecurity training modules, online doctorate lectures, or placement opportunities to give you an insight into the cyber security industry and real world applications in your chosen field.

Costs and Funding

A UK doctoral student can expect to pay around £5,500 per year in tuition fees for a 2021/22 PhD programme in Cyber Security. Typical tuition fees for EU and overseas students are around £25,000 per academic year. Part-time tuition fees are normally proportioned according to the research programme length.

Most institutions have Centres for Doctoral Training in Cyber Security, which offer a number of Engineering and Physical Sciences Research Council (EPSRC) studentships to eligible applicants. These studentships and grants cover tuition fees, and can provide a maintenance stipend and research travel expenses.

You may also be eligible for a Postgraduate Doctoral Loan which helps with course fees and living costs associated with a cyber-security research project.

PhD in Cyber Security Salary and Career Paths

As companies become more reliant on technology, the risk of cyber-attacks and other compromises in security becomes more pressing. In fact, according to The Annual Crime Survey in 2017 , two thirds of UK businesses were hit by cyber-attacks. Because of this, and the recognised shortage of cybersecurity professionals and graduates/doctorates, companies, both public and private, are investing large amounts of money into developing their cyber security. These companies look to a PhD student with a cyber security degree as someone who can help develop this. A PhD in Cyber Security reflects the demand for security specialists.

Typical employers for cybersecurity doctorates include Intel, NASA, Microsoft, Google and Lloyds TSB, though the full list of employers is extensive due to the increasing reliance on technology in almost all industries, and the overlap with other disciplines such as computer science and information science. The doctoral degree also allows for international reach, as it is a highly applicable field of knowledge for any country. Many of the employers are based in the US, for example, NASA and Google. Common jobs for Cyber Security PhD students include:

• Cyber Security Analyst – Perhaps the most logical career path for cybersecurity doctorates is to become a cyber-security analyst. Doctorates in this role are responsible for detecting, managing and preventing cyber-attacks, and developing cyber defences to protect a company’s IT infrastructure. Senior cyber security analysts in the UK can earn around £50,000. Those with managerial duties or expert knowledge can earn over £80,000. As such, the PhD in cyber security salary tends to be higher than counterparts with similar levels of experience.
• Penetration Testing – In this role, cybersecurity PhD students carry out controlled cyber-attacks on a company’s IT infrastructure to find weak points in security. This will then be used to advise the company on how to manage cyber risk and prevent such attacks from real cyber criminals in the future. One of the advantages of penetration testing is that it lends itself to freelance work. With experience, freelance penetration testers can earn over £500 a day. Again, a cybersecurity doctoral degree is a valuable qualification to hold as it demonstrates your credibility and expertise.
• Teaching – Some doctoral students use their cybersecurity degree to stay in Higher Education. Here they can continue their study as a researcher working in a University School or Faculty alongside other researchers, or transition into a teaching role as a professor or lecturer. As a lecturer, you can tailor your study content and also supervise a doctorate in cybersecurity in your field of interest.

Browse PhDs Now

Join thousands of students.

Join thousands of other students and stay up to date with the latest PhD programmes, funding opportunities and advice.

Receive job alerts that match your preferences.

39 Cyber Security jobs

Find available jobs in Cyber Security. To have new jobs in Cyber Security sent to you the day they’re posted, create a job alert.

• Computer Science jobs (39)
• PhD positions in Cyber Security (14)
• Postdoc positions in Cyber Security (9)
• Assistant / Associate Professor positions in Cyber Security (9)
• Researcher positions in Cyber Security (4)
• Professor positions in Cyber Security (4)
• Lecturer / Senior Lecturer positions in Cyber Security (3)
• Research assistant positions in Cyber Security (3)
• Management / Leadership positions in Cyber Security (3)
• Tenure Track positions in Cyber Security (2)
• Engineer positions in Cyber Security (1)
• Cyber Security jobs in Netherlands (10)
• Cyber Security jobs in Luxembourg (5)
• Cyber Security jobs in Sweden (4)
• Cyber Security jobs in Germany (3)
• Cyber Security jobs in China (3)
• Cyber Security jobs in Norway (2)
• Cyber Security jobs in Austria (2)
• Cyber Security jobs in France (2)
• Cyber Security jobs in Morocco (2)
• Cyber Security jobs in Switzerland (1)

Search results (39)

Doctoral student in Computer Science with a specialisation in software quality

Sapere Aude—dare to be wise—is our motto. Our students and employees develop knowledge and expertise that enrich both people and the world around them. Our academic environment is characterised by ...

Technology Transfer Officer

About us...The Luxembourg Centre for Systems Biomedicine (LCSB) is an interdisciplinary research centre of the University of Luxembourg. We conduct fundamental and translational research in the fie...

Project Manager in Cybersecurity and Cyber Defence Research

About the SnT...SnT is a leading international research and innovation centre in secure, reliable and trustworthy ICT systems and services. We play an instrumental role in Luxembourg by fueling inn...

Lecturer Cyber Security (m/f/d)

Job DescriptionContribute to our academic world as a Lecturer in permanent employment, in part time (16h) at our location in Berlin with a portion of remote working, starting on the 1st of Septembe...

Assistant Professor In Verification of Cryptographic Implementations

Position Assistant ProfessorIrène Curie Fellowship NoDepartment(s) Mathematics and Computer ScienceFTE 1,0Date off 08/09/2024Reference number V32.7500Job descriptionWe have an opening for an Assistant Professor in Verification of Cryptographic imp...

PhD Students

The CISPA Helmholtz Center for Information Security is looking for PhD Students in areas related to:Cybersecurity, Privacy and CryptographyMachine Learning and Data ScienceEfficient Algorithms and Foundations of Theoretical Computer ScienceSoftwar...

Three 2-year Postdoctoral Fellowships at the Zukunftskolleg

(Fulltime, E 13 TV-L)Reference No: 2024/114. The preferred start date is April 1st, 2025. Conditionally on the submission of an external grant, the position can be extended for an additional year. In principle, the position can be divided into two...

SnT is a leading international research and innovation centre in secure, reliable and trustworthy ICT systems and services. We play an instrumental role in Luxembourg by fueling innovation through research partnerships with industry, boosting R&D ...

PhD Position F/M Private and Byzantine-Robust Federated Learning

Contract type : Fixed-term contractLevel of qualifications required : Graduate degree or equivalentFonction : PhD PositionAbout the research centre or Inria departmentThe Inria centre at Université Côte d'Azur includes 37 research teams and 8 supp...

Lecturer, Electronic and Computer Systems Engineering

Overview:RMIT University CommitmentRMIT is committed to the rights of students and staff to be safe, respected, valued, and treated as an equal in their place of study and work. All staff are expected to share this commitment and contribute to a s...

Become a Radcliffe Fellow

Radcliffe fellows are exceptional scientists, writers, scholars, public intellectuals, and artists whose work is making a difference in their professional fields and in the larger world.Based in Radcliffe Yard—a sanctuary in the heart of Harvard U...

University Assistant (Prae-Doc) 30 hours/week | limited to 4 years - Institute of Telecommunications

TU Wien is Austria's largest institution of research and higher education in the fields of technology and natural sciences. With over 26,000 students and more than 4000 scientists, research, teachi...

PhD on Cybercriminal Frontiers of Social Engineering

Position PhD-studentIrène Curie Fellowship NoDepartment(s) Mathematics and Computer ScienceFTE 1,0Date off 15/09/2024Reference number V32.7583Job descriptionCyber-attacks targeting human users are on the rise both in sophistication and scale. Soci...

PhD Student in Trustworthy Autonomous Systems and Explainable Artificial Intelligence

Deadline: 16.07.2024The University of Applied Sciences and Arts of Southern Switzerland (SUPSI) has opened a full time (100%) position for a PhD student in Trustworthy Autonomous Systems and Explainable Artificial Intelligence at the Department of...

PhD Position on Secure Cloud

Job descriptionThe Semantics, Cybersecurity and Services (SCS) group at the University of Twente is looking for a full-time PhD to join the research team, working on Secure Cloud. The position is f...

Doctoral student in Informatics

Reference number ORU 2.1.1-03449/2024Örebro University and the School of Business are looking for a doctoral student for the doctoral programme in Informatics, concluding with a doctoral degree.Start date: 15 October 2024.Project descriptionThe Di...

Research professor - open to all scientific fields (Open BOFZAP)

The KU Leuven announces the vacancy of full-time academic positions as 'research professor' that are open to all research profiles from the various scientific fields. These positions are intended f...

Position PhD-studentIrène Curie Fellowship NoDepartment(s) Mathematics and Computer ScienceFTE 1,0Date off 15/09/2024Reference number V32.7364Job descriptionThis PhD in a nutshellAre you ready to tackle the pressing question of whether our defense...

PostDoc for Quantum Safe Communications Systems and Networks

Position (Post-doctoral) ResearcherIrène Curie Fellowship NoDepartment(s) Electrical EngineeringFTE 1,0Date off 14/07/2024Reference number V36.7327Job descriptionVision - Quantum Safe Communications Testbed in EindhovenSecure communications and ne...

Network Engineer / PostDoc for Quantum Safe Communications Systems and Networks

Position (Post-doctoral) Researcher, Other academic staff, Non academic staff (supporting staff)Irène Curie Fellowship NoDepartment(s) Electrical EngineeringFTE 1,0Date off 14/07/2024Reference number V36.7326Job descriptionVision - Quantum Safe Co...

Postdoctoral researcher in High-Performance Computing

The University | About us...The University of Luxembourg is an international research university with a distinctly multilingual and interdisciplinary character. The University was founded in 2003 a...

Research Associate - Causal modeling for Cybersecurity

PhD Research Fellows in ICT - Machine Learning and Security

About the positionThree 100% positions are available at the University of Agder, Faculty of Engineering and Science as PhD Research Fellows in machine learning, affiliated to the Department of Information and Communication Technology, for a period...

Joint Project Officer positions for ME and Cyber-Physical/HTSC (0,5-1 fte)

We are looking for a Joint Project Officer positions for ME and Cyber-Physical/High-Tech Systems Center (0.5-1 fte)Position Non academic staff (supporting staff)Irène Curie Fellowship NoDepartment(s) Mechanical EngineeringFTE 0,5Date off 15/07/202...

Assistant Professor Crisis Governance (1 fte)

Vacancy number 14965Job type Academic staffHours (in fte) 1,0External/ internal ExternalLocation Den HaagPlaced on 18 June 2024Closing date 26 August 2024 69 more days to applyWe aim to appoint an Assistant Professor with research and teaching exp...

2024 Computer Science Program Director Position

Wenzhou-Kean UniversityWenzhou-Kean University (WKU), located in Wenzhou, China, one of three Sino-American universities along with NYU Shanghai and Duke Kunshan University, is approved by the Ministry of Education of China. Launched in 2012, WKU ...

2024 Computer Science Lecturer/Assistant Professor

Career Opportunities at UM6P College of Computing: Professor in "Cyber Security / Privacy"

About UM6P and its College of Computing:Mohammed VI Polytechnic University (UM6P), a higher education institution with an international standard, is established to serve Morocco and the African continent. Its vision is honed around research and in...

Postdoc in Network Security

KTH Royal Institute of Technology in Stockholm has grown to become one of Europe’s leading technical and engineering universities, as well as a key centre of intellectual talent and innovation. We ...

Chair of Junior Professor in Autonomous Embedded Systems Based on AI

Job descriptionAbout the positionContract type: Chaire de Professeur Junior[1]. Successful applicants will first be hired on a ‘CDD de projet’ contract and tenure will occur at IMT Professor level.Location: IMT Atlantique, Brest campusKey words: E...

Jobs by field

• Electrical Engineering 213
• Programming Languages 178
• Machine Learning 178
• Artificial Intelligence 167
• Molecular Biology 166
• Mechanical Engineering 145
• Materials Engineering 140
• Electronics 140
• Cell Biology 138
• Engineering Physics 117

Jobs by type

• Postdoc 363
• Assistant / Associate Professor 157
• Professor 120
• Researcher 107
• Research assistant 106
• Engineer 95
• Lecturer / Senior Lecturer 76
• Management / Leadership 56
• Tenure Track 47

Jobs by country

• Belgium 392
• Netherlands 165
• Switzerland 120
• Morocco 115
• Luxembourg 66

Jobs by employer

• KU Leuven 143
• Mohammed VI Polytechnic Unive... 119
• Ghent University 87
• Eindhoven University of Techn... 82
• University of Luxembourg 66
• KTH Royal Institute of Techno... 59
• ETH Zürich 57
• University of Antwerp 49
• Karolinska Institutet 42

94 cyber-security PhD positions

Filtered by.

• cyber-security

Refine Your Search

• Last-7-days 2
• Last-30-days 25
• Scholarship 87
• Research Job 9
• Netherlands 34
• United Kingdom 21
• United States 3
• Australia 2
• Luxembourg 2
• Delft University of Technology 13
• Eindhoven University of Technology 8
• ; University of Southampton 6
• Eindhoven University of Technology (TU/e) 5
• Cranfield University 4
• Technical University of Denmark 4
• Tallinn University of Technology 3
• Technical University of Munich 3
• University of Amsterdam 3
• ; Newcastle University 2
• Carnegie Mellon University 2
• Chalmers University of Technology 2
• Curtin University 2
• Linköping University 2
• NTNU - Norwegian University of Science and Technology 2
• Newcastle University 2
• University of Glasgow 2
• University of Luxembourg 2
• ; Leeds Beckett University 1
• ; Manchester Metropolitan University 1
• ; University of Greenwich 1
• Aalborg University 1
• AcademicTransfer 1
• CEA List Institute 1
• Delft University of Technology (TU Delft) 1
• Fraunhofer-Gesellschaft 1
• KTH Royal Institute of Technology 1
• Leiden University 1
• Lulea University of Technology 1
• Luleå University of Technology 1
• NORWEGIAN UNIVERSITY OF SCIENCE & TECHNOLOGY - NTNU 1
• NTNU Norwegian University of Science and Technology 1
• Oak Ridge National Laboratory 1
• Queen's University 1
• Ruhr-Universität Bochum • 1
• Slovak University of Agriculture in Nitra 1
• Umeå University 1
• University of Amsterdam (UvA) 1
• University of British Columbia 1
• University of Nottingham 1
• University of South-Eastern Norway 1
• Université Paris 1 Pantheon-Sorbonne 1
• Uppsala University 1
• Computer Science 62
• Economics 7
• Engineering 3
• Humanities 3
• Electrical Engineering 2
• Linguistics 2
• Mathematics 2
• Psychology 2
• Arts and Literature 1
• Education 1
• Medical Sciences 1

PhD Studentship: Strengthening the Cyber Security of Multi-Domain Systems

security , and economic stability. As cyber threats grow in sophistication, our need to address this problem becomes increasingly urgent. In this PhD project, you will: Formalize and represent the threat

PhD Studentship: Serious games for cyber security education

Supervisory Team: V. Sassone and B. Halak PhD Supervisor: Vlad Sassone Project description: We are looking for a high quality student with knowledge, expertise and interest in cyber security , game

PhD position in Resilient DC Microgrids with Cyber -Physical Security Monitoring. Early stage researcher

power engineering and mechatronics. The proposed PhD thesis topic: "Resilient DC Microgrids with Cyber -Physical Security Monitoring" Supervisors: Senior Researcher Andrii Chub and Research Professor

PhD Scholarships (2) in Cyber - Security and Cyber -Deception – DTU Compute

Skip to main content. Profile Sign Out View More Jobs PhD Scholarships (2) in Cyber - Security and Cyber -Deception – DTU Compute Kgs. Lyngby, Denmark Trending Job Description We are looking for two

PhD Position in Safety Verification of Cyber -Physical Systems

06.10.2023, Wissenschaftliches Personal The PhD position is on safety verification of Cyber -Physical Systems at the intersection between control theory and machine learning. The position is full

PhD Studentship - Cyber Risk Management through Cognitive Behavioural Analysis

Essential Strong research background in information security , cyber risk management, security policies and procedures. A master’s degree in computer science, Information Technology, Cyber Security , or a

PhD Research Fellow in Cybersecurity

limited to, developing decentralized secure and privacy-preserving methods for sharing health data, protecting sensitive health information from emerging cyber threats, and ensuring secure data sharing

PhD Studentship: Agile Defense: Leveraging Continual Learning for Adaptive Cybersecurity

and tailored cybersecurity measures. You will join the Cyber Security Research Group recognised as Academic Centre of Excellence for Cyber Security Research (ACE-CSR) and Education (ACE-CSE), and work

PhD Studentship: Cyber and Privacy Risk Management of AI systems

for Sustainable Cyber Security (CS2) (https://www.gre.ac.uk/research/groups/sustainable- cyber - security -cs2 ), University of Greenwich, London. The supervisory team includes Professor Emmanouil (Manos) Panaousis and

PhD Candidate in Reference Systems for a Cyber -Physical Range

24th August 2024 Languages English English English The Department of Information Security and Communication Technology has a vacancy for a PhD Candidate in Reference Systems for a Cyber -Physical

Searches related to cyber security

• computer science
• postdoctoral
• cybersecurity
• phd information security
• lecture cyber security
• phd data analytics

What a lovely hat

Is it made out of tin foil .

