Obfuscation detection using matrix complexity features of binary grayscale images
Sebastian Raubitzek, Sebastian Schrittwieser, Caroline König, Patrick Felbauer, Kevin Mallinger, Andreas Ekelhart, Edgar Weippl, Computers & Security, lnkd.in/gaYgBDWW.
Download at lnkd.in/dcfxBSa8
Nice interview with Aljosha on our current WhatsApp paper (University of Vienna and SBA Research): netzpolitik.org/2025/intervi...
The full paper as preprint: arxiv.org/abs/2511.20252
Hey there! You are using WhatsApp: Enumerating Three Billion Accounts for Security and Privacy. NDSS, 2026.
Lots of additional news outlets picked up our media release about the Whatsapp paper a few days later:
- www.pressreader.com/austria/kuri...
- www.t-online.de/digital/aktu...
- www.ad-hoc-news.de/boerse/news/...
- www.ad-hoc-news.de/boerse/news/...
- www.ad-hoc-news.de/boerse/news/...
...
Cispa European Cybersecurity & AI Hackathon Championship an der Universität Wien
cispa.de/en/cispa-hac...
"Informatiker*innen der Universität Wien und von SBA Research haben eine große Datenschutzlücke im Contact Discovery Mechanismus von WhatsApp aufgedeckt." www.univie.ac.at/aktuelles/de...
"“Well, scientists now know a lot of phone numbers,” ... “So what?” Repeated warnings ... filed away. Only when the researchers submitted a draft of their paper twice did Meta wake up: a surprising amount can be read from the data, ..."
Heise: buff.ly/HCWaEWh
FutureZone: buff.ly/IIjmR7G
"Malware that conceals its behaviour through code obfuscation remains a central challenge for automated detection. ... We transform binary code into grayscale images " (buff.ly/umNhO4T)
CISPA European AI and Cybersecurity Hackathon Championship. Dec 13+14 @Univie
Critical XSS vuln (CVE-2025-39663, CVSS 9.1) in Checkmk fixed.
Discovered by SBA Research — allowed JS injection & potential RCE in distributed setups.
Admins: update to 2.4.0p14 / 2.3.0p39, disable “Trust this site completely”.
🔗 heise.de/-10964747
David Schmidt, Sebastian Schrittwieser, and Edgar Weippl received the Distinguished Paper Award at ACM CCS 2025 (A*-rated) for their work “Leaky Apps: Large-scale Analysis of Secrets Distributed in Android and iOS Apps.” (cdl-astra.at/2025_09_ccs_...)
"For the first time, the University of Vienna places among the top 100 – ranked in 95th position, the University of Vienna is the first Austrian university to make it into the top 100..." (www.univie.ac.at/en/about-us/...)
68th Vienna Deep Learning Meetup: CommentSense hosted at SBA Research, in cooperation with the SEC group of the University of Vienna. www.meetup.com/vienna-deep-...
At Defcon 33 Gabriel Gegenhuber and Maximilian Günther (University of Vienna and SBA Research) presented a series of new attacks against the two messaging services.
Defcon : buff.ly/f7izsXH
News: buff.ly/CK0jVOB buff.ly/onMSSoy
Team picture
Final scoreboard
Team dashboard
We got 9th place at @defcon.bsky.social #CTF! Props to all finalists for an intense fight over the past three days and congrats to MMM for taking the win.
Thanks to Nautilus Institute for the neat setup this year, we had a blast.
Until next time, Vegas!
#DEFCON #DEFCON33
... „Dark Patterns nutzen einfach unsere psychologische Schwächen aus. Wenn ich vorab darüber informiert bin, weiß ich zumindest, worauf ich mich da einlasse“, so Informatiker Schrittwieser von der Universität Wien... (help.orf.at/stories/3231...)
