EUVD-2024-30311

Malicious code in bioql PyPI...

EUVD-2024-28409

Malicious code in bioql PyPI...

Noisy Networks, Nosy Neighbors: Inferring Privacy Invasive Information from Encrypted Wireless Traffic

This thesis explores the extent to which passive observation of wireless traffic in a smart home environment can be used to infer privacy-invasive information about its inhabitants. Using a setup that mimics the capabilities of a nosy neighbor in an adjacent flat, we analyze raw 802.11 packets an...

Roblox introduces age checks to use communication features

Roblox is an online platform that allows users to build, play and share online worlds and 3D games. Unfortunately, it’s also a popular platform among predators reaching out to kids and seducing them using game features such as messaging, avatar customization, and role-play. Over the years, the...

PostgreSQL -- vulnerabilities

PostgreSQL project reports: Tighten security checks in planner estimation functions. Prevent pgdump scripts from being used to attack the user running the restore. Convert newlines to spaces in names included in comments in pgdump output...

Centralized Dynamic State Estimation Algorithm for Detecting and Distinguishing Faults and Cyber Attacks in Power Systems

As power systems evolve with increased integration of renewable energy sources, they become more complex and vulnerable to both cyber and physical threats. This study validates a centralized Dynamic State Estimation DSE algorithm designed to enhance the protection of power systems, particularly...

Google Will Use AI to Guess People’s Ages Based on Search History

Plus: A former top US cyber official loses her new job due to political backlash, Congress is rushing through a bill to censor lawmakers’ personal information online, and more...

Large Language Model-Based Framework for Explainable Cyberattack Detection in Automatic Generation Control Systems

The increasing digitization of smart grids has improved operational efficiency but also introduced new cybersecurity vulnerabilities, such as False Data Injection Attacks FDIAs targeting Automatic Generation Control AGC systems. While machine learning ML and deep learning DL models have shown...

URLCrazy Domain Name Typo Tool 0.8.2

URLCrazy is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo ...

Clean Code in Practice: Challenges and Opportunities

Reliability prediction is crucial for ensuring the safety and security of software systems, especially in the context of industry practices. While various metrics and measurements are employed to assess software reliability, the complexity of modern systems necessitates a deeper understanding of...

Age verification: Child protection or privacy risk?

With governments demanding actual age verification on websites with adult content, and platforms like social media and Roblox introducing restrictions based on a user’s age, the controversy about different types of age verification and their implications is growing. Last week, Roblox announced ne...

ShrinkBox: Backdoor Attack on Object Detection to Disrupt Collision Avoidance in Machine Learning-Based Advanced Driver Assistance Systems

Advanced Driver Assistance Systems ADAS significantly enhance road safety by detecting potential collisions and alerting drivers. However, their reliance on expensive sensor technologies such as LiDAR and radar limits accessibility, particularly in low- and middle-income countries. Machine...

Adaptive Network Security Policies Via Belief Aggregation and Rollout

Evolving security vulnerabilities and shifting operational conditions require frequent updates to network security policies. These updates include adjustments to incident response procedures and modifications to access controls, among others. Reinforcement learning methods have been proposed for...

Enhancing Resilience against Jamming Attacks: a Cooperative Anti-Jamming Method Using Direction Estimation

The inherent vulnerability of wireless communication necessitates strategies to enhance its security, particularly in the face of jamming attacks. This paper uses the collaborations of multiple sensing nodes SNs in the wireless network to present a cooperative anti-jamming approach CAJ designed t...

List-Decodable Byzantine Robust PIR: Lower Communication Complexity, Higher Byzantine Tolerance, Smaller List Size

Private Information Retrieval PIR is a privacy-preserving primitive in cryptography. Significant endeavors have been made to address the variant of PIR concerning the malicious servers. Among those endeavors, list-decodable Byzantine robust PIR schemes may tolerate a majority of malicious...

FARFETCH'D: a Side-Channel Analysis Framework for Privacy Applications on Confidential Virtual Machines

Confidential virtual machines CVMs based on trusted execution environments TEEs enable new privacy-preserving solutions. Yet, they leave side-channel leakage outside their threat model, shifting the responsibility of mitigating such attacks to developers. However, mitigations are either not gener...

Optimal Piecewise-Based Mechanism for Collecting Bounded Numerical Data under Local Differential Privacy

Numerical data with bounded domains is a common data type in personal devices, such as wearable sensors. While the collection of such data is essential for third-party platforms, it raises significant privacy concerns. Local differential privacy LDP has been shown as a framework providing provabl...

Locally Differentially Private Frequency Estimation Via Joint Randomized Response

Local Differential Privacy LDP has been widely recognized as a powerful tool for providing a strong theoretical guarantee of data privacy to data contributors against an untrusted data collector. Under a typical LDP scheme, each data contributor independently randomly perturbs their data before...

One Patch to Rule Them All: Transforming Static Patches into Dynamic Attacks in the Physical World

Numerous methods have been proposed to generate physical adversarial patches PAPs against real-world machine learning systems. However, each existing PAP typically supports only a single, fixed attack goal, and switching to a different objective requires re-generating and re-deploying a new PAP...

Attacking Attention of Foundation Models Disrupts Downstream Tasks

Foundation models represent the most prominent and recent paradigm shift in artificial intelligence. Foundation models are large models, trained on broad data that deliver high accuracy in many downstream tasks, often without fine-tuning. For this reason, models such as CLIP , DINO or Vision...