International Association for Cryptologic Research

Open positions in cryptology.

Submit a job IACR provides a listing of open positions with a focus on cryptology. To advertise a job opportunity, please use the button to the right.

Submissions should include the organization, title, description, a URL for further information, contact information, and a closing date (which may be "continuous"). The job will be posted for six months or until the closing date. Submissions in other formats than text will not be posted. There can be no attachments.

This is intended to be a free service from an IACR member to the IACR membership. The content of the job posting is the responsibility of the person requesting the posting and not the IACR. Commercial enterprises who want to advertise their openings should identify at least one of their employees who is a member of IACR.

Associate Research Fellow (Postdoctoral Fellow)

University of wollongong, australia, senior web service java software engineer for trust provisioning (m/f/d), phd student, postdoc in cryptography, aalto university, finland.

We are looking for postdocs interested in working with us (Chris Brzuska and Russell W. F. Lai) on topics including but not limited to:

• Lattice-based cryptography, with special focus on the design, application, and analysis of non-standard lattice assumptions
• Succinct and/or zero-knowledge proof and argument systems
• Advanced (e.g. homomorphic, attribute-based, functional, laconic) encryption and (e.g. ring, group, threshold, blind) signature schemes
• Fine-grained cryptography (e.g. against bounded-space-time adversaries)
• Lower bounds and impossibility results

For questions about the topics, feel free to drop us an email to discuss.

For more details about the position, and for the instructions of how to apply, please refer to https://www.hiit.fi/ict-community-postdoctoral-researcher-positions/.

• For the position: Chris Brzuska, Russell W. F. Lai
• For the recruiting system: HIIT coordinator (see link above)

Research Fellow in Public Key Cryptanalysis

University of surrey, security and network engineering education technical coordinator, university of amsterdam, the netherlands, irif, université de paris cité; paris, france, ph.d. student, university of edinburgh, 2 faculty positions in computer security and privacy, pontificia universidad católica de chile, santiago, chile, post-doc in cryptography with applications to fintech and privacy, university of luxembourg.

• Applied or symmetric cryptography
• Blockchain cryptography, cryptoeconomics
• Anonymity and privacy on the Internet
• Conduct, publish and present research results at conferences
• Collaborate with the two Ph.D. students of the project
• Attract funding in cooperation with academic and industrial partners

Ph.D. Thesis on Efficient Secure Multi-Party Computation

Bosch research, renningen, germany, phd student, monash university, engineering consulting position, postdoc/phd student, graz university of technology, associate professor or tenure track assistant professor in cybersecurity, technical university of denmark, copenhagen, denmark, postdoc position in post-quantum key exchange protocols, university of isfahan, department of computer engineering, isfahan, iran, postdoc in {lattice-based, class-group-based, threshold} cryptography, lirmm, montpellier, france, postdoc position in cryptography: social foundations of cryptography, king's college london.

The candidate will work alongside Prof. Martin Albrecht, Dr. Benjamin Dowling, Dr. Rikke Bjerg Jensen (Royal Holloway University of London) and Dr. Andrea Medrado (Exeter) on establishing social foundations of cryptography in protest settings. In particular, the candidate will work with a multi-disciplinary team of cryptographers (Dowling, Albrecht) and ethnographers (Jensen, Medrado) to understand the security needs of participants in protests, to formalise these needs as cryptographic security notions and to design or analyse cryptographic solutions with respect to these notions.

This position is part of the EPSRC-funded project “Social Foundations of Cryptography” and more information is available at https://social-foundations-of-cryptography.gitlab.io/.

In brief, ethnography is a social science method involving prolonged fieldwork, i.e. staying with the group under study, to observe not only what they say but also what their social reality and practice is. In this project, we are putting cryptography at the mercy of ethnographic findings, allowing them to shape what we model.

PhD Studentship in Privacy-Enhancing Technologies (Cryptography and Federated Learning)

Newcastle university.

• The studentship covers fees at the UK rate . International applicants are welcome to apply but will be required to cover the difference between UK and International fees.
• Candidate must have a strong background in math and computer programming (e.g., C++, Python, or Java).
• You must have, or expect to gain, a minimum 2:1 Honours degree or international equivalent in computer science, cybersecurity, mathematics, or software engineering.

PhD Student in Cryptography

Imdea software institute, madrid, spain.

The IMDEA Software Institute invites applications for a PhD student in the area of Cryptography. The successful candidate will work under the supervision of Dario Fiore on constructions and applications of cryptographic protocols for secure computation. Topics of particular interest include: zero-knowledge proofs, succinct proof systems and verifiable computation, computation on encrypted data.

Who should apply? The ideal candidates have earned (or are in their last year of) a Master's degree in Computer Science, Mathematics or a related discipline, and have a background in Cryptography. Experience in research or implementation of cryptographic protocols will be considered a plus.

Working at IMDEA Software: Ranked among the Europe's top research institutes in Security and Cryptography, the IMDEA Software Institute offers an inspiring and dynamic collaborative environment with a focus on foundations and applications of cryptography. The Institute is located in the vibrant city of Madrid. The institute provides a competitive salary and funding for research-related travel. The working language at the institute is English.

Dates: The position will span the entire duration of doctoral studies. The starting date is flexible from October 2024. The deadline for applications is July 15th, 2024. Review of applications will begin immediately, and continue until the position is filled.

Postdoc (blockchain)

University of sydney, phd student in privacy-preserving protocols, applied cryptographer, assistant professor in verification of cryptographic implementations, eindhoven university of technology.

• A team player,
• holding a PhD in an area related to cryptography or formal methods,
• experienced in doing high quality research, demonstrated, for example, by publications in top tier venues on cryptography, security, or formal methods,
• that is also interested in teaching students about their research.
• A fun team, open for collaborations,
• supporting you in applying for personal grants, and growing into the role of a professor,
• with a large network for collaborations in academia and industry,
• providing funding for a first PhD student and travel, and
• employment conditions of a Dutch university (including two additional salaries per year and 40+ vacation days).

Cryptography & Cybersecurity Consultant

University of birmingham, birmingham, united kingdom.

The primary research theme for the call is in the foundations and cryptanalysis of post-quantum cryptosystems. The exact projects could be tailored to match the candidate's background and interests.

University of New South Wales

Senior cryptographer engineer, phd student in security of ai hardware, university at albany, suny, department of electrical and computer engineering; albany, new york, postdoctoral researcher, sapienza university of rome, italy, multiple academic teaching positions, xiamen university malaysia, sepang, malaysia.

Xiamen University Malaysia is now seeking highly motivated, committed and qualified individuals for academic teaching positions in computer science and cyber security.

Candidates in computer science and cyber security are welcome to apply. The ideal candidate is expected to be able to support general computing subjects, as well as cyber security specialization subjects. Applicants must possess a PhD degree in a related discipline.

• Digital Forensics and Investigation
• Network Traffic Monitoring and Analysis
• Advanced Network Attack and Defence Technology
• Malware Analysis
• Cryptanalysis
• Blockchain Technology

HOW TO APPLY Applicants are invited to submit a digital application packet to: [email protected] and [email protected]

• Your detailed and current CV with publication (*Asterisk to indicate corresponding author, include Indexing & Quartile);
• Cover letter;
• List of courses from the above that the candidate can support;
• Evidence of academic qualifications (Bachelor, Master & PhD Certificate; Bachelor, Master & PhD Transcripts and Professional Certificates);
• 3-5 Full-Text publications (if applicable);
• Teaching evaluation (if applicable);
• Two academic references (at least one of them is the applicant’s current/most recent employer).

Faculty of engineering, Bar-Ilan University, Israel

I am looking for Ph.D. students in the area of analysing and preventing physical side channels in embedded devices. Two positions are available, which, as usual in the UK, enable the post holder to cover their tuition fees as well as enable them to cover their living expenses.

• Pre-silicon modelling and analysis: you should be familiar with utilising a typical HW design flow, power simulation tools, and you should have an interest in developing skills in leakage modelling as well as analysis.
• Statistical detection and analysis methods: you should be comfortable with probability theory and statistics, and you should have an interest in exploring sophisticated statistical approaches in the context of exploiting and detecting leakage. This research may also touch on statistical learning methods.
• Implementation and analysis of post-quantum schemes: you should be familiar with low level software implementations (aka Assembly programming), and have an interest in exploring implementation options (potentially also considering dedicated hardware, e.g. the impact of dedicated instructions) to develop secure and reasonably efficient post-quantum implementations.

If you feel that you fit with one (or several) of the three topics, or, if you believe that you can make a good case for another topic, then please get in touch (see contact info below). Please send me a transcript of records, and a short (1 page) statement explaining why you want to do a PhD with me). If I think that you are a viable candidate, I will guide you through the application process.

I am now a faculty member and thus part of the Birmingham Centre for Security and Privacy. You can find information about this research group here: https://www.birmingham.ac.uk/research/centre-for-cyber-security-and-privacy. This is a sizeable research group, which offers companionship via other PhD students and staff members, as well as opportunities via many good relationships with industry.

University of New Brunswick, Computer Science; Fredericton, Canada

Applied cyptographer, fully-funded phd position in lattice-based privacy enhancing technologies, monash university; melbourne, australia.

• highly competitive scholarships to cover tuition fees, health insurance and living expenses (as stipend),
• opportunities to collaborate with leading academic and industry experts in the related areas,
• opportunities to participate in international grant-funded projects,
• collaborative and friendly research environment,
• an opportunity to live/study in one of the most liveable and safest cities in the world.

Requirements. A strong mathematical and cryptography background is required. Some knowledge/experience in coding (for example, Python, C/C++, SageMath) is a plus. Candidates must have completed (or be about to complete within the next 8 months) a significant research component either as part of their undergraduate (honours) degree or masters degree. They should have excellent English verbal and written communication skills.

How to apply. please first refer to mfesgin.github.io/supervision/ for more information. Then, please fill out the following form (also clickable from the advertisement title): https://docs.google.com/forms/d/e/1FAIpQLScOvp0w397TQMTjTa6T7TKqri703Z-c3en0aS654w6nl4_EFg/viewform

Embedded Crypto Software Developer (m/f/d)

Nxp semiconductors gratkorn/austria, hamburg/germany, eindhoven/netherlands & toulouse/france.

• You will develop crypto algorithms (incl. Post Quantum Crypto) based on specifications, being involved from the coding/programming, test, code review, release stages.
• You will align with our innovation team, architectural team, hardware teams and support teams to develop the algorithms which contribute to a complete security subsystem in all of NXP's business lines.
• Bachelor + 3-5 years of relevant experience Or​ You are a graduate with a Master or PhD Degree in Computer Science, Electronics Engineering, Mathematics, Information Technology, Cryptography
• You have a passion for technology, you bring ideas to the table and you are proud of your results.
• We offer you the opportunity to learn and build on your technical knowledge and experience in some of the following areas: algorithm development including post quantum cryptography (DES, AES, RSA, ECC, SHA and many more)
• embedded software development in C and Assembly
• work with ARM Cortex M and RISC V platforms
• Work on hardware and software countermeasures against side channel (SCA) and fault attacks, (FA).

PhD Internship

Nokia bell labs; antwerp, belgium.

• You are currently doing a PhD or PostDoc
• Some familiarity with one of the areas: FHE, MPC or ZKP
• Both applied and theoretical researchers are welcome
• Fully funded internship with benefits (based on Belgian income standards)
• Internship any time from now until the end of 2024
• Possibility to visit local university crypto groups (e.g. COSIC KU Leuven)
• A wonderful desk with a view of the Zoo of Antwerp (elephants and bisons visible)
• Having access to the best beers and chocolates in the world

PhD student (fully funded)

Monash university, melbourne, australia.

At the Department of Software Systems and Cybersecurity (SSC) at Monash, we have several openings for PhD positions. The topics of interest are post-quantum cryptography (based on lattices and/or hash), their applications, and their secure and efficient software and hardware implementations.

• We provide highly competitive scholarships opportunities to collaborate with leading academic and industry experts in the above-mentioned areas.
• There will be opportunities to participate in (inter)nationally funded projects.
• We have a highly collaborative and friendly research environment.
• You will have an opportunity to live/study in one of the most liveable and safest cities in the world.

The positions will be filled as soon as suitable candidates are found.

• Some mathematical and cryptography backgrounds.
• Some knowledge/experience in coding (for example, Python, C/C++, and/or SageMath) is a plus.
• Must have completed (or be about to complete within the next 6 months) a significant research component either as part of their undergraduate (honours) degree or masters degree.
• Should have excellent verbal and written communication skills in English.

Ph.D. Position (Fully Funded)

Cea-list france & university of paris-saclay, france, postdoctoral researchers in post-quantum cryptography, institute of software chinese academy of sciences, phd position in cryptography and privacy engineering, technical university of darmstadt, germany.

The Cryptography and Privacy Engineering Group (ENCRYPTO) @CS Department @Technical University of Darmstadt offers a fully funded position as Doctoral Researcher (Research Assistant/PhD Student) in Cryptography and Privacy Engineering to be filled as soon as possible and initially for 3 years with the possibility of extension.

You'll work in the collaborative research center CROSSING funded by the German Research Foundation (DFG). In our project E4 Compiler for Privacy-Preserving Protocols, we build compilers to automatically generate optimized MPC protocols for privacy-preserving applications. See https://encrypto.de/CROSSING for details. As PhD@ENCRYPTO, you primarily focus on your research aiming to publish&present the results at top venues.

We demonstrate that privacy is efficiently protectable in real-world applications via cryptographic protocols. Our open and international working environment facilitates excellent research in a sociable team. TU Darmstadt is a top research university for IT security, cryptography and CS in Europe. Darmstadt is a very international, livable and well-connected city in the Rhine-Main area around Frankfurt.

• Completed Master's degree (or equivalent) at a top university with excellent grades in IT security, computer science, or a similar area.
• Extensive knowledge in applied cryptography/IT security and very good software development skills. Knowledge in cryptographic protocols (ideally MPC) is a plus.
• Experience and interest to engage in teaching.
• Self-motivated, reliable, creative, can work independently, and striving to do excellent research.
• Our working language is English: Able to discuss/write/present scientific results in English. German is beneficial but not required.

Technical University of Munich, Germany

Postdoctoral researchers, mohammed vi polytechnic university (um6p), phd student or post-doc in sustainable trust anchor for iot, csem, neuchâtel ch.

Collaborating with two experienced teams in security, digital hardware and software, you will contribute to the development of an embedded anchor of trust for future generation of sustainable IoT devices, enabling features such as post quantum cryptography, threshold cryptography, distributed architectures, or reconfigurability over the air. You will be working closely with a diverse team of engineers and researchers, and you will take a leading role in transforming a vision into tangible IPs.

• Research in applied cryptography and implementations for embedded devices.
• Implement cryptography and security primitives for embedded devices; mainly HW/SW co-design.
• Develop Proof of concepts based on advanced cryptography topics.
• Harden security modules against side channel attacks, software attacks and other threats.
• Adopt a holistic approach to design and implement robust features yielding solid foundations for end-to-end security.
• Propose innovative security IPs, challenge them against state of the art and review them with peers.
• PhD graduate or an MSc graduate.
• Background in one or more of these fields: digital design, embedded software design and applied cryptography.
• A high motivation to progress and excel in the field of applied cryptography and embedded security.
• Experience in digital hardware or embedded software development.
• Programming skills in VHDL, C, Python (or equivalent).
• Fluent in English. French or German are an advantage.
• Natural curiosity and ability to adapt to new situations.
• Autonomous and hands-on, motivated to take initiative in the development of innovative solutions.
• Open-minded attitude and well-developed team-spirit.

Post-docs and PhD Residencies

We have postdoc and PhD residency positions available at SandboxAQ [1]. We seek people interested in doing research in the areas of post-quantum cryptography, privacy, and machine learning applied to cybersecurity. The positions are remote, but allow for travel to collaborate with team members. The postdoc residencies are initially for two years, but with the option to extend it to up to three years, on mutual agreement. PhD residencies are up to one year.

• Carlos Aguilar Melchor: https://dblp.org/pid/71/4606.html
• Martin Albrecht: https://dblp.org/pid/92/7397.html
• Nina Bindel: https://dblp.org/pid/167/3021.html
• James Howe: https://dblp.org/pid/163/8680.html
• Andreas Hülsing: https://dblp.org/pid/27/1744.html
• Nicolas Gama: https://dblp.org/pid/49/4575.html
• Sandra Guasch Castelló: https://dblp.org/pid/86/8292.html
• Raphael Labaca-Castro: [email protected]
• Parth Mishra: [email protected]
• PQC : [email protected] and [email protected]

Senior Research Scientist - PQC

Sanboxaq (usa, remote; europe, remote; canada, remote).