Enjoying my research stay at NII Tokyo as visiting professor, working with Prof. Isao Echizen’s group on multimedia security, privacy, and synthetic media detection. Exciting work on deepfake detection & PrivacyVisor. Looking forward to returning in 2026. buff.ly/KC7xkV5
Not the typical security venue/journal: Computers and Electronics in Agriculture.
We propose explainable tabular RL for crop rotation planning; compared to deep Q-learning, our method yields similar/better outcomes; is resilient to external perturbations. buff.ly/HoYTd5H
COSE's impact factor increased from 4.8 in 2024 to 5.4 in 2024; After 15 years on the editorial board of COSE, I step down. I’ll continue to support the journal as liaison to IFIP TC 11, where I now also serve as secretary. I continue with ACM TOPS and IEEE TIFS.
We’re hiring: Tenure-Track Professorship in Human-Computer Interaction at @univie
Join a strong CS faculty & the renowned University of Vienna in the heart of Europe.
Deadline: 17 Sep 2025
jobs.univie.ac.at/job/Tenure-T...
This spring Peter Kieseberg finally defended his PhD thesis on Data Leak Detection. It included some really established (nice word for old ;-) ) papers and recent work of his Josef-Ressel Center on Blockchain technologies and security management (buff.ly/zKwsCWn).
Gutes Interview mit René Mayerhofer zum Thema Staatstrojaner (www.falter.at/zeitung/2025...)
On Ascension Day, representatives of the University of Vienna take part in the procession from St. Stephen's Cathedral due to a relationship between the institutions, dating back centuries. Photos(c)Erzdiöz.Wien/Schönlaub, Univ.Wien Zell; buff.ly/Crafw8V
Jennifer Sturlese (FH Wiener Neustadt www.fhwn.ac.at/en/employee/...) recently started her PhD studies at the SEC group (@univie sec.cs.univie.ac.at) and works on serious games for red/blue teaming (and other colors)
Tabular reinforcement learning for reward robust, explainable crop rotation policies matching deep reinforcement learning performance, Computers and Electronics in Agriculture, 237 (B): 2025, 110571, ISSN 0168-1699,
doi.org/10.1016/j.co... (Open Access)
Cybercrime und Online-Betrug: Vortrag in Retz
Am Dienstag, 24. Juni 2025 beleuchten wir in einem öffentlichen Vortrag in Retz typische Formen von Online-Betrug – mit echten Beispielen, klaren Erklärungen und konkreten Tipps für den Alltag.
buff.ly/QeLyrKO
International Digital Security Forum: Herausforderungen der digitalen Transformation im MuseumsQuartier
"Ein besonderer Programmpunkt war der Workshop „Digitale Souveränität in einer vernetzten Welt“, organisiert von der Wirtschaftsagentur Wien und SBA Research. (www.news.at/technik/idsf...)
🔐 Unternehmen unterschätzen oft die Folgen eines Cyberangriffs.
Stefan Jakoubi von @sba_research spricht am 12. Juni an der TU Wien über technische Schuld, Social Engineering und resiliente Organisationen.
📅 12. Juni 2025
🕡 18:30 | TU Wien
🔗 www.tuwien.at/ace/news/new...
#CyberSecurity #SBAResearch
< Franz Wotawa von der TU Graz ... lobte Oliynyks Arbeit als „exzellent strukturiert und wissenschaftlich hoch relevant“. ... Forscherin an der Universität Wien und bei SBA Research, betonte die Bedeutung von Sicherheit ... in der KI-Forschung.“ > (buff.ly/vz28lc3)
Today, Matthias Eckhart defended his PhD thesis ("Managing Cyber-Physical Risk in the Industrial Control Systems Lifecycle"), which already won an award (https://buff.ly/4abjSsT last year. Congratulations!
Tenure Track Professorship at the University of Vienna
For more information about the application process and details regarding the mandatory WWTF grant, upon which the position is contingent, please look at https://buff.ly/4fdQuTu
Our research group: https://buff.ly/3c0iSKC