United States of Americaβs NASA Astronaut Jessica Meirβs Hanukkah Wishes from the International Space Station: Happy Hanukkah to all those who celebrate it on Earth! (Originally Published in 2019)
United States of Americaβs NASA Astronaut Jessica Meir
The post Infosecurity.US Wishes All A Happy Hanukkah! appeared first on Security Boulevard.
Are You Overlooking the Security of Non-Human Identities in Your Cybersecurity Framework? Where bustling with technological advancements, the security focus often zooms in on human authentication and protection, leaving the non-human counterpartsβNon-Human Identities (NHIs)βin the shadows. The integration of NHIs in data security strategies is not just an added layer of protection but a necessity. [β¦]
The post What makes Non-Human Identities crucial for data security appeared first on Entro.
The post What makes Non-Human Identities crucial for data security appeared first on Security Boulevard.
Why Are Non-Human Identities Essential for Secure Cloud Environments? Organizations face a unique but critical challenge: securing non-human identities (NHIs) and their secrets within cloud environments. But why are NHIs increasingly pivotal for cloud security strategies? Understanding Non-Human Identities and Their Role in Cloud Security To comprehend the significance of NHIs, we must first explore [β¦]
The post How do I implement Agentic AI in financial services appeared first on Entro.
The post How do I implement Agentic AI in financial services appeared first on Security Boulevard.
What Challenges Do Organizations Face When Managing NHIs? Organizations often face unique challenges when managing Non-Human Identities (NHIs). A critical aspect that enterprises must navigate is the delicate balance between security and innovation. NHIs, essentially machine identities, require meticulous attention when they bridge the gap between security teams and research and development (R&D) units. For [β¦]
The post What are the best practices for managing NHIs appeared first on Entro.
The post What are the best practices for managing NHIs appeared first on Security Boulevard.
What Role Do Non-Human Identities Play in Securing Our Digital Ecosystems? Where more organizations migrate to the cloud, the concept of securing Non-Human Identities (NHIs) is becoming increasingly crucial. NHIs, essentially machine identities, are pivotal in maintaining robust cybersecurity frameworks. They are a unique combination of encrypted passwords, tokens, or keys, which are akin to [β¦]
The post How can Agentic AI enhance our cybersecurity measures appeared first on Entro.
The post How can Agentic AI enhance our cybersecurity measures appeared first on Security Boulevard.
Session 5D: Side Channels 1
Authors, Creators & Presenters: Jonas Juffinger (Graz University of Technology), Fabian Rauscher (Graz University of Technology), Giuseppe La Manna (Amazon), Daniel Gruss (Graz University of Technology)
PAPER
Secret Spilling Drive: Leaking User Behavior through SSD Contention
Covert channels and side channels bypass architectural security boundaries. Numerous works have studied covert channels and side channels in software and hardware. Thus, research on covert-channel and side-channel mitigations relies on the discovery of leaky hardware and software components. In this paper, we perform the first study of timing channels inside modern commodity off-the-shelf SSDs. We systematically analyze the behavior of NVMe PCIe SSDs with concurrent workloads. We observe that exceeding the maximum I/O operations of the SSD leads to significant latency spikes. We narrow down the number of I/O operations required to still induce latency spikes on 12 different SSDs. Our results show that a victim process needs to read at least 8 to 128 blocks to be still detectable by an attacker. Based on these experiments, we show that an attacker can build a covert channel, where the sender encodes secret bits into read accesses to unrelated blocks, inaccessible to the receiver. We demonstrate that this covert channel works across different systems and different SSDs, even from processes running inside a virtual machine. Our unprivileged SSD covert channel achieves a true capacity of up to 1503 bit/s while it works across virtual machines (cross-VM) and is agnostic to operating system versions, as well as other hardware characteristics such as CPU or DRAM. Given the coarse granularity of the SSD timing channel, we evaluate it as a side channel in an open-world website fingerprinting attack over the top 100 websites. We achieve an F1 score of up to 97.0. This shows that the leakage goes beyond covert communication and can leak highly sensitive information from victim users. Finally, we discuss the root cause of the SSD timing channel and how it can be mitigated.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenterβs superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 β Secret Spilling Drive: Leaking User Behavior Through SSD Contention appeared first on Security Boulevard.
How can we describe the past year in cybersecurity? No doubt, AI was front and center in so many conversations, and now thereβs no going back. Hereβs why.
The post 2025: The Year Cybersecurity Crossed the AI Rubicon appeared first on Security Boulevard.
What is the LGPD (Brazil)? The Lei Geral de Proteção de Dados Pessoais (LGPD), or General Data Protection Law (Law No. 13.709/2018), is Brazilβs comprehensive data protection framework, inspired by the European Unionβs GDPR. It regulates the collection, use, storage, and sharing of personal data, applying to both public and private entities, regardless of industry, [β¦]
The post LGPD (Brazil) appeared first on Centraleyes.
The post LGPD (Brazil) appeared first on Security Boulevard.
Will the perception of security completely overturn with the exponential growth of AI in todayβs technology-driven world? As we approach 2026, attackers upgrading to AI cyberattacks is no longer a possibility but a known fact. Let us examine the emerging trends in AI-driven cyberattacks and see how businesses of all sizes can strengthen their defenses [β¦]
The post 2026 Will Be the Year of AI-based Cyberattacks β How Can Organizations Prepare? appeared first on Kratikal Blogs.