The SandboxAQ team is looking for a Research Scientist to help functionalize the next generation of cryptographic systems. A successful candidate will be comfortable with research in post-quantum cryptography. We are open to strong candidates that reinforce existing expertise of the team as well as candidates extending our expertise. They will be part of a team of diverse cryptographers and engineers, where they will play a key role in efficient and effective enablement of the technologies being developed. They can learn more about what we’ve been doing so far by checking out the publications of our permanent researchers: Carlos Aguilar Melchor, Martin Albrecht, Nina Bindel, James Howe, Andreas Hülsing, and Anand Kumar Narayanan

TU Wien, Security and Privacy Research Unit

• Master degree in computer science or equivalent (degree completion by employment start)
• Excellent English, communication, and teamwork skills
• Background in formal methods (e.g., automated reasoning, type systems, or proof assistants) or cryptography
• Experience in research is a plus
• A job in an internationally renowned group, which regularly publishes in top security venues, and consists of an international, diverse, and inclusive team with expertise in formal methods, cryptography, security, privacy, and blockchains
• Diverse research topics in formal methods for security and privacy, with a specific focus on cryptographic protocols and blockchains
• An international English-speaking environment (German not required)
• A competitive salary
• Flexible hours

Quantstamp, Remote/ Anywhere

100 Best universities for Cyber Security in Russia

Updated: February 29, 2024

• Art & Design
• Computer Science
• Engineering
• Environmental Science
• Liberal Arts & Social Sciences
• Mathematics

Below is a list of best universities in Russia ranked based on their research performance in Cyber Security. A graph of 188K citations received by 31.9K academic papers made by 104 universities in Russia was used to calculate publications' ratings, which then were adjusted for release dates and added to final scores.

We don't distinguish between undergraduate and graduate programs nor do we adjust for current majors offered. You can find information about granted degrees on a university page but always double-check with the university website.

1. Moscow State University

For Cyber Security

2. National Research University Higher School of Economics

3. Peter the Great St.Petersburg Polytechnic University

4. National Research Nuclear University MEPI

5. St. Petersburg State University

6. ITMO University

7. Moscow Institute of Physics and Technology

8. Kazan Federal University

9. Tomsk State University

10. RUDN University

11. Southern Federal University

12. South Ural State University

13. Finance Academy under the Government of the Russian Federation

14. Bonch-Bruevich St. Petersburg State University of Telecommunications

15. Ural Federal University

16. Tomsk Polytechnic University

17. Novosibirsk State University

18. Saratov State University

19. Bauman Moscow State Technical University

20. Saint Petersburg State Electrotechnical University

21. Samara National Research University

22. Moscow Aviation Institute

23. N.R.U. Moscow Power Engineering Institute

24. Russian Presidential Academy of National Economy and Public Administration

25. Plekhanov Russian University of Economics

26. Moscow State Institute of International Relations

27. St. Petersburg State University of Aerospace Instrumentation

28. Tomsk State University of Control Systems and Radioelectronics

29. north caucasus federal university.

30. Novosibirsk State Technical University

31. Yaroslavl State University

32. Kazan National Research Technical University named after A.N. Tupolev - KAI

33. Petrozavodsk State University

34. University of Tyumen

35. St. Petersburg State University of Architecture and Civil Engineering

36. Lobachevsky State University of Nizhni Novgorod

37. State University of Management

38. Omsk State Technical University

39. National Research University of Electronic Technology

40. Novgorod State University

41. south-western state university.

42. Moscow State University of Railway Engineering

43. Far Eastern Federal University

44. Moscow Medical Academy

45. National University of Science and Technology "MISIS"

46. Volgograd State University

47. Perm State Technical University

48. Siberian State Aerospace University

49. Siberian Federal University

50. St. Petersburg State University of Economics

51. Bashkir State University

52. New Economic School

53. Moscow State Technological University "Stankin"

54. Samara State Technical University

55. Saratov State Technical University

56. Kalashnikov Izhevsk State Technical University

57. Voronezh State University

58. Kuban State University

59. Moscow Polytech

60. Russian State University for the Humanities

61. Omsk State University

62. Saint-Petersburg Mining University

63. Ufa State Aviation Technical University

64. Moscow State Pedagogical University

65. Penza State University

66. Chechen State University

67. Saint Petersburg State Institute of Technology

68. Immanuel Kant Baltic Federal University

69. Nizhny Novgorod State Technical University

70. Baikal State University

71. South-Russian State University of Economics and Service

72. Altai State University

73. North-Eastern Federal University

74. Magnitogorsk State Technical University

75. Ufa State Petroleum Technological University

76. Tver State University

77. Russian State University of Oil and Gas

78. polzunov altai state technical university.

79. Amur State University

80. Kemerovo State University

81. Leningrad State University

82. Tula State University

83. Belgorod State Technological University

84. Ogarev Mordovia State University

85. Chelyabinsk State University

86. Kazan State Technological University

87. Orenburg State University

88. Orel State University

89. Perm State University

90. Irkutsk State University

91. Kuban State Agricultural University

92. Kuban State University of Technology

93. Russian State Social University

94. Russian National Research Medical University

95. Sevastopol State University

96. Vladivostok State University of Economics and Service

97. Belgorod State University

98. Russian State Hydrometeorological University

99. Kaliningrad State Technical University

100. Kuzbass State Technical University

The best cities to study Cyber Security in Russia based on the number of universities and their ranks are Moscow , Saint Petersburg , Kazan , and Tomsk .

Computer Science subfields in Russia

Is a Cyber Security PhD Worth It? (The Best Answer)

Cyber security, is a domain where specialized skills and knowledge are highly sought after. And if you’re reading this, you’re already considering enhancing your credentials by pursuing a cyber security PhD.

However, this isn’t a decision to be taken lightly. This article is intended to provide a comprehensive overview of the considerations, commitments, and potential career paths associated with becoming a “Doctor” of cyber security.

Read on to gain insight into the nuanced aspects of this decision, from understanding the pre-requisites for admission to exploring potential job opportunities and evaluating the financial return of a cyber security PhD.

No, a PhD in cyber security isn’t worth it unless you’re aiming for a career in research, academics, industry regulation, or leadership (aka CISO). Why?

Honestly, a PhD in cyber is only designed for people with a distinct mindset. You’ve got to have a deep-rooted passion for cyber security with a drive to make meaningful contributions to the field.

You should NEVER do a PhD in cyber security for the money! But, if you have that passion and drive, the personal satisfaction from a PhD should outweigh all other considerations.

Let’s look at some of those considerations…

Most cyber security positions don’t require a PhD. Although getting a PhD makes you a specialist in your field, it also has the unfortunate side effect of over qualifying you for certain roles.

For instance, no one’s going to hire a PhD candidate for a cyber analyst role. On the other hand, it opens doors that a bachelor’s or master’s degree can’t.

For instance, are you dreaming of a career in academia? Or do you see yourself as a high-level cyber security researcher or policy maker?

If that’s the case, then you should absolutely pursue a PhD. But before jumping in, keep in mind that it also involves a significant commitment to research demanding a lot of your time and resources.

Many have regretted started a PhD that they either couldn’t finish or have invested so much time, they couldn’t quit. What’s worse? You’ll need to give up a full-time salary for about 4-7 years.

Trying to work, even part time, while you’re doing your PhD will be very challenging. Even though some programs offer stipends to help with your living expenses, it’s important to consider a crucial question.

Does the potential financial return align with your long-term goals?

For some people the answer is no . Think about it!

Why would you give up 4-7 years of experience and salary increases only to find that someone with a bachelor’s and a few years of experience is getting paid more? Remember that when you’re working in cyber security, it’s your skills and experience that counts, not your academic knowledge.

I’m not trying to dissuade you from pursuing a PhD of cyber security. But it’s a decision that needs careful thought and advice from industry professionals, career counselors, and your academic advisors.

In the end, the value of a PhD in cyber security isn’t an easy thing to determine. It’s heavily dependent on your career goals, your passion for the field, and your resources.

Can You Get a PhD in Cyber Security?

Yes, you can get a PhD in cyber security. But you’ve got to meet the institutions basic requirements and successfully manage the rigor of academic work.

Cyber security PhD programs typically require students to have a strong academic background in computer science, mathematics, software engineering, or cyber security. And many of the requirements to enter a PhD program are similar no matter which university you’re applying to. It’s usually a matter of submitting transcripts, GRE scores, letters of recommendation, admissions essay, and your resume.

Also, no one can give you the exact prerequisites for a PhD cyber security program because it varies by institution. But I can say, your admission is generally dependent on the program’s area of expertise and level of funding available.

PhD in Cyber Security vs Doctor of Cyber Security (DSc)?

Most of this article focuses on the Doctor of Philosophy (PhD) in Cyber Security. But before I dive too far into the subject, there are some alternative variations of cyber security doctoral degrees to consider.

The specifics can vary by institution, and some programs may blur the lines between these general categories:

• Doctorate in Information Assurance (DIA)
• PhD in Cyber Operations
• PhD in Computer Science – Cyber Security
• Doctor of Information Technology (DIT) – Cyber Security
• PhD in Information Science – Cyber Security
• PhD in Technology Management – Cyber Security
• Doctor of Science (DSc) in Cyber Security
• PhD in Computer Engineering – Information Assurance
• PhD in Informatics – Security Informatics
• DSc in Information Assurance
• PhD in Mathematics – Information Assurance

As you can see, the naming convention isn’t what you’d expect; however both give you the title of “Doctor”. I know that if you live abroad, the Doctor of Science designation is often held in higher regard than a PhD.

Do your research, but I will say that if you live in the US, you’re probably better off getting your “PhD in Cyber Security” as it’s more widely understood. That may change in the next decade, but for now it’s probably the safer way to go.

Why Should You Get a PhD in Cyber Security?

When you get a bachelor’s or master’s degree, you’re preparing for a career in cyber security, but this isn’t true when becoming a doctor of cyber security. That’s because earning a PhD is mostly about research.

Your dissertation offers you the opportunity to conduct original research on the forefront of new security technologies. That may even continue after your graduate. Imagine diving deep into a specialized field like quantum cryptography, artificial intelligence in cybersecurity, or blockchain security.

That’s what a PhD in cyber security offers you!

How Long Does a PhD in Cyber Security Take?

A PhD isn’t just about getting a degree; it’s about becoming an expert in your field. And it’s a commitment that usually takes between 4-7 years.

You’d typically begin your PhD by attending classes, completing projects, and passing exams for advanced cyber security coursework. It might take you about two to three years to finish this part, especially if you’re studying full time.

If you’re going part-time, you’re looking at an even longer period. Then comes the comprehensive exams or qualifiers, which are usually taken after your coursework is complete.

These are tough exams that test your knowledge in the field. Here, you’ll need to dedicate several months to prepare for them.

After passing these comprehensive exams, you’ll then move on to your own research and dissertation under the guidance of a faculty advisor. The time you’ll spend here varies significantly.

If you’re dedicated enough, you might finish in a couple of years, others may take longer. It really depends on your research topic, your advisor, your personal commitment, along with a bit of luck.

Don’t forget, you’ll also be expected to teach classes, present at conferences, publish papers, and contribute to the academic community. All these activities take time too.

How Much Does a PhD in Cyber Security Cost?

A PhD in cyber security ideally costs $0! That’s right, most PhD students pay almost nothing in tuition because that’s usually covered by the research grant.

FYI…NEVER enter a PhD program that isn’t fully funded unless you expect to pay out of your own pocket! When applying to a cyber security PhD program, you should really be asking several questions:

• Is funding guaranteed and for how long?
• Do your students typically take longer than the guaranteed funding period?
• Will I still have funding after that period?
• Are there are out of pocket costs for insurance and student fees?
• Will I have funding through the summer term and what is the source?
• Is there a fellowship and how are they are awarded?
• Where do most of your cyber security students get internships?
• What are the sources of funding in general teaching/researching/fellowship?
• What’s the typical teaching/research ratio of funding?
• Is there funding for conference travel and how they are awarded?
• How much is the stipend?

You really should do you research regarding the total out of pocket costs associated with your PhD program.

What if you do end up paying tuition out of pocket?

If you take into account both public and private institutions, the average annual cost of a PhD is about $19,749 . Of course, the costs do vary depending on where you study.

I would suggest you go for a public institution where the average annual cost is just over $12,394, compared to almost $26,621 if you go private. By pursuing a PhD of cyber security at a public institution, you’d save approximately $57,000 over four years.

If you can have your employer cover the costs, then that’s great! However, if you need help, there are scholarships and grants designed to help you with those costs.

What’s even better is if you have the time to work to gain real-world experience. You should take the time to apply for internships, fellowships , or assistantships.

Whatever you decide, try to find an option that provides you with invaluable experience while providing you enough money to cover your living expenses. Here’s an article that talks all about how to get a cyber security internship !

What Jobs Can You Do with a PhD in Cyber Security?

With a PhD in cyber security, you’ve got a world of opportunities waiting for you. Let’s explore a few of them:

Have you ever dreamed of becoming a university professor?

As a professor, you get to teach the next generation of cyber security professionals. You also might get the opportunity to mentor and potentially collaborate with your students on research. Of course, you also get to contribute to advancements in cyber security by starting or continuing your own research.

Are you looking to influence the industry?

Your research may lead to new understandings or techniques that everyone else adopts. This gives you the credibility and expertise that can influence the direction of the field. You might even find yourself speaking at conferences, writing books or articles, or consulting on important projects. This becomes your chance to shape best practices, standards, or policies in the industry. For instance, you can influence how organizations respond to cyber threats, how new technology incorporates security, or how government crafts cyber security regulations.

Do you have any business ideas?

With a PhD, you’d have the knowledge and credibility to develop your own line of innovative products. Or if you enjoy the variety of helping solve different problems, you might enjoy a career as a cyber security consultant . In this role, you’d be advising companies on how to improve their security strategies.

Are you well-published in the cyber security field?

And if you’re lucky enough to be well-published, you become a hot commodity for roles in research institutions, innovative tech companies, or government agencies. Many of these institutions are always on the lookout for research scientists. You could be on the cutting edge of new cyber security research coming up with innovative ways to tackle cyber threats and make real contributions to the field.

How about a leadership role?

As a CISO, you’d be the top executive responsible for an organization’s information and data security. Your PhD would be invaluable in helping you develop and implement high-level security strategies. Your deep understanding of cyber security could also be put to good use in shaping public policy. Government agencies and think tanks often need experts to advise on the societal impact of technology and cyber security. In turn, they’d need your help to craft appropriate policies and regulations.

What Are the Highest Paying Jobs for Cyber Security PhD Holders?

When pursuing a PhD in cyber security, your post-doctoral salary is going to be something to take into consideration. Naturally, if you’re pursuing a PhD in cyber security and interested in working in the industry, you’re probably aiming for a career as a cyber security policy maker (aka CISO).

To get a fair comparison of the highest paid cyber security positions, let’s look at three websites showing the average CISO salary and the typical salary ranges:

Salary.com: $236,333 and ranges between $210,373 and $267,533.

PayScale: $173,130 and ranges between $110,000 and $233,000.

ZipRecruiter: $194,648 and ranges between $163,000, and $250,000.

Between the three, the average CISO salary is about $201,370. Of course, your salary depends entirely on the responsibilities you take on, the company you work for, and the wage they advertise.

Skip Over Anything?

PhD in Cyber Security vs Doctorate in Cyber Security (DSc)?

Interested in More…

Is a Cyber Security Degree Worth It?

Ways to Work in Cyber Security Without a Degree!

What Is the Best Job in Cyber Security?

Is Cyber Security Right for Me?

by Amit Doshi

If you enjoyed reading today’s article please subscribe here.

Related Posts

Do You Need a Degree for Cyber Security? ABSOLUTELY NOT!

I know you’re asking yourself, do I need a degree for cyber security? You’re not alone in asking this question.…

Making the Switch to Cybersecurity: Unlocking a New Future!

The switch to cybersecurity…you wake up to yet another mundane day in your current field. The excitement has dwindled, and…

The Most Important Cybersecurity Skill to Have!

Stepping into the complicated corridors of cybersecurity, you’re quickly surrounded by a world of cybersecurity skills: codes, algorithms, threats, defenses.…

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed .

