25 matches found
Profiling User Vulnerability to Phishing through Psychological and Behavioral Factors
Phishing remains one of the most pervasive cybersecurity threats, shifting the focus from technological vulnerabilities to human cognitive and psychological factors. In coherence with the trend of studies on phishing to increasingly focus on human aspects and vulnerable users profiling, this stud...
The CTI Echo Chamber: Fragmentation, Overlap, and Vendor Specificity in Twenty Years of Cyber Threat Reporting
Despite the high volume of open-source Cyber Threat Intelligence CTI, our understanding of long-term threat actor-victim dynamics remains fragmented due to the lack of structured datasets and inconsistent reporting standards. In this paper, we present a large-scale automated analysis of open-sour...
Evidence of Cognitive Biases in Capture-The-Flag Cybersecurity Competitions
Understanding how cognitive biases influence adversarial decision-making is essential for developing effective cyber defenses. Capture-the-Flag CTF competitions provide an ecologically valid testbed to study attacker behavior at scale, simulating real-world intrusion scenarios under pressure. We...
Fairness and Bias in Algorithmic Hiring: a Multidisciplinary Survey
Employers are adopting algorithmic hiring technology throughout the recruitment pipeline. Algorithmic fairness is especially applicable in this domain due to its high stakes and structural inequalities. Unfortunately, most work in this space provides partial treatment, often constrained by two...
Phare: a Safety Probe for Large Language Models
Ensuring the safety of large language models LLMs is critical for responsible deployment, yet existing evaluations often prioritize performance over identifying failure modes. We introduce Phare, a multilingual diagnostic framework to probe and evaluate LLM behavior across three critical...
OpenUI 跨站脚本漏洞
OpenUI is a UI program open-sourced by Weights & Biases. A cross-site scripting vulnerability exists in OpenUI, which stems from a stored cross-site scripting vulnerability in the Edit HTML function that could lead to the theft of a user's alert history and other sensitive information...
Weights & Biases Detection
A Weights & Biases Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid208133; scriptversion"1.6";...
Withdrawn Advisory: Weights and Biases (wandb) has a Server-Side Request Forgery (SSRF) vulnerability
Withdrawn Advisory This advisory has been withdrawn because the underlying issue existed in Weights and Biases's backend server code, not the software development kit included in the wandb PyPI package, as originally reported. This link is maintained to preserve external references. Original...
Why Defenders Should Embrace a Hacker Mindset
Today's security leaders must manage a constantly evolving attack surface and a dynamic threat environment due to interconnected devices, cloud services, IoT technologies, and hybrid work environments. Adversaries are constantly introducing new attack techniques, and not all companies have intern...
LLM Summary of My Book Beyond Fear
Claude Anthropics LLM was given this prompt: Please summarize the themes and arguments of Bruce Schneiers book Beyond Fear. Im particularly interested in a taxonomy of his ethical arguments--please expand on that. Then lay out the most salient criticisms of the book. Claudes reply: Heres a brief...
How to Apply MITRE ATT&CK to Your Organization
Discover all the ways MITRE ATT&CK can help you defend your organization. Build your security strategy and policies by making the most of this important framework. What is the MITRE ATT&CK Framework? MITRE ATT&CK Adversarial Tactics, Techniques, and Common Knowledge is a widely adopted framework...
SUSE CVE-2013-2566
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext...
CISA Updates Best Practices for Mapping to MITRE ATT&CK®
Today, CISA updated Best Practices for MITRE ATT&CK® Mapping. The MITRE ATT&CK® framework is a lens through which network defenders can analyze adversary behavior and, as CISA Executive Assistant Director Eric Goldstein noted in his June 2021 blog post on the framework, it directly supports...
Improving Popularity Rankings for Better Threat Intelligence, Part 1
AkaRank can overcome biases in current domain popularity lists and help ensure the best threat coverage and user experience...
Now it's BlenderBot's turn to make shocking, inappropriate, and untrue remarks
Last Friday, Meta unveiled its new BlenderBot 3 AI chatbot, a conversational AI prototype. The company said its chatbot is designed to learn by having natural conversations with people online. It also improves its skills via human feedback. Meta also asserts with confidence that the more the AI...
Brave Search wants to replace Google’s biased search results with yours
Brave Search, Brave Softwares privacy search engine, just turned one. To celebrate, the company says it is moving the search engine out of its beta phase to become the default search engine for all Brave browser users. Goodbye, Google? Not entirely. In May 2015, Mozilla alumni Brendan Eich and...
4 Fallacies That Keep SMBs Vulnerable to Ransomware, Pt. 1
This post is co-authored by Chris Henderson, Senior Director of Information Security at Datto, Inc. Ransomware has focused on big-game hunting of large enterprises in the past years, and those events often make the headlines. The risk can be even more serious for small and medium-sized businesses...
Welcoming and retaining diversity in cybersecurity
I doubt I’d be in the role I am now if leaders at one of my first jobs hadn’t taken an interest in my career. Although I taught myself to code when I was young, I graduated from college with a degree in English Literature and began my post-college career in editorial. I worked my way up to...
Researchers Built an ‘Online Lie Detector.’ Honestly, That Could Be a Problem
Critics point out serious flaws in a study promising an "online polygraph," with potential to create deep biases...
How to Crack RC4 Encryption in WPA-TKIP and TLS
Security researchers have developed a more practical and feasible attack technique against the RC4 cryptographic algorithm that is still widely used to encrypt communications on the Internet. Despite being very old, RC4 Rivest Cipher 4 is still the most widely used cryptographic cipher implemente...