[SECURITY] Fedora 44 Update: nginx-mod-js-challenge-0^20230517.gitda6852d-7.fc44

Simple JavaScript proof-of-work based access for Nginx with virtually no over head...

RandSet: Randomized Corpus Reduction for Fuzzing Seed Scheduling

Seed explosion is a fundamental problem in fuzzing seed scheduling, where a fuzzer maintains a huge corpus and fails to choose promising seeds. Existing works focus on seed prioritization but still suffer from seed explosion since corpus size remains huge. We tackle this from a new perspective:...

TrapSuffix: Proactive Defense against Adversarial Suffixes in Jailbreaking

Suffix-based jailbreak attacks append an adversarial suffix, i.e., a short token sequence, to steer aligned LLMs into unsafe outputs. Since suffixes are free-form text, they admit endlessly many surface forms, making jailbreak mitigation difficult. Most existing defenses depend on passive detecti...

EBPF-PATROL: Protective Agent for Threat Recognition and Overreach Limitation Using EBPF in Containerized and Virtualized Environments

With the increasing use and adoption of cloud and cloud-native computing, the underlying technologies i.e., containerization and virtualization have become foundational. However, strict isolation and maintaining runtime security in these environments has become increasingly challenging. Existing...

Securing AI Agent Execution

Large Language Models LLMs have evolved into AI agents that interact with external tools and environments to perform complex tasks. The Model Context Protocol MCP has become the de facto standard for connecting agents with such resources, but security has lagged behind: thousands of MCP servers...

CAN Networks Security in Smart Grids Communication Technologies

The rapid evolution of smart grids requires effective communication protocols to transfer data reliably and securely. Controller Area Network CAN is one of the most recognized protocols that offer reliable data transmission in smart grids due to its robustness, real-time capabilities, and...

Obfuscated Quantum and Post-Quantum Cryptography

In this work, we present an experimental deployment of a new design for combined quantum key distribution QKD and post-quantum cryptography PQC. Novel to our system is the dynamic obfuscation of the QKD-PQC sequence of operations, the number of operations, and parameters related to the operations...

Verifiable Unlearning on Edge

Machine learning providers commonly distribute global models to edge devices, which subsequently personalize these models using local data. However, issues such as copyright infringements, biases, or regulatory requirements may require the verifiable removal of certain data samples across all edg...

Detecting Hardware Trojans in Microprocessors via Hardware Error Correction Code-based Modules

Software-exploitable Hardware Trojans HTs enable attackers to execute unauthorized software or gain illicit access to privileged operations. This manuscript introduces a hardware-based methodology for detecting runtime HT activations using Error Correction Codes ECCs on a RISC-V microprocessor...

ObfusBFA: a Holistic Approach to Safeguarding DNNs from Different Types of Bit-Flip Attacks

Bit-flip attacks BFAs represent a serious threat to Deep Neural Networks DNNs, where flipping a small number of bits in the model parameters or binary code can significantly degrade the model accuracy or mislead the model prediction in a desired way. Existing defenses exclusively focus on...

When Mitigations Backfire: Timing Channel Attacks and Defense for PRAC-Based RowHammer Mitigations

Per Row Activation Counting PRAC has emerged as a robust framework for mitigating RowHammer RH vulnerabilities in modern DRAM systems. However, we uncover a critical vulnerability: a timing channel introduced by the Alert Back-Off ABO protocol and Refresh Management RFM commands. We present...

Fedora: Security Advisory (FEDORA-2024-80e062d21a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: golang-gvisor-20240408.0-1.20240418git9e5a99b.fc39

gVisor is an open-source, OCI-compatible sandbox runtime that provides a virtualized container environment. It runs containers with a new user-space kernel, delivering a low overhead container security solution for high-density applications. gVisor integrates with Docker, containerd and Kubernete...

[SECURITY] Fedora 40 Update: golang-gvisor-20240408.0-1.20240418git9e5a99b.fc40

gVisor is an open-source, OCI-compatible sandbox runtime that provides a virtualized container environment. It runs containers with a new user-space kernel, delivering a low overhead container security solution for high-density applications. gVisor integrates with Docker, containerd and Kubernete...

Fedora: Security Advisory for cachelib (FEDORA-2023-7934802344)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Detailed Heap Profiler: Memoro

Memoro is a highly detailed heap profiler. Memoro not only shows you where and when your program makes heap allocations, but will show you how your program actually used that memory. Memoro collects detailed information on accesses to the heap, including reads and writes to memory and when they...