How Worrying Are Privacy Attacks against Machine Learning?

In several jurisdictions, the regulatory framework on the release and sharing of personal data is being extended to machine learning ML. The implicit assumption is that disclosing a trained ML model entails a privacy risk for any personal data used in training comparable to directly releasing tho...

Can Federated Learning Safeguard Private Data in LLM Training? Vulnerabilities, Attacks, and Defense Evaluation

Fine-tuning large language models LLMs with local data is a widely adopted approach for organizations seeking to adapt LLMs to their specific domains. Given the shared characteristics in data across different organizations, the idea of collaboratively fine-tuning an LLM using data from multiple...

The Man behind the Sound: Demystifying Audio Private Attribute Profiling Via Multimodal Large Language Model Agents

Our research uncovers a novel privacy risk associated with multimodal large language models MLLMs: the ability to infer sensitive personal attributes from audio data -- a technique we term audio private attribute profiling. This capability poses a significant threat, as audio can be covertly...

Entangled Threats: a Unified Kill Chain Model for Quantum Machine Learning Security

Quantum Machine Learning QML systems inherit vulnerabilities from classical machine learning while introducing new attack surfaces rooted in the physical and algorithmic layers of quantum computing. Despite a growing body of research on individual attack vectors - ranging from adversarial poisoni...

CSVAR: Enhancing Visual Privacy in Federated Learning Via Adaptive Shuffling against Overfitting

Although federated learning preserves training data within local privacy domains, the aggregated model parameters may still reveal private characteristics. This vulnerability stems from clients' limited training data, which predisposes models to overfitting. Such overfitting enables models to...

Can Differentially Private Fine-Tuning LLMs Protect against Privacy Attacks?

Fine-tuning large language models LLMs has become an essential strategy for adapting them to specialized tasks; however, this process introduces significant privacy challenges, as sensitive training data may be inadvertently memorized and exposed. Although differential privacy DP offers strong...

NIST Warns of Security and Privacy Risks from Rapid AI System Deployment

The U.S. National Institute of Standards and Technology NIST is calling attention to the privacy and security challenges that arise as a result of increased deployment of artificial intelligence AI systems in recent years. "These security and privacy challenges include the potential for adversari...

QNAP QTS HTTP Security Header Vulnerability (QSA-21-03)

QNAP QTS is prone to a HTTP security header vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts"; ifdescripti...

CVE-2018-19957

A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS...

CVE-2018-19957

A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS...

CVE-2018-19957

CVE-2018-19957 concerns insufficient HTTP security headers in QNAP QTS, QuTS hero, and QuTScloud. The vulnerability affects QNAP NAS platforms running QTS, QuTS hero, and QuTScloud, enabling remote attackers to launch privacy/security attacks. The issue has been addressed by explicit fixes: QTS 4...

RSAC 2019: For Domestic Abuse, IoT Devices Pose New Threat

SAN FRANCISCO – The influx of connected products in the home – from smart thermometers to connected locks – presents a disturbing new threat surface for victims of domestic abuse. That’s what Lisa Green, senior director of operations at Independent Security Evaluators, is warning conference-goers...

Researchers Shine Light on Smart-Bulb Data Theft

Lightbulbs were invented to do one thing: illuminate a room or a space. Cybercriminals, however, may find that these glass miracles can be used to shed light in a more metaphorical sense – to spy on users’ private data and preferences. The light emitted by modern smart bulbs can be used in two...

HITB2011KUL - Attacking Privacy of Social Network Users

Document Title: =============== HITB2011KUL - Attacking Privacy of Social Network Users References: =========== Download: http://www.vulnerability-lab.com/resources/videos/425.wmv View: http://www.youtube.com/watch?v=xGuV0Om67n8 Release Date: ============= 2012-02-05 Vulnerability Laboratory ID...