Security and Privacy in O-RAN for 6G: A Comprehensive Review of Threats and Mitigation Approaches

Open Radio Access Network O-RAN is a major advancement in the telecommunications field, providing standardized interfaces that promote interoperability between different vendors' technologies, thereby enhancing network flexibility and reducing operational expenses. By leveraging cutting-edge...

CGM CLININET 操作系统命令注入漏洞

CGM CLININET is a hospital information management system developed by the German company CGM. CGM CLININET has a vulnerability related to operating system command injection. This vulnerability arises from insufficient standardization of parameters at multiple endpoints, which may lead to code...

Fundamentals, Recent Advances, and Challenges Regarding Cryptographic Algorithms for the Quantum Computing Era

This book arises from the need to provide a clear and up-to-date overview of the impacts of quantum computing on cryptography. The goal is to provide a reference in Portuguese for undergraduate, master's, and doctoral students in the field of data security and cryptography. Throughout the chapter...

poc_framework

pocframework A framework for vul...

SHERLOCK: A Deep Learning Approach to Detect Software Vulnerabilities

The increasing reliance on software in various applications has made the problem of software vulnerability detection more critical. Software vulnerabilities can lead to security breaches, data theft, and other negative outcomes. Traditional software vulnerability detection techniques, such as...

An In-Depth Systematic Analysis of the Security, Usability, and Automation Capabilities of Password Update Processes on Top-Ranked Websites

Password updates are a critical account security measure and an essential part of the password lifecycle. Service providers and common security recommendations advise users to update their passwords in response to incidents or as a critical cyber hygiene measure. However, password update processe...

Security and Privacy Management of IoT Using Quantum Computing

The convergence of the Internet of Things IoT and quantum computing is redefining the security paradigm of interconnected digital systems. Classical cryptographic algorithms such as RSA, Elliptic Curve Cryptography ECC, and Advanced Encryption Standard AES have long provided the foundation for...

Future G Network'S New Reality: Opportunities and Security Challenges

Future G network's new reality is a widespread cyber-physical environment created by Integrated Sensing and Communication ISAC. It is a crucial technology that transforms wireless connections into ubiquitous sensors. ISAC unlocks transformative new capabilities, powering autonomous systems,...

Neuro-Symbolic AI for Cybersecurity: State of the Art, Challenges, and Opportunities

Traditional Artificial Intelligence AI approaches in cybersecurity exhibit fundamental limitations: inadequate conceptual grounding leading to non-robustness against novel attacks; limited instructibility impeding analyst-guided adaptation; and misalignment with cybersecurity objectives...

Towards Verifiability of Total Value Locked (TVL) in Decentralized Finance

Total Value Locked TVL aims to measure the aggregate value of cryptoassets deposited in Decentralized Finance DeFi protocols. Although blockchain data is public, the way TVL is computed is not well understood. In practice, its calculation on major TVL aggregators relies on self-reports from...

VulCPE: Context-Aware Cybersecurity Vulnerability Retrieval and Management

The dynamic landscape of cybersecurity demands precise and scalable solutions for vulnerability management in heterogeneous systems, where configuration-specific vulnerabilities are often misidentified due to inconsistent data in databases like the National Vulnerability Database NVD. Inaccurate...

Security update for SUSE Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: Security issues fixed: CVE-2023-3978: Fixed security bug in x/net dependency bsc1213933 Other changes and issues fixed: Delete unpackaged debug files for RHEL Do not include source files in the package for RHEL 9...

Let’s use OpenTelemetry with Spring

Introduction In the dynamic realm of observability, OpenTelemetry is a new set of tools that emerged from the now-deprecated OpenCensus and OpenTracing projects. When it comes to Spring Framework, Spring Boot, Spring Data, and Spring Cloud observability, mature solutions like Micrometer, the de...

Security Problem in Web Browser Permission Mechanism

Overview A research team of Waseda University and NTT Social Informatics Laboratories conducted a systematic analysis of the permission mechanisms of 5 different Operating Systems both mobile and desktop OS and 22 major browsers running on each OS. The results show that they have multiple problem...

NIST Releases First Post-Quantum Encryption Algorithms

From the Federal Register: After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes:...

SQL Injection Vulnerability in Enterprise Standardization Management System of R&S Standardization Technical Services (Shanghai) Co.

R&S Standardization Technical Services Shanghai Co. A SQL injection vulnerability exists in the Enterprise Standardization Management System of R&S Standardization Technical Services Shanghai Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

Lattice-Based Cryptosystems and Quantum Cryptanalysis

Quantum computers are probably coming, though we dont know when--and when they arrive, they will, most likely, be able to break our standard public-key cryptography algorithms. In anticipation of this possibility, cryptographers have been working on quantum-resistant public-key algorithms. The...

CISA Requests Comment on Draft Secure Software Development Attestation Form

CISA has opened a 30-day Federal Register notice to receive public comment on the draft Secure Software Development Attestation Form. CISA developed this form in coordination with the Office of Management and Budget. With the Secure Software Development Attestation Form, federal departments and...

RFP Template for Browser Security

Increasing cyber threats and attacks have made protecting organizational data a paramount concern for businesses of all sizes. A group of experts have recognized the pressing need for comprehensive browser security solutions and collaborated to develop "The Definitive Browser Security RFP...

Standardizing SaaS Data to Drive Greater Cloud Security Efficacy

The way we do business has fundamentally changed, and as a result, so must security. Whether it’s legacy modernization initiatives, process improvements, or bridging the gap between physical and digital—most organizational strategies and initiatives involve embracing the cloud. However, investing...