Press
Our Press Releases
ATHENE launches German-Israeli research cooperation on cyberse-curity in the energy sector
06.05.2024. ATHENE, the National Research Center for Applied Cybersecurity, and the Ministry of Energy and Infrastructure of Israel are launching a new collaborative research program. For an initial period of three years, researchers from Israeli universities will work together with ATHENE scientists to research and develop solutions to pressing cybersecurity issues in the energy sector.
Severe Vulnerabilities Discovered in Software to Protect Internet Routing
11.04.2024. A research team from the National Research Center for Applied Cybersecurity ATHENE led by Prof. Dr. Haya Schulmann has uncovered 18 vulnerabilities in crucial software components of Resource Public Key Infrastructure (RPKI). RPKI is an Internet standard meant to protect Internet traffic from being hijacked by hackers. By now, all affected vendors provided patches for their products. The vulnerabilities could have had devastating consequences: Internet hijacks have already been exploited, e.g., for phishing passwords and other sensitive information, tricking certificate authorities into issuing fraudulent Web certificates, stealing cryptocurrency, distributing malware, and poisoning caches of DNS servers.
Serious Vulnerability in the Internet Infrastructure Fundamental design flaw in DNSSEC discovered
13.02.2024. The National Research Center for Applied Cybersecurity ATHENE has uncovered a critical flaw in the design of DNSSEC, the Security Extensions of DNS (Domain Name System). DNS is one of the fundamental building blocks of the Internet. The design flaw has devastating consequences for essentially all DNSSEC-validating DNS implementations and public DNS providers, such as Google and Cloudflare. The ATHENE team, led by Prof. Dr. Haya Schulmann from Goethe University Frankfurt, developed “KeyTrap”, a new class of attacks: with just a single DNS packet hackers could stall all widely used DNS implementations and public DNS providers. Exploitation of this attack would have severe consequences for any application using the Internet including unavailability of technologies such as web-browsing, e-mail, and instant messaging. With KeyTrap, an attacker could completely disable large parts of the worldwide Internet. The researchers worked with all relevant vendors and major public DNS providers over several months, resulting in a number of vendor-specific patches, the last ones published on Tuesday, February 13. It is highly recommended for all providers of DNS services to apply these patches immediately to mitigate this critical vulnerability.
Strengthening Hessen's Cybersecurity Research
05.12.2022. Protecting the cybersecurity of society, business and the state, and fending off threats: That is the goal of ATHENE, the National Research Center for Applied Cybersecurity. Through its research and development, Goethe University now is contributing to Europe's largest cybersecurity research center.
Almost every company at one point or another falls victim to IT-based attacks. In addition, online attackers are becoming increasingly professional, Germany’s digital association Bitkom, which represents more than 2,000 companies of the digital economy, has found. The ATHENE National Research Center for Applied Cybersecurity already bundles the cybersecurity activities of several top research institutions. Goethe University recently joined these ranks and is now doing its part to strengthen and complement ATHENE's cybersecurity research.
Mechanism for Internet security broken
04.10.2022. The National research center for Cybersecurity ATHENE has found a way to break one of the basic mechanisms used to secure Internet traffic. The mechanism, called RPKI, is actually designed to prevent cybercriminals or government attackers from diverting traffic on the Internet. Such redirections are surprisingly common on the Internet, e.g., for espionage or through misconfigurations. The ATHENE scientist team of Prof. Dr. Haya Shulman showed that attackers can completely bypass the security mechanism without the affected network operators being able to detect this. According to analyses by the ATHENE team, popular implementations of RPKI worldwide were vulnerable by early 2021. The team informed the manufacturers, and now presented the findings to the international expert public.
ESORICS – this year with exclusive run-up tutorials
Run-up tutorials on current topics in cybersecurity research – ESORICS in 2021 to be held completely virtually again
22.06.2021. This year's ESORICS – European Symposium on Research in Computer Security – will be held virtually. For the first time it will start with monthly tutorials in advance. The first two tutorials will be free of charge. The tutorial series will start at the end of June with cybersecurity expert Dr. Yossi Oren from Ben-Gurion University in Israel. More information and registration: https://esorics2021.athene-center.de/.
ESORICS is one of the most prestigious scientific conferences in cybersecurity (Core Ranking A). This year, for the first time, tutorials will be held prior to the conference. The first two tutorials are free of charge, to enable as many interested people as possible to participate and to whet the appetite for the conference.
Conference radar for cybersecurity
21.07.2020. Starting immediately, the National Research Center for Applied Cybersecurity ATHENE offers a wide-ranging overview of the most important scientific conferences in the fields of cybersecurity and data protection at www.athene-center.de/cfp. Currently, the list includes more than 100 events and it can be filtered by event dates and submission deadlines. Additional filtering options allow for quickly finding suitable publication opportunities of various research topics, while taking into account the scientific reputation of each event listed.
Freezing the Web
Darmstadt’s cybersecurity scientists uncover vulnerabilities in JavaScript-based Web Servers
05.04.2018. Everybody, who uses the Internet, is familiar with the problem: you need information of a web site urgently, want to make a booking or an online-purchase, but the required web site does not load. Common measures, such as restarting your computer or checking the WiFi connection, are not always successful, sometimes it also helps to wait for some time and then try again. Scientists at the Center for Research in Security and Privacy, CRISP demonstrate that malicious intentions may cause such scenarios. The scientists discovered vulnerabilities in JavaScript software modules, which allow cyber criminals to freeze specific web sites, so that other users cannot access the web site anymore.