• Gradcracker Home
• All STEM Jobs
• Graduate Jobs
• Cyber Security
• 1 - 80 of 178 results

• Salary: Competitive
• Location: Camden (London)
• Degree required: All grades
• Deadline: Ongoing

• Salary: £26,000
• Location: Hemel Hempstead (Hertfordshire)
• Degree required: 2:1 and above

• Location: Cambridge

• Salary: £27,000
• Location: Brighton

• Location: Edinburgh
• Starting: Immediate Start

• Salary: £30,000 in Year 1, £38,000 in Year 2
• Location: London
• Hiring multiple candidates: Yes
• Starting: November 2024
• Deadline: August 23rd, 2024

• Salary: £31,305, rising to £37,425 upon completion of training + £27,000 joining bonus
• Location: Dartmouth then UK & International Travel

• Location: London, Edinburgh and Budapest
• Starting: August 2025
• Salary: £60,000
• Location: Leeds

• Location: Glasgow

• Salary: £50,000 - £120,000

• Salary: Minimum £60,000 (depending on experience)
• Location: Aberdeen
• Deadline: July 12th, 2024

• Location: Multiple UK Locations

• Salary: £31,305
• Location: Sandhurst then UK & International Travel

• Salary: £28,861
• Degree required: 72 UCAS points (or equivalent)
• Accepting Cyber Security disciplines
• Location: Bristol

• Salary: £28,000
• Location: Didsbury (Manchester)

• Salary: £34,000 + £2,000 welcome bonus
• Location: Various locations
• Degree required: 2:2 and above

• Location: Bristol (Hybrid)

• Location: London (Hybrid)
• Degree required: Master's and above
• Location: Cheltenham (Gloucestershire) (Hybrid)

• Salary: 6,212 and 6,828 Swiss Francs per month (net of tax)
• Location: Geneva (Switzerland)
• Starting: September 2024
• Deadline: August 1st, 2024

• Location: Manchester
• Location: Broad Oak (Dorchester)
• Starting: January 2025
• Location: London and Manchester (Hybrid)
• Salary: Competitve
• Location: Chippenham (Wiltshire)

• Salary: £30,000
• Location: Bath and Bristol

• Salary: £38,000

• Location: Manchester (Hybrid)
• Salary: £32,000 - £35,000
• Location: Aylesbury (Buckinghamshire)

• Location: Leatherhead (Surrey)

• Salary: £32,000 - £36,000
• Location: Leicester

• Salary: £26,000 - £28,000
• Location: Cambridge and Glasgow

• Salary: Up to £30,000

• Salary: £28,000 + £2,700 Area Allowance (Total £30,700)
• Location: Stockley Park, Uxbridge (West London)

• Location: Birmingham (Hybrid)

• Salary: Salary of £27,000 during initial training, rising to £31,000 on completion
• Location: Oxford

• Salary: £27,000 during initial 5-month training period, rising to £31,000 on completion
• Location: Poole
• Location: Cirencester (Gloucestershire)

• Location: Thame (Oxfordshire)

Virtual Tour

Experience University of Idaho with a virtual tour. Explore now

• Discover a Career
• Find a Major
• Experience U of I Life

More Resources

• Admitted Students
• International Students

Take Action

• Find Financial Aid
• View Deadlines
• Find Your Rep

Helping to ensure U of I is a safe and engaging place for students to learn and be successful. Read about Title IX.

Get Involved

• Clubs & Volunteer Opportunities
• Recreation and Wellbeing
• Student Government
• Student Sustainability Cooperative
• Academic Assistance
• Safety & Security
• Career Services
• Health & Wellness Services
• Register for Classes
• Dates & Deadlines
• Financial Aid
• Sustainable Solutions
• U of I Library

• Upcoming Events

Review the events calendar.

Stay Connected

• Vandal Family Newsletter
• Here We Have Idaho Magazine
• Living on Campus
• Campus Safety
• About Moscow

The largest Vandal Family reunion of the year. Check dates.

Benefits and Services

• Vandal Voyagers Program
• Vandal License Plate
• Submit Class Notes
• Make a Gift
• View Events
• Alumni Chapters
• University Magazine
• Alumni Newsletter

U of I's web-based retention and advising tool provides an efficient way to guide and support students on their road to graduation. Login to VandalStar.

Common Tools

• Administrative Procedures Manual (APM)
• Class Schedule
• OIT Tech Support
• Academic Dates & Deadlines
• U of I Retirees Association
• Faculty Senate
• Staff Council

Department of Computer Science

Computer Science

Physical Address: Janssen Engineering Building 236

Computer Science University of Idaho 875 Perimeter Drive MS 1010 Moscow, ID 83844-1010

Phone: 208-885-6592

Fax: 208-885-9052

Email: [email protected]

Web: Computer Science

Student Services

Email: [email protected]

Degrees in Cybersecurity

Our department offers undergraduate and graduate degrees in cybersecurity. Our master's degree in cybersecurity is available remotely.

• B.S. Cybersecurity
• B.S. Computer Science in Coeur d’Alene
• CyberCorps: Scholarship for Service
• Minor - Cybersecurity
• Cybersecurity Undergraduate Academic Certificate
• Robotics Systems Undergraduate Academic Certificate
• M.S. Cybersecurity
• Robotics Engineering Graduate Academic Certificate
• Secure and Dependable Computing Systems Graduate Academic Certificate

As one of the National Security Agency’s first seven National Centers of Academic Excellence in Cyber Defense Education , University of Idaho Vandals are leading advanced cybersecurity training and education.

Students receive 1-on-1 mentorship from nationally and internationally recognized professional faculty with Ph.D.s in the field of cybersecurity, with expertise in power engineering, information assurance, industrial control systems and transportation. U of I Distinguished Professors Jim Alves-Foss , Ph.D. and Brian Johnson , Ph.D., P.E. lead the cybersecurity program.

• No. 1 Best Value Public University in the West – ranked for the fourth year in a row by U.S. News and World Report . We’re also the only public university in Idaho to be ranked best value by Forbes , Money , and The Princeton Review .
• Top 7 in the Nation for “infusing real-world experiences into engineering education” through our undergraduate Senior Capstone Design Program – National Academy of Engineering
• CyberCorps®: Scholarship for Service (SFS) – Administered through U of I’s Center for Secure and Dependable Systems , the SFS program provides tuition stipends through the National Science Foundation of up to $27,000 to train undergraduates for cybersecurity jobs at federal, state, local and tribal agencies.
• Personalized Attention from nationally and internationally recognized faculty and staff through small class sizes, 1-on-1 interaction, mentorship, advising and research collaboration. All faculty  hold Ph.D.s in their field.
• 94% Graduate with Jobs or are enrolled in graduate education or military service – First Destination Survey
• Highest Salary Earnings for early- and mid-career undergraduate degree recipients than any other public university in Idaho – Payscale
• More Scholarships Awarded than any 4-year public engineering college in Idaho.
• Hands-On Experience, Guaranteed ALL U of I College of Engineering students participate in hands-on experiences, through our nationally recognized Senior Capstone Design Program   and Engineering Design EXPO , Cooperative Education Program (Co-op) , Idaho’s only Grand Challenge Scholars Program   and paid undergraduate assistantships.

Cybersecurity and the Internet of Everything

College of Engineering Offers Unique Education and Research Opportunities in Cybersecurity and Protecting Idaho’s Critical Infrastructure

5 of the highest-paying cybersecurity jobs right now

The field of cybersecurity is seeing incredible demand. Cybersecurity Ventures , a researcher and publisher that covers the international cyber economy, estimates that there are currently 3.5 million unfilled cybersecurity jobs globally, and that “the disparity between demand and supply will remain through at least 2025.”

With many cybersecurity jobs paying six-figure salaries—and some roles offering pay packages of nearly $1 million for top C-suite cyber talent—cybersecurity is an in-demand and well-paying field. Here are six of the highest-paying cybersecurity jobs.

Master’s in Cybersecurity Online From UC Berkeley

The UC Berkeley School of Information’s online Master of Information and Cybersecurity prepares students to become leaders in cybersecurity. No GRE/GMAT required.

1. Chief Information Security Officer

Average salary: $243,096 per year, according to Salary.com

Salary range: $192,085 to $304,391, according to Salary.com

Highest-paying cities for cybersecurity managers: Menlo Park, California ($188,788), Sunnyvale, California ($186,068), Livermore, California ($185,972), according to ZipRecruiter

Job description: A chief information security officer (CISO) is a C-suite executive who oversees the entirety of a company’s security operation. A CISO works to avoid security threats and reduce data breach risks by developing, implementing, and enforcing policies and procedures to protect an organization’s data. 

Jerry Perullo, a professor of the practice in Georgia Tech’s School of Cybersecurity and Privacy and a former CISO, says the role “really sets the priorities for cybersecurity risk management at a company. They build a program. They hire and manage talent. And they assess different cyber threats that are out there and figure out which ones are important to the company.”

Education: Earning a bachelor’s degree in a related discipline is a good starter, and additional education is often expected. Master’s and sometimes doctorate degrees in more focused fields are sometimes necessary for this role, according to Cybersecurity Guide . 

2. Director of Information Security  

Average salary: $189,692, according to Salary.com

Salary range: $154,082 to $229,357, according to Salary.com

Highest-paying cities for directors of information security: San Francisco, California ($221,043), Phoenix, Arizona ($214,014), San Antonio, Texas ($205,255), according to Indeed

Job description: Like a CISO, the director of information security is a top-level role at an organization that works to ensure the safety of its information assets. A director of information security oversees the day-to-day operations of an organization’s security apparatus, including responding to cybersecurity attacks, performing risk assessments and maintaining security controls. “They’re looking for signs of potential attacks,” explains Perullo. “They’re reacting to those and investigating. And if they find that there’s some kind of incident, then they’re figuring out what needs to be done to contain the incident. And then, they might be learning from that and engineering new processes to detect similar activity in the future.”

Education: ZipRecruiter recommends a bachelor’s degree in computer science, database administration, or IT security, and states that larger firms seek candidates with more advanced degrees in IT or computer-related subjects.

3. Cybersecurity Architect

Average salary: $147,785 per year, according to Indeed

Salary range: $94,555 to $230,982, according to Indeed

Highest-paying cities for cybersecurity architects: San Francisco, California ($192,146), Denver, Colorado ($191,451), New York City, New York ($179,122), according to Indeed

Job description: A cybersecurity architect works to plan, design, test, implement, and maintain an organization’s computer and network security infrastructures. This role must anticipate an organization’s weaknesses, thinking like a hacker while conducting ethical hacks, vulnerability assessments, and penetration tests.

Education: In addition to a bachelor’s in cybersecurity or computer science, Cybersecurity Guide recommends a master’s degree in cybersecurity or a related field as this is a management-level role.

4. Cybersecurity Engineer

Average salary: $150,000 per year, according to Glassdoor

Salary range: $122,000 to $188,000, according to Glassdoor

High demand cities for cybersecurity engineers: Washington, D.C. ($111,676), New York, N.Y. ($115,836), and Dallas, Texas ($112,714), according to Monster

Job description: A cybersecurity engineer works to identify and nullify threats to an organization’s network and computer systems. In the event of a cyberattack, a cybersecurity engineer will enact security procedures to safeguard data. “The cybersecurity engineer usually collaborates with other teams, like the infrastructure teams architecture team. to make sure that we engineer and develop security,” says Dalal Alharthi, an assistant professor of cybersecurity at the University of Arizona’s College of Applied Science & Technology .

Education: According to Cybersecurity Guide , these roles usually require a bachelor’s in cybersecurity or a closely related field like mathematics or computer science. More senior or management-oriented roles may require a master’s.

5. Application Security Engineer

Average salary: $138,180 per year, according to Indeed

Salary range: $92,456 to $206,498, according to Indeed

Highest-paying cities for application security engineers: San Francisco, California ($208,826), Los Angeles, California ($167,610), Dallas, Texas ($164,938), according to Indeed

Job description: Application security engineers make sure that an organization’s applications run correctly and securely. Working alongside development teams, application security engineers create security control measures through the software development lifestyle and endeavor to pinpoint and mitigate security vulnerabilities. “It’s a security assurance function, meaning it’s proactive, it’s trying to find a response to the problem,” Perullo says. “They’re checking behind [app developers], checking up on their code, and seeing if there were any mistakes made that can lead to a security vulnerability.”

Education: Employers may require a bachelor’s degree in a related field for this role, such as computer science or information systems. According to ZipRecruiter , many employers require a master’s degree for their application security engineers. Proficiency in several programming languages is needed for this role.

Is a cybersecurity job worth it?

Despite the recent major layoffs in the tech field over the past two years, cybersecurity jobs remain in high demand. Workers with extensive cybersecurity backgrounds are seeing “near-zero” unemployment, according to Cybersecurity Ventures . The shortage in cybersecurity workers means that IT workers are having to “shoulder a security burden.”

Still, cybersecurity jobs can be stressful. In a recent survey conducted by cybersecurity company Deep Instinct , 55% of security professionals said that their stress level had increased over the previous year, with limited staffing and resources being the main cause. Some 51% reported that they may leave their jobs over the next year because of the threats and stress caused by generative AI.

The takeaway  

Cybersecurity is an in-demand and well-paying field with roughly 3.5 million unfilled jobs globally. Many jobs pay six-figures, and some top talent receive nearly $1 million in compensation. Still, cybersecurity jobs can be stressful, and generative AI has only increased that stress. To ascend to higher positions in this field, a bachelor’s and a master’s in cybersecurity or a related field is generally recommended.

Perullo recommends that those looking to increase their job prospects create virtual environments online through Amazon Web Services and experiment with different types of cybersecurity attacks.

“People really look for signs of self-education, of scrappiness,” Perullo says. with the advent of so much open-source software, cloud computing, there’s really no excuse why a career candidate can’t, for free, online, pick up a lot of skills.”

See how the schools you’re considering fared in Fortune’s rankings of the best master’s degree programs in data science ( in-person and online ), nursing , computer science , cybersecurity , psychology , public health , and business analytics , as well as the doctorate in education programs MBA programs ( part-time , executive , full-time , and online ).

• Looking into learning more about cybersecurity? Check out our ranking of the best masters in cybersecurity programs .
• Our list of affordable online masters in cybersecurity programs can help you find the school that best fits your budget.
• Achieve your goal of becoming an expert in data science by choosing from our list of the best masters in data science programs.
• Interested in computer science? Here’s our ranking of the best online computer science masters programs .
• Cybersecurity is essential in the modern workforce, and one of the best cybersecurity bootcamps can help you hone that skill.

Hawai‘i Pacific University MS in Cybersecurity

The online MS in Cybersecurity program from Hawai‘i Pacific University prepares students to defend their organization from data breaches, strengthen their résumé by taking key certification exams, and advance their career as responsible leaders in cybersecurity.

MBA rankings

• Best Online MBA Programs for 2024
• Best Online Master’s in Accounting Programs for 2024
• Best MBA Programs for 2024
• Best Executive MBA Programs for 2024
• Best Part-Time MBA Programs for 2024
• 25 Most Affordable Online MBAs for 2024
• Best Online Master’s in Business Analytics Programs for 2024

Information technology & data rankings

• Best Online Master’s in Data Science Programs for 2024
• Most Affordable Master’s in Data Science for 2024
• Best Master’s in Cybersecurity Degrees for 2024
• Best Online Master’s in Cybersecurity Degrees for 2024
• Best Online Master’s in Computer Science Degrees for 2024
• Best Master’s in Data Science Programs for 2024
• Most Affordable Online Master’s in Data Science Programs for 2024
• Most Affordable Online Master’s in Cybersecurity Degrees for 2024

Health rankings

• Best Online MSN Nurse Practitioner Programs for 2024
• Accredited Online Master’s of Social Work (MSW) Programs for 2024
• Best Online Master’s in Nursing (MSN) Programs for 2024
• Best Online Master’s in Public Health (MPH) Programs for 2024
• Most Affordable Online MSN Nurse Practitioner Programs for 2024
• Best Online Master’s in Psychology Programs for 2024

Leadership rankings

• Best Online Doctorate in Education (EdD) Programs for 2024
• Most Affordable Online Doctorate in Education (EdD) Programs for 2024
• Coding Bootcamps in New York for 2024
• Best Data Science and Analytics Bootcamps for 2024
• Best Cybersecurity Bootcamps for 2024
• Best UX/UI bootcamps for 2024

Boarding schools

• World’s Leading Boarding Schools for 2024
• Top Boarding School Advisors for 2024

Online Syracuse University M.S. in Cybersecurity

Syracuse University’s online M.S. in Cybersecurity prepares students to effectively combat cybercrime. No GRE currently required, but a master’s degree is preferred.

• Cyber Crime
• Cyber warfare
• Data Breach
• Intelligence
• Internet of Things
• Laws and regulations
• Social Networks

Avast released a decryptor for DoNex Ransomware and its predecessors

Rockyou2024 compilation containing 10 billion passwords was leaked online, critical ghostscript flaw exploited in the wild. patch it now, apple removed 25 vpn apps from the app store in russia following moscow's requests, cisa adds cisco nx-os command injection bug to its known exploited vulnerabilities catalog.

