I Can't Recognize (Yet): Delayed Rendering to Defeat Visual Phishing Detectors

Phishing webpages are continuously polluting the Web. Plenty of countermeasures have been proposed and the most advanced techniques leverage machine-learning methods that infer whether a webpage is benign or not by inspecting its visual representation. Yet, despite the demonstrated effectiveness ...

UNSEEN: A Cross-Stack LLM Unlearning Defense against AR-LLM Social Engineering Attacks

Emerging AR-LLM-based Social Engineering attack e.g., SEAR is at the edge of posing great threats to real-world social life. In such AR-LLM-SE attack, the attacker can leverage AR Augmented Reality glass to capture the image and vocal information of the target, using the LLM to identify the targe...

SmartGraphical: A Human-In-The-Loop Framework for Detecting Smart Contract Logical Vulnerabilities Via Pattern-Driven Static Analysis and Visual Abstraction

Smart contracts are fundamental components of blockchain ecosystems; however, their security remains a critical concern due to inherent vulnerabilities. While existing detection methodologies are predominantly syntax-oriented, targeting reentrancy and arithmetic errors, they often overlook logica...

Actionable Cybersecurity Notifications for Smart Homes: A User Study on the Role of Length and Complexity

The proliferation of smart home devices has increased convenience but also introduced cybersecurity risks for everyday users, as many devices lack robust security features. Intrusion Detection Systems are a prominent approach to detecting cybersecurity threats. However, their alerts often use...

Usability of Token-Based and Remote Electronic Signatures: a User Experience Study

As electronic signatures e-signatures become increasingly integral to secure digital transactions, understanding their usability and security perception from an end-user perspective has become crucial. This study empirically evaluates and compares two major e-signature systems -- token-based and...

"Explain, Don'T Just Warn!" -- a Real-Time Framework for Generating Phishing Warnings with Contextual Cues

Anti-phishing tools typically display generic warnings that offer users limited explanation on why a website is considered malicious, which can prevent end-users from developing the mental models needed to recognize phishing cues on their own. This becomes especially problematic when these tools...

Code Written with AI Assistants Is Less Secure

Interesting research: "Do Users Write More Insecure Code with AI Assistants?": Abstract: We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that...

Recovering Keyboard Inputs through Thermal Imaging

Researchers at the University of California, Irvine, are able to recover user passwords by way of thermal imaging. The tech is pretty straightforward, but it's interesting to think about the types of scenarios in which it might be pulled off. Abstract: As a warm-blooded mammalian species, we huma...