CLIOPATRA: Extracting Private Information from LLM Insights

As AI assistants become widely used, privacy-aware platforms like Anthropic's Clio have been introduced to generate insights from real-world AI use. Clio's privacy protections rely on layering multiple heuristic techniques together, including PII redaction, clustering, filtering, and LLM-based...

Automated Side-Channel Analysis of Cryptographic Protocol Implementations

We extract the first formal model of WhatsApp from its implementation by combining binary-level analysis via CryptoBap with reverse engineering via Ghidra to handle this large closed-source application. Using this model, we prove forward secrecy, identify a known clone-attack against...

RADAR: a Radio-Based Analytics for Dynamic Association and Recognition of Pseudonyms in VANETs

This paper presents RADAR, a tracking algorithm for vehicles participating in Cooperative Intelligent Transportation Systems C-ITS that exploits multiple radio signals emitted by a modern vehicle to break privacy-preserving pseudonym schemes deployed in VANETs. This study shows that by combining...

ReCIT: Reconstructing Full Private Data from Gradient in Parameter-Efficient Fine-Tuning of Large Language Models

Parameter-efficient fine-tuning PEFT has emerged as a practical solution for adapting large language models LLMs to custom datasets with significantly reduced computational cost. When carrying out PEFT under collaborative learning scenarios e.g., federated learning, it is often required to exchan...

Design/Logic Flaw

A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS...

How to build a privacy program the right way

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with attorney Whitney Merrill, an expert on...

How to build a privacy program the right way

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with attorney Whitney Merrill, an expert on...

GitLab: Responsible Disclosure of Privacy Leakage Issue

Greetings, I am Mojtaba Zaheri, a doctoral candidate in Computer Science, affiliated with the NJIT Cybersecurity Research Center. Together with my doctoral dissertation advisor, Prof. Reza Curtmola, we are reaching out to perform responsible disclosure of a vulnerability present on the GitLab...

A week in security (January 28 – February 3)

Last week, we ran another in our interview with a malware hunter series, explained a FaceTime vulnerability, and took a deep dive into a new stealer. We also threw some light on a Houzz data breach, and what exactly happened between Apple and Facebook. Other cybersecurity news Kwik Fit hit by...