Apache fixed a source code disclosure flaw in Apache HTTP Server

Security Affairs Malware Newsletter - Round 1

Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION

Alabama State Department of Education suffered a data breach following a blocked attack

GootLoader is still active and efficient

Hackers stole OpenAI secrets in a 2023 security breach

Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes

Polyfill.io Supply Chain Attack: 384,773 hosts still embedding a polyfill JS script linking to the malicious domain

New Golang-based Zergeca Botnet appeared in the threat landscape

Microsoft discloses 2 flaws in Rockwell Automation PanelView Plus

Hackers compromised Ethereum mailing list and launched a crypto draining attack

OVHcloud mitigated a record-breaking DDoS attack in April 2024

Healthcare fintech firm HealthEquity disclosed a data breach

Brazil data protection authority bans Meta from training AI models with data originating in the country

Splunk fixed tens of flaws in Splunk Enterprise and Cloud Platform

Operation Morpheus took down 593 Cobalt Strike servers used by threat actors

LockBit group claims the hack of the Fairfield Memorial Hospital in the US

American Patelco Credit Union suffered a ransomware attack

Polish government investigates Russia-linked cyberattack on state news agency

Evolve Bank data breach impacted fintech firms Wise and Affirm

Prudential Financial data breach impacted over 2.5 million individuals

Australian man charged for Evil Twin Wi-Fi attacks on domestic flights

China-linked APT exploited Cisco NX-OS zero-day to deploy custom malware

Critical unauthenticated remote code execution flaw in OpenSSH server

Monti gang claims the hack of the Wayne Memorial Hospital in Pennsylvania

Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769

Russia-linked Midnight Blizzard stole email of more Microsoft customers

Russia-linked group APT29 likely breached TeamViewer's corporate network

Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION

Infosys McCamish Systems data breach impacted over 6 million people

A cyberattack shut down the University Hospital Centre Zagreb in Croatia

US announces a $10M reward for Russia's GRU hacker behind attacks on Ukraine

LockBit group falsely claimed the hack of the Federal Reserve

CISA adds GeoSolutionsGroup JAI-EXT, Linux Kernel, and Roundcube Webmail bugs to its Known Exploited Vulnerabilities catalog

New P2Pinfect version delivers miners and ransomware on Redis servers

New MOVEit Transfer critical bug is actively exploited

New Caesar Cipher Skimmer targets popular CMS used by e-stores

Mirai-like botnet is exploiting recently disclosed Zyxel NAS flaw

Wikileaks founder Julian Assange is free

CISA confirmed that its CSAT environment was breached in January.

Threat actors compromised 1,590 CoinStats crypto wallets

Experts observed approximately 120 malicious campaigns using the Rafel RAT

LockBit claims the hack of the US Federal Reserve

Ransomware threat landscape Jan-Apr 2024: insights and challenges

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

Threat actor attempts to sell 30 million customer records allegedly stolen from TEG

Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION

Threat actors are actively exploiting SolarWinds Serv-U bug CVE-2024-28995

US government sanctions twelve Kaspersky Lab executives

Experts found a bug in the Linux version of RansomHub ransomware

UEFICANHAZBUFFEROVERFLOW flaw in Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models

Russia-linked APT Nobelium targets French diplomatic entities

US bans sale of Kaspersky products due to risks to national security

Atlassian fixed six high-severity bugs in Confluence Data Center and Server

China-linked spies target Asian Telcos since at least 2021

New Rust infostealer Fickle Stealer spreads through various attack methods

An unpatched bug allows anyone to impersonate Microsoft corporate email accounts

Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale

Alleged researchers stole $3 million from Kraken exchange

Google Chrome 126 update addresses multiple high-severity flaws

Chip maker giant AMD investigates a data breach

Cryptojacking campaign targets exposed Docker APIs

VMware fixed RCE and privilege escalation bugs in vCenter Server

Meta delays training its AI using public content shared by EU users 

Keytronic confirms data breach after ransomware attack

The Financial Dynamics Behind Ransomware Attacks

Empire Market owners charged with operating $430M dark web marketplace

China-linked Velvet Ant uses F5 BIG-IP malware in cyber espionage campaign

LA County’s Department of Public Health (DPH) data breach impacted over 200,000 individuals

Spanish police arrested an alleged member of the Scattered Spider group

Online job offers, the reshipping and money mule scams

Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION

ASUS fixed critical remote authentication bypass bug in several routers

London hospitals canceled over 800 operations in the week after Synnovis ransomware attack

DORA Compliance Strategy for Business Leaders

CISA adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog

City of Cleveland still working to fully restore systems impacted by a cyber attack

Google fixed an actively exploited zero-day in the Pixel Firmware

Multiple flaws in Fortinet FortiOS fixed

CISA adds Arm Mali GPU Kernel Driver, PHP bugs to its Known Exploited Vulnerabilities catalog

Ukraine Police arrested a hacker who developed a crypter used by Conti and LockBit ransomware operation

JetBrains fixed IntelliJ IDE flaw exposing GitHub access tokens

Microsoft Patch Tuesday security updates for June 2024 fixed only one critical issue

Cylance confirms the legitimacy of data offered for sale in the dark web

Arm zero-day in Mali GPU Drivers actively exploited in the wild

Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. Patch it now!

Japanese video-sharing platform Niconico was victim of a cyber attack

UK NHS call for O-type blood donations following ransomware attack on London hospitals

Christie’s data breach impacted 45,798 individuals

Sticky Werewolf targets the aviation industry in Russia and Belarus

Frontier Communications data breach impacted over 750,000 individuals

PHP addressed critical RCE flaw potentially impacting millions of servers

Security Affairs newsletter Round 475 by Pierluigi Paganini – INTERNATIONAL EDITION

SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform

Pandabuy was extorted twice by the same threat actor

UAC-0020 threat actor used the SPECTR Malware to target Ukraine's defense forces

A new Linux version of TargetCompany ransomware targets VMware ESXi environments

FBI obtained 7,000 LockBit decryption keys, victims should contact the feds to get support

RansomHub operation is a rebranded version of the Knight RaaS

Malware can steal data collected by the Windows Recall tool, experts warn

Cisco addressed Webex flaws used to compromise German government meetings

CNN, Paris Hilton, and Sony TikTok accounts hacked via DMs

Zyxel addressed three RCEs in end-of-life NAS devices

A ransomware attack on Synnovis impacted several London hospitals

RansomHub gang claims the hack of the telecommunications giant Frontier Communications

Cybercriminals attack banking customers in EU with V3B phishing kit - PhotoTAN and SmartID supported.

Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers

Multiple flaws in Cox modems could have impacted millions of devices

CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog

Spanish police shut down illegal TV streaming network

APT28 targets key networks in Europe with HeadLace malware

Experts found information of European politicians on the dark web

FlyingYeti targets Ukraine using WinRAR exploit to deliver COOKBOX Malware

Security Affairs newsletter Round 474 by Pierluigi Paganini – INTERNATIONAL EDITION

Ticketmaster confirms data breach impacting 560 million customers

Critical Apache Log4j2 flaw still threatens global finance

Crooks stole more than $300M worth of Bitcoin from the exchange DMM Bitcoin

ShinyHunters is selling data of 30 million Santander customers

Over 600,000 SOHO routers were destroyed by Chalubo malware in 72 hours 

LilacSquid APT targeted organizations in the U.S., Europe, and Asia since at least 2021

BBC disclosed a data breach impacting its Pension Scheme members

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

Experts found a macOS version of the sophisticated LightSpy spyware

Operation Endgame, the largest law enforcement operation ever against botnets

Law enforcement operation dismantled 911 S5 botnet

Okta warns of credential stuffing attacks targeting its Cross-Origin Authentication feature

Check Point released hotfix for actively exploited VPN zero-day

ABN Amro discloses data breach following an attack on a third-party provider

Christie disclosed a data breach after a RansomHub attack

Experts released PoC exploit code for RCE in Fortinet SIEM

WordPress Plugin abused to install e-skimmers in e-commerce sites

TP-Link Archer C5400X gaming router is affected by a critical flaw

Sav-Rx data breach impacted over 2.8 million individuals

The Impact of Remote Work and Cloud Migrations on Security Perimeters

New ATM Malware family emerged in the threat landscape

A high-severity vulnerability affects Cisco Firepower Management Center

CERT-UA warns of malware campaign conducted by threat actor UAC-0006

Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION

Malware-laced JAVS Viewer deploys RustDoor implant in supply chain attack

Fake AV websites used to distribute info-stealer malware

MITRE December 2023 attack: Threat actors created rogue VMs to evade detection

An XSS flaw in GitLab allows attackers to take over accounts

Google fixes eighth actively exploited Chrome zero-day this year, the third in a month

CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog

Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors

Recall feature in Microsoft Copilot+ PCs raises privacy and security concerns

APT41: The threat of KeyPlug against Italian industries

Critical SQL Injection flaws impact Ivanti Endpoint Manager (EPM)

Chinese actor 'Unfading Sea Haze' remained undetected for five years

A consumer-grade spyware app found in check-in systems of 3 US hotels

Critical Veeam Backup Enterprise Manager authentication bypass bug

Cybercriminals are targeting elections in India with influence campaigns

Critical GitHub Enterprise Server Authentication Bypass bug. Fix it now!

OmniVision disclosed a data breach after the 2023 Cactus ransomware attack

CISA adds NextGen Healthcare Mirth Connect flaw to its Known Exploited Vulnerabilities catalog

Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors

Experts warn of a flaw in Fluent Bit utility that is used by major cloud platforms and firms

Experts released PoC exploit code for RCE in QNAP QTS

GitCaught campaign relies on Github and Filezilla to deliver multiple malware

Two students uncovered a flaw that allows to use laundry machines for free

Grandoreiro Banking Trojan is back and targets banks worldwide

Healthcare firm WebTPA data breach impacted 2.5 million individuals

Security Affairs newsletter Round 472 by Pierluigi Paganini – INTERNATIONAL EDITION

North Korea-linked Kimsuky used a new Linux backdoor in recent attacks

North Korea-linked IT workers infiltrated hundreds of US firms

Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

City of Wichita disclosed a data breach after the recent ransomware attack

CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog

CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog

North Korea-linked Kimsuky APT attack targets victims via Messenger

Electronic prescription provider MediSecure impacted by a ransomware attack

Google fixes seventh actively exploited Chrome zero-day this year, the third in a week

Santander: a data breach at a third-party provider impacted customers and employees

FBI seized the notorious BreachForums hacking forum

A Tornado Cash developer has been sentenced to 64 months in prison

Adobe fixed multiple critical flaws in Acrobat and Reader

Ransomware attack on Singing River Health System impacted 895,000 people

Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days

VMware fixed zero-day flaws demonstrated at Pwn2Own Vancouver 2024

MITRE released EMB3D Threat Model for embedded devices

Google fixes sixth actively exploited Chrome zero-day this year

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Threat actors may have exploited a zero-day in older iPhones, Apple warns

City of Helsinki suffered a data breach

Russian hackers defaced local British news sites

Australian Firstmac Limited disclosed a data breach after cyber attack

Pro-Russia hackers targeted Kosovo’s government websites

Security Affairs newsletter Round 471 by Pierluigi Paganini – INTERNATIONAL EDITION

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

Ohio Lottery data breach impacted over 538,000 individuals

Notorius threat actor IntelBroker claims the hack of the Europol

A cyberattack hit the US healthcare giant Ascension

Google fixes fifth actively exploited Chrome zero-day this year

Russia-linked APT28 targets government Polish institutions

Citrix warns customers to update PuTTY version installed on their XenCenter system manually

Dell discloses data breach impacting millions of customers

Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs

Zscaler is investigating data breach claims

Experts warn of two BIG-IP Next Central Manager flaws that allow device takeover

LockBit gang claimed responsibility for the attack on City of Wichita

New TunnelVision technique can bypass the VPN encapsulation

LiteSpeed Cache WordPress plugin actively exploited in the wild

Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606

UK Ministry of Defense disclosed a third-party data breach exposing military personnel data 

Law enforcement agencies identified LockBit ransomware admin and sanctioned him

MITRE attributes the recent attack to China-linked UNC5221

Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering

City of Wichita hit by a ransomware attack

El Salvador suffered a massive leak of biometric data

Finland authorities warn of Android malware campaign targeting bank users

NATO and the EU formally condemned Russia-linked APT28 cyber espionage

Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION

Blackbasta gang claimed responsibility for Synlab Italia attack

LockBit published data stolen from Simone Veil hospital in Cannes

Russia-linked APT28 and crooks are still using the Moobot botnet

Dirty stream attack poses billions of Android installs at risk

ZLoader Malware adds Zeus's anti-analysis feature

Ukrainian REvil gang member sentenced to 13 years in prison

HPE Aruba Networking addressed four critical ArubaOS RCE flaws

Threat actors hacked the Dropbox Sign production environment

CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog

Panda Restaurant Group disclosed a data breach

Ex-NSA employee sentenced to 262 months in prison for attempting to transfer classified documents to Russia

Cuttlefish malware targets enterprise-grade SOHO routers

A flaw in the R programming language could allow code execution

Muddling Meerkat, a mysterious DNS Operation involving China's Great Firewall

Notorious Finnish Hacker sentenced to more than six years in prison

CISA guidelines to protect critical infrastructure against AI-based threats

NCSC: New UK law bans default passwords on smart devices

The FCC imposes $200 million in fines on four US carriers for unlawfully sharing user location data

Google prevented 2.28 million policy-violating apps from being published on Google Play in 2023

Financial Business and Consumer Solutions (FBCS) data breach impacted 2M individuals

Cyber-Partisans hacktivists claim to have breached Belarus KGB

The Los Angeles County Department of Health Services disclosed a data breach

Multiple Brocade SANnav SAN Management SW flaws allow device compromise

ICICI Bank exposed credit card data of 17000 customers

Okta warns of unprecedented scale in credential stuffing attacks on online services

Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION

Targeted operation against Ukraine exploited 7-year-old MS Office bug

Hackers may have accessed thousands of accounts on the California state welfare platform

Brokewell Android malware supports an extensive set of Device Takeover capabilities

Experts warn of an ongoing malware campaign targeting WP-Automatic plugin

Cryptocurrencies and cybercrime: A critical intermingling

Kaiser Permanente data breach may have impacted 13.4 million patients

Over 1,400 CrushFTP internet-facing servers vulnerable to CVE-2024-4040 bug

Sweden’s liquor supply severely impacted by ransomware attack on logistics company

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

DOJ arrested the founders of crypto mixer Samourai for facilitating $2 Billion in illegal transactions

Google fixed critical Chrome vulnerability CVE-2024-4058

Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks

Hackers hijacked the eScan Antivirus update mechanism in malware campaign

US offers a $10 million reward for information on four Iranian nationals

The street lights in Leicester City cannot be turned off due to a cyber attack

North Korea-linked APT groups target South Korean defense contractors

U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity

A cyber attack paralyzed operations at Synlab Italia

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Hackers threaten to leak a copy of the World-Check database used to assess potential risks associated with entities

A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites

Akira ransomware received $42M in ransom payments from over 250 victims

DuneQuixote campaign targets the Middle East with a complex backdoor

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

Critical CrushFTP zero-day exploited in attacks in the wild

A French hospital was forced to reschedule procedures after cyberattack

MITRE revealed that nation-state actors breached its systems via Ivanti zero-days

FBI chief says China is preparing to attack US critical infrastructure

United Nations Development Programme (UNDP) investigates data breach

FIN7 targeted a large U.S. carmaker with phishing attacks

Law enforcement operation dismantled phishing-as-a-service platform LabHost

Previously unknown Kapeka backdoor linked to Russian Sandworm APT

Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available

Linux variant of Cerber ransomware targets Atlassian servers

Ivanti fixed two critical flaws in its Avalanche MDM

Researchers released exploit code for actively exploited Palo Alto PAN-OS bug

Cisco warns of large-scale brute-force attacks against VPN and SSH services

PuTTY SSH Client flaw allows of private keys recovery

A renewed espionage campaign targets South Asia with iOS spyware LightSpy

Misinformation and hacktivist campaigns targeting the Philippines skyrocket

Russia is trying to sabotage European railways, Czech minister said

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia 

Cisco Duo warns telephony supplier data breach exposed MFA SMS logs

Ukrainian Blackjack group used ICS malware Fuxnet against Russian targets

CISA adds Palo Alto Networks PAN-OS Command Injection flaw to its Known Exploited Vulnerabilities catalog

Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor

U.S. and Australian police arrested Firebird RAT author and operator

Canadian retail chain Giant Tiger data breach may have impacted millions of customers

Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION

Crooks manipulate GitHub's search results to distribute malware

BatBadBut flaw allowed an attacker to perform command injection on Windows

Roku disclosed a new security breach impacting 576,000 accounts

LastPass employee targeted via an audio deepfake call

TA547 targets German organizations with Rhadamanthys malware

CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog

US CISA published an alert on the Sisense data breach

Palo Alto Networks fixed multiple DoS bugs in its firewalls

Apple warns of mercenary spyware attacks on iPhone users in 92 countries

Microsoft fixed two zero-day bugs exploited in malware attacks

Group Health Cooperative data breach impacted 530,000 individuals

AT&T states that the data breach impacted 51 million former and current customers

Fortinet fixed a critical remote code execution bug in FortiClientLinux

Microsoft Patches Tuesday security updates for April 2024 fixed hundreds of issues

Cybersecurity in the Evolving Threat Landscape

Over 91,000 LG smart TVs running webOS are vulnerable to hacking

ScrubCrypt used to drop VenomRAT along with many malicious plugins

Google announces V8 Sandbox to protect Chrome users

China is using generative AI to carry out influence operations

Greylock McKinnon Associates data breach exposed DOJ data of 341650 people

Crowdfense is offering a larger 30M USD exploit acquisition program

U.S. Department of Health warns of attacks against IT help desks

Security Affairs newsletter Round 466 by Pierluigi Paganini – INTERNATIONAL EDITION

Over 92,000 Internet-facing D-Link NAS devices can be easily hacked

More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894

Cisco warns of XSS flaw in end-of-life small business routers

Magento flaw exploited to deploy persistent backdoor hidden in XML

Cyberattack disrupted services at Omni Hotels & Resorts

HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks

US cancer center City of Hope: data breach impacted 827149 individuals

Ivanti fixed for 4 new issues in Connect Secure and Policy Secure

Jackson County, Missouri, discloses a ransomware attack

Google addressed another Chrome zero-day exploited at Pwn2Own in March

The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse

Google fixed two actively exploited Pixel vulnerabilities

Highly sensitive files mysteriously disappeared from EUROPOL headquarters

XSS flaw in WordPress WP-Members Plugin can lead to script injection

Binarly released the free online scanner to detect the CVE-2024-3094 Backdoor

Google agreed to erase billions of browser records to settle a class action lawsuit

PandaBuy data breach allegedly impacted over 1.3 million customers

OWASP discloses a data breach

New Vultur malware version includes enhanced remote control and evasion capabilities

Pentagon established the Office of the Assistant Secretary of Defense for Cyber Policy

Info stealer attacks target macOS users

Security Affairs newsletter Round 465 by Pierluigi Paganini – INTERNATIONAL EDITION

DinodasRAT Linux variant targets users worldwide

AT&T confirmed that a data breach impacted 73 million customers

Expert found a backdoor in XZ tools used many Linux distributions

German BSI warns of 17,000 unpatched Microsoft Exchange servers

Cisco warns of password-spraying attacks targeting Secure Firewall devices

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Cisco addressed high-severity flaws in IOS and IOS XE software

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

The DDR Advantage: Real-Time Data Defense

Finnish police linked APT31 to the 2021 parliament attack

TheMoon bot infected 40,000 devices in January and February

UK, New Zealand against China-linked cyber operations

US Treasury Dep announced sanctions against members of China-linked APT31

CISA adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog

Iran-Linked APT TA450 embeds malicious links in PDF attachments

StrelaStealer targeted over 100 organizations across the EU and US

GoFetch side-channel attack against Apple systems allows secret keys extraction

Security Affairs newsletter Round 464 by Pierluigi Paganini – INTERNATIONAL EDITION

Cybercriminals Accelerate Online Scams During Ramadan and Eid Fitr

Russia-linked APT29 targeted German political parties with WINELOADER backdoor

Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024

Large-scale Sign1 malware campaign already infected 39,000+ WordPress sites

German police seized the darknet marketplace Nemesis Market

Unsaflok flaws allow to open millions of doors using Dormakaba Saflok electronic locks

Pwn2Own Vancouver 2024: participants earned $1,132,500 for 29 unique 0-days

Critical Fortinet's FortiClient EMS flaw actively exploited in the wild

Pwn2Own Vancouver 2024 Day 1 - team Synacktiv hacked a Tesla

New Loop DoS attack may target 300,000 vulnerable hosts

Critical flaw in Atlassian Bamboo Data Center and Server must be fixed immediately

Threat actors actively exploit JetBrains TeamCity flaws to deliver malware

BunnyLoader 3.0 surfaces in the threat landscape

Pokemon Company resets some users' passwords

Ukraine cyber police arrested crooks selling 100 million compromised accounts

New AcidPour wiper targets Linux x86 devices. Is it a Russia's weapon?

Players hacked during the matches of Apex Legends Global Series. Tournament suspended

Earth Krahang APT breached tens of government organizations worldwide

PoC exploit for critical RCE flaw in Fortra FileCatalyst transfer tool released

Fujitsu suffered a malware attack and probably a data breach

Remove WordPress miniOrange plugins, a critical flaw can allow site takeover

The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats

Email accounts of the International Monetary Fund compromised

Threat actors leaked 70,000,000+ records allegedly stolen from AT&T

“gitgub” malware campaign targets Github users with RisePro info-stealer

Security Affairs newsletter Round 463 by Pierluigi Paganini – INTERNATIONAL EDITION

France Travail data breach impacted 43 Million people

Scranton School District in Pennsylvania suffered a ransomware attack

Lazarus APT group returned to Tornado Cash to launder stolen funds

Moldovan citizen sentenced in connection with the E-Root cybercrime marketplace case

UK Defence Secretary jet hit by an electronic warfare attack in Poland

Cisco fixed high-severity elevation of privilege and DoS bugs

Recent DarkGate campaign exploited Microsoft Windows zero-day

Nissan Oceania data breach impacted roughly 100,000 people

Researchers found multiple flaws in ChatGPT plugins

Fortinet fixes critical bugs in FortiOS, FortiProxy, and FortiClientEMS

Acer Philippines disclosed a data breach after a third-party vendor hack

Stanford University announced that 27,000 individuals were impacted in the 2023 ransomware attack

Microsoft Patch Tuesday security updates for March 2024 fixed 59 flaws

Russia's Foreign Intelligence Service (SVR) alleges US is plotting to interfere in presidential election

First-ever South Korean national detained for espionage in Russia

Insurance scams via QR codes: how to recognise and defend yourself

Massive cyberattacks hit French government agencies

BianLian group exploits JetBrains TeamCity bugs in ransomware attacks

Experts released PoC exploit for critical Progress Software OpenEdge bug

Magnet Goblin group used a new Linux variant of NerbianRAT malware

Hackers exploited WordPress Popup Builder plugin flaw to compromise 3,300 sites

Lithuania security services warn of China's espionage against the country

Security Affairs newsletter Round 462 by Pierluigi Paganini – INTERNATIONAL EDITION

Threat actors breached two crucial systems of the US CISA

CISA adds JetBrains TeamCity bug to its Known Exploited Vulnerabilities catalog

Critical Fortinet FortiOS bug CVE-2024-21762 potentially impacts 150,000 internet-facing devices

QNAP fixed three flaws in its NAS devices, including an authentication bypass

Russia-linked Midnight Blizzard breached Microsoft systems again

Cisco addressed severe flaws in its Secure Client

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

2023 FBI Internet Crime Report reported cybercrime losses reached $12.5 billion in 2023

National intelligence agency of Moldova warns of Russia attacks ahead of the presidential election

CISA adds Apple iOS and iPadOS memory corruption bugs to its Known Exploited Vulnerabilities Catalog

Linux Malware targets misconfigured misconfigured Apache Hadoop, Confluence, Docker, and Redis servers

CISA ADDS ANDROID PIXEL AND SUNHILLO SURELINE BUGS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks

LockBit 3.0’s Bungled Comeback Highlights the Undying Risk of Torrent-Based (P2P) Data Leakage

Apple emergency security updates fix two new iOS zero-days

VMware urgent updates addressed Critical ESXi Sandbox Escape bugs

US Gov sanctioned Intellexa Consortium individuals and entities behind Predator spyware attacks

CISA ADDS MICROSOFT WINDOWS KERNEL BUG USED BY LAZARUS APT TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Experts disclosed two severe flaws in JetBrains TeamCity On-Premises software

Ukraine's GUR hacked the Russian Ministry of Defense

Some American Express customers' data exposed in a third-party data breach

META hit with privacy complaints by EU consumer groups

New GTPDOOR backdoor is designed to target telecom carrier networks

Threat actors hacked Taiwan-based Chunghwa Telecom

New Linux variant of BIFROSE RAT uses deceptive domain strategies

Eken camera doorbells allow ill-intentioned individuals to spy on you

Security Affairs newsletter Round 461 by Pierluigi Paganini – INTERNATIONAL EDITION

U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp

U.S. authorities charged an Iranian national for long-running hacking campaign

US cyber and law enforcement agencies warn of Phobos ransomware attacks

Police seized Crimemarket, the largest German-speaking cybercrime marketplace

Five Eyes alliance warns of attacks exploiting known Ivanti Gateway flaws

Crooks stole €15 Million from European retail company Pepco

CISA adds Microsoft Streaming Service bug to its Known Exploited Vulnerabilities catalog

Researchers found a zero-click Facebook account takeover

New SPIKEDWINE APT group is targeting officials in Europe

Is the LockBit gang resuming its operation?

Lazarus APT exploited zero-day in Windows driver to gain kernel privileges

Pharmaceutical giant Cencora discloses a data breach

Unmasking 2024's Email Security Landscape

FBI, CISA, HHS warn of targeted ALPHV/Blackcat ransomware attacks against the healthcare sector

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Black Basta and Bl00dy ransomware gangs exploit recent ConnectWise ScreenConnect bugs

XSS flaw in LiteSpeed Cache plugin exposes millions of WordPress sites at risk

Security Affairs newsletter Round 460 by Pierluigi Paganini – INTERNATIONAL EDITION

US GOV OFFERS A REWARD OF UP TO $15M FOR INFO ON LOCKBIT GANG MEMBERS AND AFFILIATES

New Redis miner Migo uses novel system weakening techniques

Critical flaw found in deprecated VMware EAP. Uninstall it immediately

Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers

ConnectWise fixed critical flaws in ScreenConnect remote access tool

More details about Operation Cronos that disrupted Lockbit operation

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

Operation Cronos: law enforcement disrupted the LockBit operation

A Ukrainian Raccoon Infostealer operator is awaiting trial in the US

Russia-linked APT TAG-70 targets European government and military mail servers exploiting Roundcube XSS

How BRICS Got "Rug Pulled" – Cryptocurrency Counterfeiting is on the Rise

SolarWinds addressed critical RCEs in Access Rights Manager (ARM)

ESET fixed high-severity local privilege escalation bug in Windows products

Security Affairs newsletter Round 459 by Pierluigi Paganini – INTERNATIONAL EDITION

Ukrainian national faces up to 20 years in prison for his role in Zeus, IcedID malware schemes

CISA: Cisco ASA/FTD bug CVE-2020-3259 exploited in ransomware attacks

CISA adds Microsoft Exchange and Cisco ASA and FTD bugs to its Known Exploited Vulnerabilities catalog

US gov offers a reward of up to $10M for info on ALPHV/Blackcat gang leaders

U.S. CISA: hackers breached a state government organization

Russia-linked Turla APT uses new TinyTurla-NG backdoor to spy on Polish NGOs

US Gov dismantled the Moobot botnet controlled by Russia-linked APT28

A cyberattack halted operations at Varta production plants

North Korea-linked actors breached the emails of a Presidential Office member

CISA adds Microsoft Windows bugs to its Known Exploited Vulnerabilities catalog

Nation-state actors are using AI services and LLMs for cyberattacks

Abusing the Ubuntu 'command-not-found' utility to install malicious packages

Zoom fixed critical flaw CVE-2024-24691 in Windows software

Adobe Patch Tuesday fixed critical vulnerabilities in Magento, Acrobat and Reader

Microsoft Patch Tuesday for February 2024 fixed 2 actively exploited 0-days

A ransomware attack took 100 Romanian hospitals down

Bank of America customer data compromised after a third-party services provider data breach

Ransomfeed - Third Quarter Report 2023 is out!

Global Malicious Activity Targeting Elections is Skyrocketing

Researchers released a free decryption tool for the Rhysida Ransomware

Residential Proxies vs. Datacenter Proxies: Choosing the Right Option

CISA adds Roundcube Webmail Persistent XSS bug to its Known Exploited Vulnerabilities catalog

Canada Gov plans to ban the Flipper Zero to curb car thefts

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

US Feds arrested two men involved in the Warzone RAT operation

Raspberry Robin spotted using two new 1-day LPE exploits

Security Affairs newsletter Round 458 by Pierluigi Paganini – INTERNATIONAL EDITION

CISA adds Fortinet FortiOS bug to its Known Exploited Vulnerabilities catalog

macOS Backdoor RustDoor likely linked to Alphv/BlackCat ransomware operations

Exploiting a vulnerable Minifilter Driver to create a process killer

Black Basta ransomware gang hacked Hyundai Motor Europe

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Ivanti warns of a new auth bypass flaw in its Connect Secure, Policy Secure, and ZTA gateway devices

26 Cyber Security Stats Every User Should Be Aware Of in 2024

US offers $10 million reward for info on Hive ransomware group leaders

Unraveling the truth behind the DDoS attack from electric toothbrushes

China-linked APT Volt Typhoon remained undetected for years in US infrastructure

Cisco fixes critical Expressway Series CSRF vulnerabilities

CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog

Fortinet addressed two critical FortiSIEM vulnerabilities

Experts warn of a critical bug in JetBrains TeamCity On-Premises

Critical shim bug impacts every Linux boot loader signed in the past decade

China-linked APT deployed malware in a network of the Dutch Ministry of Defence

Commercial spyware vendors are behind most zero-day exploits discovered by Google TAG

Google fixed an Android critical remote code execution flaw

A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e

U.S. Gov imposes visa restrictions on individuals misusing Commercial Spyware

HPE is investigating claims of a new security breach

Experts warn of a surge of attacks targeting Ivanti SSRF flaw 

How to hack the Airbus NAVBLUE Flysmart+ Manager

Crooks stole $25.5 million from a multinational firm using a 'deepfake' video call

Software firm AnyDesk disclosed a security breach

The 'Mother of all Breaches': Navigating the Aftermath and Fortifying Your Data with DSPM

US government imposed sanctions on six Iranian intel officials

A cyberattack impacted operations at Lurie Children's Hospital

AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark Web

Security Affairs newsletter Round 457 by Pierluigi Paganini – INTERNATIONAL EDITION

Clorox estimates the costs of the August cyberattack will exceed $49 Million

Mastodon fixed a flaw that can allow the takeover of any account

Iranian hackers breached Albania’s Institute of Statistics (INSTAT)

Operation Synergia led to the arrest of 31 individuals

Ex CIA employee Joshua Adam Schulte sentenced to 40 years in prison

Cloudflare breached on Thanksgiving Day, but the attack was promptly contained

PurpleFox malware infected at least 2,000 computers in Ukraine

Man sentenced to six years in prison for stealing millions in cryptocurrency via SIM swapping

CISA orders federal agencies to disconnect Ivanti VPN instances by February 2

Multiple malware used in attacks exploiting Ivanti VPN flaws

Police seized 50,000 Bitcoin from operator of the now-defunct piracy site movie2k

Crooks stole around $112 million worth of XRP from Ripple’s co-founder

CISA adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog

Ivanti warns of a new actively exploited zero-day

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Data leak at fintech giant Direct Trading Technologies

Root access vulnerability in GNU Library C (glibc) impacts many Linux distros

Italian data protection authority said that ChatGPT violated EU privacy laws

750 million Indian mobile subscribers' data offered for sale on dark web

Juniper Networks released out-of-band updates to fix high-severity flaws

Hundreds of network operators’ credentials found circulating in Dark Web

Cactus ransomware gang claims the Schneider Electric hack

Mercedes-Benz accidentally exposed sensitive data, including source code

Experts detailed Microsoft Outlook flaw that can leak NTLM v2 hashed passwords

NSA buys internet browsing records from data brokers without a warrant

Ukraine’s SBU arrested a member of Pro-Russia hackers group 'Cyber Army of Russia'

Multiple PoC exploits released for Jenkins flaw CVE-2024-23897

Medusa ransomware attack hit Kansas City Area Transportation Authority

Security Affairs newsletter Round 456 by Pierluigi Paganini – INTERNATIONAL EDITION

Pro-Ukraine hackers wiped 2 petabytes of data from Russian research center

Participants earned more than $1.3M at the Pwn2Own Automotive competition

A TrickBot malware developer sentenced to 64 months in prison

Russian Midnight Blizzard APT is targeting orgs worldwide, Microsoft warns

Watch out, experts warn of a critical flaw in Jenkins

Pwn2Own Automotive 2024 Day 2 - Tesla hacked again

Yearly Intel Trend Review: The 2023 RedSense report

Cisco warns of a critical bug in Unified Communications products, patch it now!

