CVE-2020-28276

Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution...

CVE-2019-9488

Trend Micro Deep Security Manager 10.x, 11.x and Vulnerability Protection 2.0 are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager DSM...

CVE-2019-15627

Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows agents are affected...

CVE-2019-10745

assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using either a constructor or a proto payload...

CVE-2019-15626

The Deep Security Manager application Versions 10.0, 11.0 and 12.0, when configured in a certain way, may transmit initial LDAP communication in clear text. This may result in confidentiality impact but does not impact integrity or availability...

CVE-2010-2823

Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine ACE 4710 appliance with software before A32.6 allows remote attackers to cause a denial of service device reload via crafted HTTP packets, related to HTTP, RTSP, and SIP inspection, aka Bug ID...

CVE-2006-5251

PHP remote file inclusion vulnerability in index.php in Deep CMS 2.0a allows remote attackers to execute arbitrary PHP code via a URL in the ConfigDir parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

Real-Time Detection of Insider Threats Using Behavioral Analytics and Deep Evidential Clustering

Insider threats represent one of the most critical challenges in modern cybersecurity. These threats arise from individuals within an organization who misuse their legitimate access to harm the organization's assets, data, or operations. Traditional security mechanisms, primarily designed for...

The Ephemeral Threat: Assessing the Security of Algorithmic Trading Systems Powered by Deep Learning

We study the security of stock price forecasting using Deep Learning DL in computational finance. Despite abundant prior research on the vulnerability of DL to adversarial perturbations, such work has hitherto hardly addressed practical adversarial threat models in the context of DL-powered...

A Survey of Learning-Based Intrusion Detection Systems for In-Vehicle Network

Connected and Autonomous Vehicles CAVs enhance mobility but face cybersecurity threats, particularly through the insecure Controller Area Network CAN bus. Cyberattacks can have devastating consequences in connected vehicles, including the loss of control over critical systems, necessitating robus...

Cybersecurity Threat Detection Based on a UEBA Framework Using Deep Autoencoders

User and Entity Behaviour Analytics UEBA is a broad branch of data analytics that attempts to build a normal behavioural profile in order to detect anomalous events. Among the techniques used to detect anomalies, Deep Autoencoders constitute one of the most promising deep learning models on UEBA...

MUBox: a Critical Evaluation Framework of Deep Machine Unlearning

Recent legal frameworks have mandated the right to be forgotten, obligating the removal of specific data upon user requests. Machine Unlearning has emerged as a promising solution by selectively removing learned information from machine learning models. This paper presents MUBox, a comprehensive...

Intrusion Detection System Using Deep Learning for Network Security

As the number of cyberattacks and their particualr nature escalate, the need for effective intrusion detection systems IDS has become indispensable for ensuring the security of contemporary networks. Adaptive and more sophisticated threats are often beyond the reach of traditional approaches to...

Learning from the Good Ones: Risk Profiling-Based Defenses against Evasion Attacks on DNNs

Safety-critical applications such as healthcare and autonomous vehicles use deep neural networks DNN to make predictions and infer decisions. DNNs are susceptible to evasion attacks, where an adversary crafts a malicious data instance to trick the DNN into making wrong decisions at inference time...

Efficient Full-Stack Private Federated Deep Learning with Post-Quantum Security

Federated learning FL enables collaborative model training while preserving user data privacy by keeping data local. Despite these advantages, FL remains vulnerable to privacy attacks on user updates and model parameters during training and deployment. Secure aggregation protocols have been...

rexml: DoS vulnerability in REXML

A vulnerability was found in REXML RubyGems. This package is vulnerable to denial of service DoS when parsing a deep XML structure with the same local name attribute. This vulnerability only affects tree parser API like REXML::Document.new, other parser APIs such as stream parser API and SAX2...

A Comprehensive Analysis of Adversarial Attacks against Spam Filters

Deep learning has revolutionized email filtering, which is critical to protect users from cyber threats such as spam, malware, and phishing. However, the increasing sophistication of adversarial attacks poses a significant challenge to the effectiveness of these filters. This study investigates t...

Explainable Machine Learning for Cyberattack Identification from Traffic Flows

The increasing automation of traffic management systems has made them prime targets for cyberattacks, disrupting urban mobility and public safety. Traditional network-layer defenses are often inaccessible to transportation agencies, necessitating a machine learning-based approach that relies sole...

Cert-SSB: toward Certified Sample-Specific Backdoor Defense

Deep neural networks DNNs are vulnerable to backdoor attacks, where an attacker manipulates a small portion of the training data to implant hidden backdoors into the model. The compromised model behaves normally on clean samples but misclassifies backdoored samples into the attacker-specified...

Bipartite Randomized Response Mechanism for Local Differential Privacy

With the increasing importance of data privacy, Local Differential Privacy LDP has recently become a strong measure of privacy for protecting each user's privacy from data analysts without relying on a trusted third party. In many cases, both data providers and data analysts hope to maximize the...