Efficient Full-Stack Private Federated Deep Learning with Post-Quantum Security

Federated learning FL enables collaborative model training while preserving user data privacy by keeping data local. Despite these advantages, FL remains vulnerable to privacy attacks on user updates and model parameters during training and deployment. Secure aggregation protocols have been...

Securing Immersive 360 Video Streams through Attribute-Based Selective Encryption

Delivering high-quality, secure 360� video content introduces unique challenges, primarily due to the high bitrates and interactive demands of immersive media. Traditional HTTPS-based methods, although widely used, face limitations in computational efficiency and scalability when securing these...

Redefining Application Security: Imperva’s Vision for the Future

It’s no secret that web applications have undergone a significant transformation over the past few years. The widespread adoption of containerization, serverless computing, low-code development, APIs, and microservices has redefined how applications are built, deployed, and scaled. According to...

Targeted Fuzzing for Unsafe Rust Code: Leveraging Selective Instrumentation

Rust is a promising programming language that focuses on concurrency, usability, and security. It is used in production code by major industry players and got recommended by government bodies. Rust provides strong security guarantees achieved by design utilizing the concepts of ownership and...

PQS-BFL: a Post-Quantum Secure Blockchain-Based Federated Learning Framework

Federated Learning FL enables collaborative model training while preserving data privacy, but its classical cryptographic underpinnings are vulnerable to quantum attacks. This vulnerability is particularly critical in sensitive domains like healthcare. This paper introduces PQS-BFL Post-Quantum...

How to Automate CVE and Vulnerability Advisory Response with Tines

Run by the team at workflow orchestration and AI platform Tines, the Tines library features pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform's Community Edition. A recent standout is a workflow that automates...

New Research Reveals: 95% of AppSec Fixes Don't Reduce Risk

For over a decade, application security teams have faced a brutal irony: the more advanced the detection tools became, the less useful their results proved to be. As alerts from static analysis tools, scanners, and CVE databases surged, the promise of better security grew more distant. In its...

RevealNet: Distributed Traffic Correlation for Attack Attribution on Programmable Networks

Network attackers have increasingly resorted to proxy chains, VPNs, and anonymity networks to conceal their activities. To tackle this issue, past research has explored the applicability of traffic correlation techniques to perform attack attribution, i.e., to identify an attacker's true network...

An Empirical Study on the Effectiveness of Large Language Models for Binary Code Understanding

Binary code analysis plays a pivotal role in the field of software security and is widely used in tasks such as software maintenance, malware detection, software vulnerability discovery, patch analysis, etc. However, unlike source code, reverse engineers face significant challenges in understandi...

SONNI: Secure Oblivious Neural Network Inference

In the standard privacy-preserving Machine learning as-a-service MLaaS model, the client encrypts data using homomorphic encryption and uploads it to a server for computation. The result is then sent back to the client for decryption. It has become more and more common for the computation to be...

Proof of Useful Intelligence (PoUI): Blockchain Consensus beyond Energy Waste

Blockchain technology enables secure, transparent data management in decentralized systems, supporting applications from cryptocurrencies like Bitcoin to tokenizing real-world assets like property. Its scalability and sustainability hinge on consensus mechanisms balancing security and efficiency...

Quantum Autoencoder for Multivariate Time Series Anomaly Detection

Anomaly Detection AD defines the task of identifying observations or events that deviate from typical - or normal - patterns, a critical capability in IT security for recognizing incidents such as system misconfigurations, malware infections, or cyberattacks. In enterprise environments like SAP...

Optimizing the Privacy-Utility Balance Using Synthetic Data and Configurable Perturbation Pipelines

This paper explores the strategic use of modern synthetic data generation and advanced data perturbation techniques to enhance security, maintain analytical utility, and improve operational efficiency when managing large datasets, with a particular focus on the Banking, Financial Services, and...

DOGE Worker’s Code Supports NLRB Whistleblower

A whistleblower at the National Labor Relations Board NLRB alleged last week that denizens of Elon Musk's Department of Government Efficiency DOGE siphoned gigabytes of data from the agency's sensitive case files in early March. The whistleblower said accounts created for DOGE at the NLRB...

[SECURITY] Fedora 41 Update: rust-writeable-0.5.5-3.fc41

A more efficient alternative to fmt::Display...

[SECURITY] Fedora 40 Update: rust-writeable-0.5.5-3.fc40

A more efficient alternative to fmt::Display...

Did DOGE “breach” Americans’ data? (Lock and Code S06E08)

This week on the Lock and Code podcast … If you don't know about the newly created US Department of Government Efficiency DOGE, there's a strong chance they already know about you. Created on January 20 by US President Donald Trump through Executive Order, DOGE's broad mandate is “modernizing...

MST3 Encryption Improvement with Three-Parameter Group of Hermitian Function Field

This scholarly work presents an advanced cryptographic framework utilizing automorphism groups as the foundational structure for encryption scheme implementation. The proposed methodology employs a three-parameter group construction, distinguished by its application of logarithmic signatures...

AESHA3: Efficient and Secure Sub-Key Generation for AES Using SHA-3

Advanced Encryption Standard AES is one of the most widely used symmetric cipher for the confidentiality of data. Also it is used for other security services, viz. integrity, authentication and key establishment. However, recently, authors have shown some weakness in the generation of sub-keys in...

Benchmarking Differentially Private Tabular Data Synthesis

Differentially private DP tabular data synthesis generates artificial data that preserves the statistical properties of private data while safeguarding individual privacy. The emergence of diverse algorithms in recent years has introduced challenges in practical applications, such as inconsistent...