Do Not Enable the DHCP Service

The Dynamic Host Configuration Protocol DHCP service provides dynamic allocation of IP addresses to machines. Unless a system is the designated DHCP server, you are advised to disable its DHCP service to reduce the attack surface. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions...

Ensure Kernel SMEP is Enabled

Supervisor Mode Execution Prevention SMEP can be enabled to prevent the user-space code execution on the kernel. If SMEP is not enabled, attackers can execute the user-space code through kernel-mode code redirection, which increases the attack surface and reduces system security. SMEP is enabled ...

Disable SysRq

SysRq enables users with physical access to access dangerous system-level commands in a computer. Therefore, it is advised to restrict the usage of the SysRq function. If SysRq is not disabled, you can use the keyboard to trigger SysRq. As a result, commands may be directly sent to the kernel,...

Disable IP Forwarding

If a node does not function as a gateway server, disable the IP forwarding function. Otherwise, attackers can use the node as a router. In the container scenario, if network packets need to be forwarded through the host, IP forwarding is allowed. SPDX-FileCopyrightText: 2025 Greenbone AG Some tex...

Enable AIDE

Advanced intrusion detection environment AIDE is an intrusion detection tool that checks the integrity of system files and directories and identifies those maliciously tampered with. In principle, the integrity check can be performed only after an AIDE benchmark database is constructed, which...

Configure a Proper Number of Queues in the SYN_RECV State

The SYNRECV queue stores the TCP connection requests that have not been confirmed by the peer end. A larger value indicates more waiting network connections. If the value is too small, the system is vulnerable to TCP SYN flood attacks. As a result, normal connections are denied. If the value is t...

Configure Proper Policies for OUTPUT of nftables

There are two occasions in which a server sends outgoing packets: 1. The local host process proactively connects to an external server, for example, performing an HTTP access, or sending data to a log server. 2. The local host responds to the external access to the local services. If no policy is...

Configure the dmesg Access Permission Properly

The permission to access dmesg information is restricted. Unprivileged users cannot view system information. This prevents any one from obtaining sensitive information and attacking the system. Only processes with the CAPSYSLOG capability are allowed to access kernel logs. In this way, the least...

Configure a Proper Number of Concurrent Unauthenticated SSH Connections

Without knowing the password, an attacker can set up a large number of concurrent connections that have not been authenticated to consume system resources. The number of concurrent unauthenticated SSH connections is not configured in openEuler by default. You are advised to configure the upper...

OET: Optimization-Based Prompt Injection Evaluation Toolkit

Large Language Models LLMs have demonstrated remarkable capabilities in natural language understanding and generation, enabling their widespread adoption across various domains. However, their susceptibility to prompt injection attacks poses significant security risks, as adversarial inputs can...

An Empirical Study on the Effectiveness of Large Language Models for Binary Code Understanding

Binary code analysis plays a pivotal role in the field of software security and is widely used in tasks such as software maintenance, malware detection, software vulnerability discovery, patch analysis, etc. However, unlike source code, reverse engineers face significant challenges in understandi...

Llama-3.1-FoundationAI-SecurityLLM-Base-8B Technical Report

As transformer-based large language models LLMs increasingly permeate society, they have revolutionized domains such as software engineering, creative writing, and digital arts. However, their adoption in cybersecurity remains limited due to challenges like scarcity of specialized training data a...

CipherBank: Exploring the Boundary of LLM Reasoning Capabilities through Cryptography Challenges

Large language models LLMs have demonstrated remarkable capabilities, especially the recent advancements in reasoning, such as o1 and o3, pushing the boundaries of AI. Despite these impressive achievements in mathematics and coding, the reasoning abilities of LLMs in domains requiring cryptograph...

Breaking the Flow and the Bank: Stealthy Cyberattacks on Water Network Hydraulics

As water distribution networks WDNs become increasingly connected with digital infrastructures, they face greater exposure to cyberattacks that threaten their operational integrity. Stealthy False Data Injection Attacks SFDIAs are particularly concerning, as they manipulate sensor data to...

Private Federated Learning Using Preference-Optimized Synthetic Data

In practical settings, differentially private Federated learning DP-FL is the dominant method for training models from private, on-device client data. Recent work has suggested that DP-FL may be enhanced or outperformed by methods that use DP synthetic data Wu et al., 2024; Hou et al., 2024. The...

Secure Transfer Learning: Training Clean Models against Backdoor in (Both) Pre-Trained Encoders and Downstream Datasets

Transfer learning from pre-trained encoders has become essential in modern machine learning, enabling efficient model adaptation across diverse tasks. However, this combination of pre-training and downstream adaptation creates an expanded attack surface, exposing models to sophisticated backdoor...

Malicious code in search-benchmark-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 83090fc7978d15e4a0ee6c1d633d8998d6b7ce00f6c0ec85ec1e6297d679517e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3164 Malicious code in search-benchmark-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 83090fc7978d15e4a0ee6c1d633d8998d6b7ce00f6c0ec85ec1e6297d679517e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

androidx.benchmark:benchmark-common (>=1.1.0 <=1.4.0-alpha07), androidx.benchmark:benchmark-junit4 (>=1.1.0 <=1.2.4) +432 more potentially affected by CVE-2024-58103 via com.squareup.wire:wire-runtime (>=1.0.0 <=5.1.0)

com.squareup.wire:wire-runtime MAVEN version =1.0.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =0.1.4-20211109.2053-a41370d, =0.1.0, =0.1.4-20211109.2053-a41370d, =0.1.4-20211109.2053-a41370d, =0.1.4-20220406.2256-c2ad520, =0.1.4-20211109.2053-a41370d, =0.1.0, =0.1.3-20210127.1838-76ab4fc,...

androidx.benchmark:benchmark-common (>=1.4.0-alpha01 <=1.4.0-alpha07), androidx.benchmark:benchmark-macro (>=1.4.0-alpha01 <=1.4.0-alpha07) +44 more potentially affected by CVE-2024-58103 via com.squareup.wire:wire-runtime (>=5.0.0-alpha01 <=5.1.0)

com.squareup.wire:wire-runtime MAVEN version =5.0.0-alpha01, =1.4.0-alpha01, =1.4.0-alpha01, =2.108.2, =2024.08.21.185109-d03dfc6, =2024.08.21.185109-d03dfc6, =2024.08.21.185109-d03dfc6, =2024.08.21.185109-d03dfc6, =2024.08.21.185109-d03dfc6, =2024.08.21.185109-d03dfc6, =2024.08.21.185109-d03dfc6...