Secure (Multiple) Key-Cast over Networks: Multiple Eavesdropping Nodes

We study the secure multiple key-cast problem over noiseless networks under node-based eavesdroppers, where one or more source nodes participate in the generation of distinct secret keys to be shared among designated terminal subsets, while an eavesdropper observing up to $\ell$ nodes, including...

Secure Over-The-Air Computation against Multiple Eavesdroppers Using Correlated Artificial Noise

In the era of the Internet of Things and massive connectivity, many engineering applications, such as sensor fusion and federated edge learning, rely on efficient data aggregation from geographically distributed users over wireless networks. Over-the-air computation shows promising potential for...

Secure Low-Altitude Maritime Communications Via Intelligent Jamming

Low-altitude wireless networks LAWNs have emerged as a viable solution for maritime communications. In these maritime LAWNs, unmanned aerial vehicles UAVs serve as practical low-altitude platforms for wireless communications due to their flexibility and ease of deployment. However, the open and...

Sensing Security in Near-Field ISAC: Exploiting Scatterers for Eavesdropper Deception

In this paper, we explore sensing security in near-field NF integrated sensing and communication ISAC scenarios by exploiting known scatterers in the sensing scene. We propose a location deception LD scheme where scatterers are deliberately illuminated with probing power that is higher than that...

Fluid-Antenna-Aided AAV Secure Communications in Eavesdropper Uncertain Location

For autonomous aerial vehicle AAV secure communications, traditional designs based on fixed position antenna FPA lack sufficient spatial degrees of freedom DoF, which leaves the line-of-sight-dominated AAV links vulnerable to eavesdropping. To overcome this problem, this paper proposes a framewor...

CVE-2023-33982

Bramble Handshake Protocol BHP in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden...

CVE-2024-47871

CVE-2024-47871 affects Gradio, an open-source Python package for quick prototyping. The flaw is insecure communication between the FRP client and server when share=True is enabled, with no enforced HTTPS. This allows an attacker to intercept files uploaded to the Gradio server and modify response...

CVE-2024-47871 Insecure communication between the FRP client and server in Gradio

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves insecure communication between the FRP Fast Reverse Proxy client and server when Gradio's share=True option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and rea...

CVE-2024-47871 Insecure communication between the FRP client and server in Gradio

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves insecure communication between the FRP Fast Reverse Proxy client and server when Gradio's share=True option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and rea...

GHSA-279J-X4GX-HFRH Gradio uses insecure communication between the FRP client and server

Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves insecure communication between the FRP Fast Reverse Proxy client and server when Gradio's share=True option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and read files upload...

China Possibly Hacking US “Lawful Access” Backdoor

The Wall Street Journal is reporting that Chinese hackers Salt Typhoon penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests. Those backdoors have been mandated by law--CALEA--since...

Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users

Security vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users' keystrokes to nefarious actors. The findings come from the Citizen Lab, which discovered weaknesses in eight of nine apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Viv...

wolfSSL 信任管理问题漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library for embedded systems developers from WolfSSL, Inc. in the United States. A security vulnerability exists in WolfSSL versions prior to 5.6.2 that stems from a security issue with TLS 1.3 sessions that allows an eavesdropper to...

Debian DSA-2627-1 : nginx - information leak

Juliano Rizzo and Thai Duong discovered a weakness in the TLS/SSL protocol when using compression. This side channel attack, dubbed'CRIME', allows eavesdroppers to gather information to recover the original plaintext in the protocol. This update to nginx disables SSL compression. %NASLMINLEVEL...

Memory Bug Fixed in Tor Client

The Tor Project has fixed a flaw in its anonymization and privacy software that leaked information from memory on some machines running Tor that could give an attacker access to sensitive information stored in the cache. The issue was caused by the way that some compilers handle a specific functi...