Rethinking Latency Denial-Of-Service: Attacking the LLM Serving Framework, Not the Model

Large Language Models face an emerging and critical threat known as latency attacks. Because LLM inference is inherently expensive, even modest slowdowns can translate into substantial operating costs and severe availability risks. Recently, a growing body of research has focused on algorithmic...

Security without Detection: Economic Denial As a Primitive for Edge and IoT Defense

Detection-based security fails against sophisticated attackers using encryption, stealth, and low-rate techniques, particularly in IoT/edge environments where resource constraints preclude ML-based intrusion detection. We present Economic Denial Security EDS, a detection-independent framework tha...

Five Minutes of DDoS Brings Down Tor: DDoS Attacks on the Tor Directory Protocol and Mitigations

The Tor network offers network anonymity to its users by routing their traffic through a sequence of relays. A group of nine directory authorities maintains information about all available relay nodes using a distributed directory protocol. We observe that the current protocol makes a steep...

Practical Adversarial Attacks on Stochastic Bandits Via Fake Data Injection

Adversarial attacks on stochastic bandits have traditionally relied on some unrealistic assumptions, such as per-round reward manipulation and unbounded perturbations, limiting their relevance to real-world systems. We propose a more practical threat model, Fake Data Injection, which reflects...

How helpful are estimates about how much cyber attacks cost?

Coming from the newspaper and media industry, Im no stranger to wanting to write catchy headlines. Im certainly at fault for throwing together a story about so-and-sos house sold for X million dollars. But recently Ive been wondering if those "big numbers" for cybersecurity are helpful at all, ev...

Lower Data Breach Insurance Costs with These Tips

The changing attack landscape has resulted in the hardening of the data breach insurance market. Gain insight into how implementing security controls can reduce the mean time to detect and control the costliness of an attack...

CVE-2023-38698

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration...

A Quick Guide for Small Cybersecurity Teams Looking to Invest in Cyber Insurance

In the world of insurance providers and policies, cyber insurance is a fairly new field. And many security teams are trying to wrap their heads around it. What is it and do they need it? And with what time will they spend researching how to integrate cyber insurance into their strategy? For small...

CVE-2017-12842

Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevant mainly only in situations where an...

Psychological Aspects of Vulnerability Remediation

In my opinion, Remediation is the most difficult part of Vulnerability Management process. If you know the assets in your organization and can assess them, you will sooner or later produce a good enough flow of critical vulnerabilities. But what the point, if the IT team will not fix them?...

Fake valid SSL certificate creation attack was successfully demonstrated

Valid fake SSL certificate creation attack was demonstratedby exploiting MD5 collisions and RapidSSL certificate generation procedures. The cost of attack is appoximately $2000...