Russia-linked APT group Midnight Blizzard hacked Hewlett Packard Enterprise (HPE)

CISA adds Atlassian Confluence Data Center bug to its Known Exploited Vulnerabilities catalog

5379 GitLab servers vulnerable to zero-click account takeover attacks

Experts released PoC exploit for Fortra GoAnywhere MFT flaw CVE-2024-0204

Splunk fixed high-severity flaw impacting Windows versions

Watch out, a new critical flaw affects Fortra GoAnywhere MFT

Australian government announced sanctions for Medibank hacker

LoanDepot data breach impacted roughly 16.6 individuals

Black Basta gang claims the hack of the UK water utility Southern Water

CISA adds VMware vCenter Server bug to its Known Exploited Vulnerabilities catalog

Mother of all breaches - a historic data leak reveals 26 billion records: check what's exposed

Apple fixed actively exploited zero-day CVE-2024-23222

“My Slice”, an Italian adaptive phishing campaign

Threat actors exploit Apache ActiveMQ flaw to deliver the Godzilla Web Shell

Cybercriminals leaked massive volumes of stolen PII data from Thailand in Dark Web

Backdoored pirated applications targets Apple macOS users

LockBit ransomware gang claims the attack on the sandwich chain Subway

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Admin of the BreachForums hacking forum sentenced to 20 years supervised release

VF Corp December data breach impacts 35 million customers

China-linked APT UNC3886 exploits VMware zero-day since 2021

Ransomware attacks break records in 2023: the number of victims rose by 128%

U.S. CISA warns of actively exploited Ivanti EPMM flaw CVE-2023-35082

The Quantum Computing Cryptopocalypse – I’ll Know It When I See It

Kansas State University suffered a serious cybersecurity incident

CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts

iShutdown lightweight method allows to discover spyware infections on iPhones

Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos

Github rotated credentials after the discovery of a vulnerability

FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation

Citrix warns admins to immediately patch NetScaler for actively exploited zero-days

Google fixed the first actively exploited Chrome zero-day of 2024

Atlassian fixed critical RCE in older Confluence versions

VMware fixed a critical flaw in Aria Automation. Patch it now!

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Experts warn of a vulnerability affecting Bosch BCC100 Thermostat

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack

Phemedrone info stealer campaign exploits Windows smartScreen bypass

Balada Injector continues to infect thousands of WordPress sites

Attackers target Apache Hadoop and Flink to deliver cryptominers

Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic

Security Affairs newsletter Round 454 by Pierluigi Paganini – INTERNATIONAL EDITION

GitLab fixed a critical zero-click account hijacking flaw

Juniper Networks fixed a critical RCE bug in its firewalls and switches

Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election

Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467

Team Liquid’s wiki leak exposes 118K users

CISA adds Ivanti and Microsoft SharePoint bugs to its Known Exploited Vulnerabilities catalog

Two zero-day bugs in Ivanti Connect Secure actively exploited

X Account of leading cybersecurity firm Mandiant was hacked because not adequately protected

Cisco fixed critical Unity Connection vulnerability CVE-2024-20272

ShinyHunters member sentenced to three years in prison

HMG Healthcare disclosed a data breach

Threat actors hacked the X account of the Securities and Exchange Commission (SEC) and announced fake Bitcoin ETF approval

Decryptor for Tortilla variant of Babuk ransomware released

Microsoft Patch Tuesday for January 2024 fixed 2 critical flaws

CISA adds Apache Superset bug to its Known Exploited Vulnerabilities catalog

Syrian group Anonymous Arabic distributes stealthy malware Silver RAT

Swiss Air Force sensitive files stolen in the hack of Ultra Intelligence & Communications

DoJ charged 19 individuals in a transnational cybercrime investigation xDedic Marketplace

Long-existing Bandook RAT targets Windows machines

A cyber attack hit the Beirut International Airport

Iranian crypto exchange Bit24.cash leaks user passports and IDs

Security Affairs newsletter Round 453 by Pierluigi Paganini – INTERNATIONAL EDITION

Turkish Sea Turtle APT targets Dutch IT and Telecom firms

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea

Merck settles with insurers regarding a $1.4 billion claim over NotPetya damages

The source code of Zeppelin Ransomware sold on a hacking forum

Russia-linked APT Sandworm was inside Ukraine telecoms giant Kyivstar for months

Ivanti fixed a critical EPM flaw that can result in remote code execution

MyEstatePoint Property Search Android app leaks user passwords

Hacker hijacked Orange Spain RIPE account causing internet outage to company customers

HealthEC data breach impacted more than 4.5 Million people

Experts found 3 malicious packages hiding crypto miners in PyPi repository

Crooks hacked Mandiant X account to push cryptocurrency scam

Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Don’t trust links with known domains: BMW affected by redirect vulnerability

Hackers stole more than $81 million worth of crypto assets from Orbit Chain

Ukraine’s SBU said that Russia's intelligence hacked surveillance cameras to direct a missile strike on Kyiv

Experts warn of JinxLoader loader used to spread Formbook and XLoader

Terrapin attack allows to downgrade SSH protocol security

Multiple organizations in Iran were breached by a mysterious hacker

Top 2023 Security Affairs cybersecurity stories

Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies

Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop

Google agreed to settle a $5 billion privacy lawsuit

Security Affairs newsletter Round 452 by Pierluigi Paganini – INTERNATIONAL EDITION

INC RANSOM ransomware gang claims to have breached Xerox Corp

Spotify music converter TuneFab puts users at risk

Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania

Russia-linked APT28 used new malware in a recent phishing campaign

Clash of Clans gamers at risk while using third-party app

New Version of Meduza Stealer Released in Dark Web

Operation Triangulation attacks relied on an undocumented hardware feature

Cybercriminals launched “Leaksmas” event in the Dark Web exposing massive volumes of leaked PII and compromised data

Lockbit ransomware attack interrupted medical emergencies gang at a German hospital network

Experts warn of critical Zero-Day in Apache OfBiz

Xamalicious Android malware distributed through the Play Store

Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841

Elections 2024, artificial intelligence could upset world balances

Experts analyzed attacks against poorly managed Linux SSH servers

A cyberattack hit Australian healthcare provider St Vincent’s Health Australia

Rhysida ransomware group hacked Abdali Hospital in Jordan

Carbanak malware returned in ransomware attacks

Resecurity Released a 2024 Cyber Threat Landscape Forecast

APT group UAC-0099 targets Ukraine exploiting a WinRAR flaw

Iran-linked APT33 targets Defense Industrial Base sector with FalseFont backdoor

Security Affairs newsletter Round 451 by Pierluigi Paganini – INTERNATIONAL EDITION

Europol and ENISA spotted 443 e-stores compromised with digital skimming

Video game giant Ubisoft investigates reports of a data breach

LockBit ransomware gang claims to have breached accountancy firm Xeinadin

Mobile virtual network operator Mint Mobile discloses a data breach

Akira ransomware gang claims the theft of sensitive data from Nissan Australia

Member of Lapsus$ gang sentenced to an indefinite hospital order

Real estate agency exposes details of 690k customers

ESET fixed a high-severity bug in the Secure Traffic Scanning Feature of several products

Phishing attacks use an old Microsoft Office flaw to spread Agent Tesla malware

Data leak exposes users of car-sharing service Blink Mobility

Google addressed a new actively exploited Chrome zero-day

German police seized the dark web marketplace Kingdom Market

Law enforcement Operation HAECHI IV led to the seizure of $300 Million

Sophisticated JaskaGO info stealer targets macOS and Windows

BMW dealer at risk of takeover by cybercriminals

Comcast’s Xfinity customer data exposed after CitrixBleed attack

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

Smishing Triad: Cybercriminals Impersonate UAE Federal Authority for Identity and Citizenship on the Peak of Holidays Season

The ransomware attack on Westpole is disrupting digital services for Italian public administration

Info stealers and how to protect against them

Pro-Israel Predatory Sparrow hacker group disrupted services at around 70% of Iran’s fuel stations

Qakbot is back and targets the Hospitality industry

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

MongoDB investigates a cyberattack, customer data exposed

InfectedSlurs botnet targets QNAP VioStor NVR vulnerability

Security Affairs newsletter Round 450 by Pierluigi Paganini – INTERNATIONAL EDITION

New NKAbuse malware abuses NKN decentralized P2P network protocol

Snatch ransomware gang claims the hack of the food giant Kraft Heinz

Multiple flaws in pfSense firewall can lead to arbitrary code execution

BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign

Data of over a million users of the crypto exchange GokuMarket exposed

Idaho National Laboratory data breach impacted 45,047 individuals

Ubiquiti users claim to have access to other people’s devices

Russia-linked APT29 spotted targeting JetBrains TeamCity servers

Microsoft seized the US infrastructure of the Storm-1152 cybercrime group

French authorities arrested a Russian national for his role in the Hive ransomware operation

China-linked APT Volt Typhoon linked to KV-Botnet

UK Home Office is ignoring the risk of 'catastrophic ransomware attacks,' report warns

OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks

Sophos backports fix for CVE-2022-3236 for EOL firewall firmware versions due to ongoing attacks

December 2023 Microsoft Patch Tuesday fixed 4 critical flaws

Ukrainian military intelligence service hacked the Russian Federal Taxation Service

Kyivstar, Ukraine's largest mobile carrier brought down by a cyber attack

Dubai’s largest taxi app exposes 220K+ users

Operation Blacksmith: Lazarus exploits Log4j flaws to deploy DLang malware

Apple released iOS 17.2 to address a dozen of security flaws

Toyota Financial Services discloses a data breach

Apache fixed Critical RCE flaw CVE-2023-50164 in Struts 2

CISA adds Qlik Sense flaws to its Known Exploited Vulnerabilities catalog

CISA and ENISA signed a Working Arrangement to enhance cooperation

Researcher discovered a new lock screen bypass bug for Android 14 and 13

WordPress 6.4.2 fixed a Remote Code Execution (RCE) flaw

Security Affairs newsletter Round 449 by Pierluigi Paganini – INTERNATIONAL EDITION

Hacktivists hacked an Irish water utility and interrupted the water supply

5Ghoul flaws impact hundreds of 5G devices with Qualcomm, MediaTek chips

Norton Healthcare disclosed a data breach after a ransomware attack

Bypassing major EDRs using Pool Party process injection techniques

Founder of Bitzlato exchange has pleaded for unlicensed money transmitting

Android barcode scanner app exposes user passwords

UK and US expose Russia Callisto Group's activity and sanction members

A cyber attack hit Nissan Oceania

New Krasue Linux RAT targets telecom companies in Thailand

Atlassian addressed four new RCE flaws in its products

CISA adds Qualcomm flaws to its Known Exploited Vulnerabilities catalog

Experts demonstrate a post-exploitation tampering technique to display Fake Lockdown mode

GST Invoice Billing Inventory exposes sensitive data to threat actors

Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw

ENISA published the ENISA Threat Landscape for DoS Attacks Report

Russia-linked APT28 group spotted exploiting Outlook flaw to hijack MS Exchange accounts

Google fixed critical zero-click RCE in Android

New P2PInfect bot targets routers and IoT devices

Malvertising attacks rely on DanaBot Trojan to spread CACTUS Ransomware

LockBit on a Roll - ICBC Ransomware Attack Strikes at the Heart of the Global Financial Order

Zyxel fixed tens of flaws in Firewalls, Access Points, and NAS devices

New Agent Raccoon malware targets the Middle East, Africa and the US

Security Affairs newsletter Round 448 by Pierluigi Paganini – INTERNATIONAL EDITION

Researchers devised an attack technique to extract ChatGPT training data

Fortune-telling website WeMystic exposes 13M+ user records

Expert warns of Turtle macOS ransomware

Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

Apple addressed 2 new iOS zero-day vulnerabilities

Critical Zoom Room bug allowed to gain access to Zoom Tenants

Rhysida ransomware group hacked King Edward VII’s Hospital in London

Google addressed the sixth Chrome Zero-Day vulnerability in 2023

Okta reveals additional attackers' activities in October 2023 Breach

Thousands of secrets lurk in app images on Docker Hub

Threat actors started exploiting critical ownCloud flaw CVE-2023-49103

International police operation dismantled a prominent Ukraine-based Ransomware group

Daixin Team group claimed the hack of North Texas Municipal Water District

Healthcare provider Ardent Health Services disclosed a ransomware attack

Ukraine's intelligence service hacked Russia's Federal Air Transport Agency, Rosaviatsia

Iranian hacker group Cyber Av3ngers hacked the Municipal Water Authority of Aliquippa in Pennsylvania

The hack of MSP provider CTS potentially impacted hundreds of UK law firms

Security Affairs newsletter Round 447 by Pierluigi Paganini – INTERNATIONAL EDITION

Rhysida ransomware gang claimed China Energy hack

North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply chain attack

Hamas-linked APT uses Rust-based SysJoker backdoor against Israel

App used by hundreds of schools leaking children's data

Microsoft launched its new Microsoft Defender Bounty Program

Exposed Kubernetes configuration secrets can fuel supply chain attacks

North Korea-linked Konni APT uses Russian-language weaponized documents

ClearFake campaign spreads macOS AMOS information stealer

Welltok data breach impacted 8.5 million patients in the U.S.

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software

Automotive parts giant AutoZone disclosed data breach after MOVEit hack

New InfectedSlurs Mirai-based botnet exploits two zero-days

SiegedSec hacktivist group hacked Idaho National Laboratory (INL)

CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog

Citrix provides additional measures to address Citrix Bleed

Tor Project removed several relays associated with a suspicious cryptocurrency scheme

Experts warn of a surge in NetSupport RAT attacks against education and government sectors

The Top 5 Reasons to Use an API Management Platform

Canadian government impacted by data breaches of two of its contractors

Rhysida ransomware gang is auctioning data stolen from the British Library

Russia-linked APT29 group exploited WinRAR 0day in attacks against embassies

DarkCasino joins the list of APT groups exploiting WinRAR zero-day

US teenager pleads guilty to his role in credential stuffing attack on a betting site

Security Affairs newsletter Round 446 by Pierluigi Paganini – INTERNATIONAL EDITION

8Base ransomware operators use a new variant of the Phobos ransomware

Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine

The board of directors of OpenAI fired Sam Altman

Medusa ransomware gang claims the hack of Toyota Financial Services

CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog

Zimbra zero-day exploited to steal government emails by four groups

Vietnam Post exposes 1.2TB of data, including email addresses

Samsung suffered a new data breach

FBI and CISA warn of attacks by Rhysida ransomware gang

Critical flaw fixed in SAP Business One product

Law enforcement agencies dismantled the illegal botnet proxy service IPStorm

Gamblers’ data compromised after casino giant Strendus fails to set password

VMware disclosed a critical and unpatched authentication bypass flaw in VMware Cloud Director Appliance

Danish critical infrastructure hit by the largest cyber attack in Denmark's history

Major Australian ports blocked after a cyber attack on DP World

Nuclear and Oil & Gas are Major Targets of Ransomware Groups in 2024

CISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog

LockBit ransomware gang leaked data stolen from Boeing

North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portals

The Lorenz ransomware group hit Texas-based Cogdell Memorial Hospital

The State of Maine disclosed a data breach that impacted 1.3M people

Security Affairs newsletter Round 445 by Pierluigi Paganini – INTERNATIONAL EDITION

Police seized BulletProftLink phishing-as-a-service (PhaaS) platform

Serbian pleads guilty to running ‘Monopoly’ dark web drug market

McLaren Health Care revealed that a data breach impacted 2.2 million people

After ChatGPT, Anonymous Sudan took down the Cloudflare website

Industrial and Commercial Bank of China (ICBC) suffered a ransomware attack

SysAid zero-day exploited by Clop ransomware group

Dolly.com pays ransom, attackers release data anyway

DDoS attack leads to significant disruption in ChatGPT services

Russian Sandworm disrupts power in Ukraine with a new OT attack

Veeam fixed multiple flaws in Veeam ONE, including critical issues

Pro-Palestinian hackers group 'Soldiers of Solomon' disrupted the production cycle of the biggest flour production plant in Israel

Iranian Agonizing Serpens APT is targeting Israeli entities with destructive cyber attacks

Critical Confluence flaw exploited in ransomware attacks

QNAP fixed two critical vulnerabilities in QTS OS and apps

Attackers use Google Calendar RAT to abuse Calendar service as C2 infrastructure

Socks5Systemz proxy service delivered via PrivateLoader and Amadey

US govt sanctioned a Russian woman for laundering virtual currency on behalf of threat actors

Security Affairs newsletter Round 444 by Pierluigi Paganini – INTERNATIONAL EDITION

Lazarus targets blockchain engineers with new KandyKorn macOS Malware

Kinsing threat actors probed the Looney Tunables flaws in recent attacks

ZDI discloses four zero-day flaws in Microsoft Exchange

Okta customer support system breach impacted 134 customers

Multiple WhatsApp mods spotted containing the CanesSpy Spyware

Russian FSB arrested Russian hackers who supported Ukrainian cyber operations

MuddyWater has been spotted targeting two Israeli entities

Clop group obtained access to the email addresses of about 632,000 US federal employees

Okta discloses a new data breach after a third-party vendor was hacked

Suspected exploitation of Apache ActiveMQ flaw CVE-2023-46604 to install HelloKitty ransomware

Boeing confirmed its services division suffered a cyberattack

Resecurity: Insecurity of 3rd-parties leads to Aadhaar data leaks in India

Who is behind the Mozi Botnet kill switch?

CISA adds two F5 BIG-IP flaws to its Known Exploited Vulnerabilities catalog

Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748

Pro-Hamas hacktivist group targets Israel with BiBi-Linux wiper

British Library suffers major outage due to cyberattack

Critical Atlassian Confluence flaw can lead to significant data loss

WiHD leak exposes details of all torrent users

Experts released PoC exploit code for Cisco IOS XE flaw CVE-2023-20198

Canada bans WeChat and Kaspersky apps on government-issued mobile devices

Florida man sentenced to prison for SIM Swapping conspiracy that led to theft of $1M in cryptocurrency

Wiki-Slack attack allows redirecting business professionals to malicious websites

HackerOne awarded over $300 million bug hunters

StripedFly, a complex malware that infected one million devices without being noticed

IT Army of Ukraine disrupted internet providers in territories occupied by Russia

Security Affairs newsletter Round 443 by Pierluigi Paganini – INTERNATIONAL EDITION

Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023

Lockbit ransomware gang claims to have stolen data from Boeing

How to Collect Market Intelligence with Residential Proxies?

F5 urges to address a critical flaw in BIG-IP

Hello Alfred app exposes user data

iLeakage attack exploits Safari to steal data from Apple devices

Cloudflare mitigated 89 hyper-volumetric HTTP distributed DDoS attacks exceeding 100 million rps

Seiko confirmed a data breach after BlackCat attack

Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Pwn2Own Toronto 2023 Day 1 - organizers awarded $438,750 in prizes

VMware addressed critical vCenter flaw also for End-of-Life products

Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately

New England Biolabs leak sensitive data

Former NSA employee pleads guilty to attempted selling classified documents to Russia

Experts released PoC exploit code for VMware Aria Operations for Logs flaw. Patch it now!

How did the Okta Support breach impact 1Password?

PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web

Spain police dismantled a cybercriminal group who stole the data of 4 million individuals

CISA adds second Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

Cisco warns of a second IOS XE zero-day used to infect devices worldwide

City of Philadelphia suffers a data breach

SolarWinds fixed three critical RCE flaws in its Access Rights Manager product

Don't use AI-based apps, Philippine defense ordered its personnel

Vietnamese threat actors linked to DarkGate malware campaign

MI5 chief warns of Chinese cyber espionage reached an unprecedented scale

The attack on the International Criminal Court was targeted and sophisticated

Security Affairs newsletter Round 442 by Pierluigi Paganini – INTERNATIONAL EDITION

A threat actor is selling access to Facebook and Instagram's Police Portal

Threat actors breached Okta support system and stole customers' data

US DoJ seized domains used by North Korean IT workers to defraud businesses worldwide

Alleged developer of the Ragnar Locker ransomware was arrested

CISA adds Cisco IOS XE flaw to its Known Exploited Vulnerabilities catalog

Tens of thousands Cisco IOS XE devices were hacked by exploiting CVE-2023-20198

Law enforcement operation seized Ragnar Locker group's infrastructure

THE 11TH EDITION OF THE ENISA THREAT LANDSCAPE REPORT IS OUT!

North Korea-linked APT groups actively exploit JetBrains TeamCity flaw

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Californian IT company DNA Micro leaks private mobile phone data

Threat actors have been exploiting CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices since August

A flaw in Synology DiskStation Manager allows admin account takeover

D-Link confirms data breach, but downplayed the impact

CVE-2023-20198 zero-day widely exploited to install implants on Cisco IOS XE systems

Russia-linked Sandworm APT compromised 11 Ukrainian telecommunications providers

Ransomware realities in 2023: one employee mistake can cost a company millions

Malware-laced 'RedAlert - Rocket Alerts' app targets Israeli users 

Cisco warns of active exploitation of IOS XE zero-day

Signal denies claims of an alleged zero-day flaw in its platform

Microsoft Defender thwarted Akira ransomware attack on an industrial engineering firm

DarkGate malware campaign abuses Skype and Teams

The Alphv ransomware gang stole 5TB of data from the Morrison Community Hospital

Security Affairs newsletter Round 441 by Pierluigi Paganini – INTERNATIONAL EDITION

Lockbit ransomware gang demanded an 80 million ransom to CDW

CISA warns of vulnerabilities and misconfigurations exploited in ransomware attacks

Stayin' Alive campaign targets high-profile Asian government and telecom entities. Is it linked to ToddyCat APT?

FBI and CISA published a new advisory on AvosLocker ransomware

More than 17,000 WordPress websites infected with the Balada Injector in September

Ransomlooker, a new tool to track and analyze ransomware groups' activities

Phishing, the campaigns that are targeting Italy

A new Magecart campaign hides the malicious code in 404 error page

CISA adds Adobe Acrobat Reader flaw to its Known Exploited Vulnerabilities catalog

Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers

Air Europa data breach exposed customers' credit cards

#OpIsrael, #FreePalestine & #OpSaudiArabia - How Cyber Actors Capitalize On War Actions Via Psy-Ops

Microsoft Patch Tuesday updates for October 2023 fixed three actively exploited zero-day flaws

New 'HTTP/2 Rapid Reset' technique behind record-breaking DDoS attacks

Exposed security cameras in Israel and Palestine pose significant risks

A flaw in libcue library impacts GNOME Linux systems

Hacktivists in Palestine and Israel after SCADA and other industrial control systems

Large-scale Citrix NetScaler Gateway credential harvesting campaign exploits CVE-2023-3519

The source code of the 2020 variant of HelloKitty ransomware was leaked on a cybercrime forum

Gaza-linked hackers and Pro-Russia groups are targeting Israel

Flagstar Bank suffered a data breach once again

Android devices shipped with backdoored firmware as part of the BADBOX network

Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition

North Korea-linked Lazarus APT laundered over $900 million through cross-chain crime

QakBot threat actors are still operational after the August takedown

Ransomware attack on MGM Resorts costs $110 Million

Cybersecurity, why a hotline number could be important?

Multiple experts released exploits for Linux local privilege escalation flaw Looney Tunables

Cisco Emergency Responder is affected by a critical Static Credentials bug. Fix it immediately!

Belgian intelligence service VSSE accused Alibaba of ‘possible espionage’ at European hub in Liege

CISA adds JetBrains TeamCity and Windows flaws to its Known Exploited Vulnerabilities catalog

NATO is investigating a new cyber attack claimed by the SiegedSec group

Global CRM Provider Exposed Millions of Clients’ Files Online

Sony sent data breach notifications to about 6,800 individuals

Apple fixed the 17th zero-day flaw exploited in attacks

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

A cyberattack disrupted Lyca Mobile services

Chipmaker Qualcomm warns of three actively exploited zero-days

DRM Report Q2 2023 - Ransomware threat landscape

Phishing campaign targeted US executives exploiting a flaw in Indeed job search platform

San Francisco’s transport agency exposes drivers’ parking permits and addresses

BunnyLoader, a new Malware-as-a-Service advertised in cybercrime forums

Exclusive: Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more)

Two hacker groups are back in the news, LockBit 3.0 Black and BlackCat/AlphV

European Telecommunications Standards Institute (ETSI) suffered a data breach

WS_FTP flaw CVE-2023-40044 actively exploited in the wild

National Logistics Portal (NLP) data leak: seaports in India were left vulnerable to takeover by hackers

North Korea-linked Lazarus targeted a Spanish aerospace company

Ransomware attack on Johnson Controls may have exposed sensitive DHS data

BlackCat gang claims they stole data of 2.5 million patients of McLaren Health Care

Security Affairs newsletter Round 439 by Pierluigi Paganini – International edition

ALPHV/BlackCat ransomware gang hacked the hotel chain Motel One

FBI warns of dual ransomware attacks

Progress Software fixed two critical severity flaws in WS_FTP Server

Child abuse site taken down, organized child exploitation crime suspected – exclusive

A still unpatched zero-day RCE impacts more than 3.5M Exim servers

Chinese threat actors stole around 60,000 emails from US State Department in Microsoft breach

Misconfigured WBSC server leaks thousands of passports

CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog

Cisco urges to patch actively exploited IOS zero-day CVE-2023-20109

Dark Angels Team ransomware group hit Johnson Controls

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

Russian zero-day broker is willing to pay $20M for zero-day exploits for iPhones and Android devices

China-linked APT BlackTech was spotted hiding in Cisco router firmware

Watch out! CVE-2023-5129 in libwebp library affects millions applications

DarkBeam leaks billions of email and password combinations

'Ransomed.vc' in the Spotlight - What is Known About the Ransomware Group Targeting Sony and NTT Docomo

Top 5 Problems Solved by Data Lineage

Threat actors claim the hack of Sony, and the company investigates

Canadian Flair Airlines left user data leaking for months

The Rhysida ransomware group hit the Kuwait Ministry of Finance

BORN Ontario data breach impacted 3.4 million newborns and pregnancy care patients

Xenomorph malware is back after months of hiatus and expands the list of targets

Smishing Triad Stretches Its Tentacles into the United Arab Emirates

Crooks stole $200 million worth of assets from Mixin Network

A phishing campaign targets Ukrainian military entities with drone manual lures

Alert! Patch your TeamCity instance to avoid server hack

Is Gelsemium APT behind a targeted attack in Southeast Asian Government?

Nigerian National pleads guilty to participating in a millionaire BEC scheme

New variant of BBTok Trojan targets users of +40 banks in LATAM

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars

Security Affairs newsletter Round 438 by Pierluigi Paganini – International edition

National Student Clearinghouse data breach impacted approximately 900 US schools

Government of Bermuda blames Russian threat actors for the cyber attack

Recently patched Apple and Chrome zero-days exploited to infect devices in Egypt with Predator spyware

CISA adds Trend Micro Apex One and Worry-Free Business Security flaw to its Known Exploited Vulnerabilities catalog

Information of Air Canada employees exposed in recent cyberattack

Sandman APT targets telcos with LuaDream backdoor

Apple rolled out emergency updates to address 3 new actively exploited zero-day flaws

Ukrainian hackers are behind the Free Download Manager supply chain attack

Space and defense tech maker Exail Technologies exposes database access

Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions

Experts found critical flaws in Nagios XI network monitoring software

The dark web drug marketplace PIILOPUOTI was dismantled by Finnish Customs

International Criminal Court hit with a cyber attack

GitLab addressed critical vulnerability CVE-2023-5009

Trend Micro addresses actively exploited zero-day in Apex One and other security Products

ShroudedSnooper threat actors target telecom companies in the Middle East

Recent cyber attack is causing Clorox products shortage

Earth Lusca expands its arsenal with SprySOCKS Linux malware

Microsoft AI research division accidentally exposed 38TB of sensitive data

German intelligence warns cyberattacks could target liquefied natural gas (LNG) terminals

Deepfake and smishing. How hackers compromised the accounts of 27 Retool customers in the crypto industry

FBI hacker USDoD leaks highly sensitive TransUnion data

North Korea's Lazarus APT stole almost $240 million in crypto assets since June

Clop gang stolen data from major North Carolina hospitals

CardX released a data leak notification impacting their customers in Thailand

Security Affairs newsletter Round 437 by Pierluigi Paganini – International edition

TikTok fined €345M by Irish DPC for violating children’s privacy

Dariy Pankov, the NLBrute malware author, pleads guilty

Dangerous permissions detected in top Android health apps

Caesars Entertainment paid a ransom to avoid stolen data leaks

Free Download Manager backdoored to serve Linux malware for more than 3 years

Lockbit ransomware gang hit the Carthage Area Hospital and the Clayton-Hepburn Medical Center in New York

The iPhone of a Russian journalist was infected with the Pegasus spyware

Kubernetes flaws could lead to remote code execution on Windows endpoints

Threat actor leaks sensitive data belonging to Airbus

A new ransomware family called 3AM appears in the threat landscape

Redfly group infiltrated an Asian national grid as long as six months

Mozilla fixed a critical zero-day in Firefox and Thunderbird

Microsoft September 2023 Patch Tuesday fixed 2 actively exploited zero-day flaws

Save the Children confirms it was hit by cyber attack

Adobe fixed actively exploited zero-day in Acrobat and Reader

A new Repojacking attack exposed over 4,000 GitHub repositories to hack

MGM Resorts hit by a cyber attack

Anonymous Sudan launched a DDoS attack against Telegram

Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the U.A.E. using a new backdoor

GOOGLE FIXED THE FOURTH CHROME ZERO-DAY OF 2023

CISA adds recently discovered Apple zero-days to Known Exploited Vulnerabilities Catalog

UK and US sanctioned 11 members of the Russia-based TrickBot gang

New HijackLoader malware is rapidly growing in popularity in the cybercrime community

Some of TOP universities wouldn’t pass cybersecurity exam: left websites vulnerable

Evil Telegram campaign: Trojanized Telegram apps found on Google Play

Rhysida Ransomware gang claims to have hacked three more US hospitals

Akamai prevented the largest DDoS attack on a US financial company

Security Affairs newsletter Round 436 by Pierluigi Paganini – International edition

US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog

Ragnar Locker gang leaks data stolen from the Israel's Mayanei Hayeshua hospital

North Korea-linked threat actors target cybersecurity experts with a zero-day

Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks

Zero-days fixed by Apple were used to deliver NSO Group’s Pegasus spyware

Apple discloses 2 new actively exploited zero-day flaws in iPhones, Macs

A malvertising campaign is delivering a new version of the macOS Atomic Stealer

Two flaws in Apache SuperSet allow to remotely hack servers

Chinese cyberspies obtained Microsoft signing key from Windows crash dump due to a mistake

Google addressed an actively exploited zero-day in Android

A zero-day in Atlas VPN Linux Client leaks users' IP address

MITRE and CISA release Caldera for OT attack emulation

ASUS routers are affected by three critical remote code execution flaws

Hackers stole $41M worth of crypto assets from crypto gambling firm Stake

Freecycle data breach impacted 7 Million users

Meta disrupted two influence campaigns from China and Russia

A massive DDoS attack took down the site of the German financial agency BaFin

"Smishing Triad" Targeted USPS and US Citizens for Data Theft

University of Sydney suffered a security breach caused by a third-party service provider

Cybercrime will cost Germany $224 billion in 2023

PoC exploit code released for CVE-2023-34039 bug in VMware Aria Operations for Networks

Security Affairs newsletter Round 435 by Pierluigi Paganini – International edition

LockBit ransomware gang hit the Commission des services electriques de Montréal (CSEM)

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Researchers released a free decryptor for the Key Group ransomware

Fashion retailer Forever 21 data breach impacted +500,000 individuals

Russia-linked hackers target Ukrainian military with Infamous Chisel Android malware

Akira Ransomware gang targets Cisco ASA without Multi-Factor Authentication

Paramount Global disclosed a data breach

National Safety Council data leak: Credentials of NASA, Tesla, DoJ, Verizon, and 2K others leaked by workplace safety organization

Abusing Windows Container Isolation Framework to avoid detection by security products

Critical RCE flaw impacts VMware Aria Operations Networks

UNC4841 threat actors hacked US government email servers exploiting Barracuda ESG flaw

Hackers infiltrated Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) for months

FIN8-linked actor targets Citrix NetScaler systems

Japan's JPCERT warns of new 'MalDoc in PDF' attack technique

Attackers can discover IP address by sending a link over the Skype mobile app

Cisco fixes 3 high-severity DoS flaws in NX-OS and FXOS software

Cloud and hosting provider Leaseweb took down critical systems after a cyber attack

Crypto investor data exposed by a SIM swapping attack against a Kroll employee

China-linked Flax Typhoon APT targets Taiwan

Researchers released PoC exploit for Ivanti Sentry flaw CVE-2023-38035

Resecurity identified a zero-day vulnerability in Schneider Electric Accutech Manager

• Breaking News

Apple removed 25 VPN apps from the App Store in Russia following Moscow’s requests

you might also like

leave a comment

Subscribe to my email list and stay up-to-date, recent articles.

Malware / July 09, 2024

Data Breach / July 08, 2024

Hacking / July 08, 2024

Security / July 08, 2024

Privacy Overview