The post 2026 Will Be the Year of AI-based Cyberattacks β How Can Organizations Prepare? appeared first on Security Boulevard.
What Makes AI-Driven Security Solutions Crucial in Modern Cloud Environments? How can organizations navigate the complexities of cybersecurity to ensure robust protection, particularly when dealing with Non-Human Identities (NHIs) in cloud environments? The answer lies in leveraging AI-driven security solutions, offering remarkable freedom of choice and adaptability for cybersecurity professionals. Understanding Non-Human Identities: The Backbone [β¦]
The post Why are companies free to choose their own AI-driven security solutions? appeared first on Entro.
The post Why are companies free to choose their own AI-driven security solutions? appeared first on Security Boulevard.
How Are Non-Human Identities Transforming Cybersecurity Practices? Are you aware of the increasing importance of Non-Human Identities (NHIs)? Where organizations transition towards more automated and cloud-based environments, managing NHIs and secrets security becomes vital. These machine identities serve as the backbone for securing sensitive operations across industries like financial services, healthcare, and DevOps environments. Understanding [β¦]
The post Can Agentic AI provide solutions that make stakeholders feel assured? appeared first on Entro.
The post Can Agentic AI provide solutions that make stakeholders feel assured? appeared first on Security Boulevard.
How Can Organizations Enhance Their Cloud Security Through Non-Human Identities? Have you ever wondered about the unseen challenges within your cybersecurity framework? Managing Non-Human Identities (NHIs) and their associated secrets has emerged as a vital component in establishing a robust security posture. For organizations operating in the cloud, neglecting to secure machine identities can result [β¦]
The post How are secrets scanning technologies getting better? appeared first on Entro.
The post How are secrets scanning technologies getting better? appeared first on Security Boulevard.
What Are Non-Human Identities and Why Are They Essential for Cybersecurity? Have you ever pondered the complexity of cybersecurity beyond human interactions? Non-Human Identities (NHIs) are becoming a cornerstone in securing digital environments. With the guardians of machine identities, NHIs are pivotal in addressing the security gaps prevalent between research and development teams and security [β¦]
The post How does NHI support the implementation of least privilege? appeared first on Entro.
The post How does NHI support the implementation of least privilege? appeared first on Security Boulevard.
One thing is certain: every year, the cybersecurity threat environment will evolve. AI tools, advances in computing, the growth of high-powered data centers that can be weaponized, compromised IoT networks, and all of the traditional vectors grow and change. As such, the tools and frameworks we use to resist these attacks will also need to [β¦]
The post What New Changes Are Coming to FedRAMP in 2026? appeared first on Security Boulevard.
Session 5D: Side Channels 1
Authors, Creators & Presenters: Fabian Rauscher (Graz University of Technology), Carina Fiedler (Graz University of Technology), Andreas Kogler (Graz University of Technology), Daniel Gruss (Graz University of Technology)
PAPER
A Systematic Evaluation Of Novel And Existing Cache Side Channels
CPU caches are among the most widely studied side-channel targets, with Prime+Probe and Flush+Reload being the most prominent techniques. These generic cache attack techniques can leak cryptographic keys, user input, and are a building block of many microarchitectural attacks. In this paper, we present the first systematic evaluation using 9 characteristics of the 4 most relevant cache attacks, Flush+Reload, Flush+Flush, Evict+Reload, and Prime+Probe, as well as three new attacks that we introduce: Demote+Reload, Demote+Demote, and DemoteContention. We evaluate hit-miss margins, temporal precision, spatial precision, topological scope, attack time, blind spot length, channel capacity, noise resilience, and detectability on recent Intel microarchitectures. Demote+Reload and Demote+Demote perform similar to previous attacks and slightly better in some cases, e.g., Demote+Reload has a 60.7 % smaller blind spot than Flush+Reload. With 15.48 Mbit/s, Demote+Reload has a 64.3 % higher channel capacity than Flush+Reload. We also compare all attacks in an AES T-table attack and compare Demote+Reload and Flush+Reload in an inter-keystroke timing attack. Beyond the scope of the prior attack techniques, we demonstrate a KASLR break with Demote+Demote and the amplification of power side-channel leakage with Demote+Reload. Finally, Sapphire Rapids and Emerald Rapids CPUs use a non-inclusive L3 cache, effectively limiting eviction-based cross-core attacks, e.g., Prime+Probe and Evict+Reload, to rare cases where the victim's activity reaches the L3 cache. Hence, we show that in a cross-core attack, DemoteContention can be used as a reliable alternative to Prime+Probe and Evict+Reload that does not require reverse-engineering of addressing functions and cache replacement policy.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenterβs superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 β A Systematic Evaluation Of Novel And Existing Cache Side Channels appeared first on Security Boulevard.
How Critical is Managing Non-Human Identities for Cloud Security? Are you familiar with the virtual tourists navigating your digital right now? These tourists, known as Non-Human Identities (NHIs), are machine identities pivotal in computer security, especially within cloud environments. These NHIs are akin to digital travelers carrying passports and visasβwhere the passport represents an encrypted [β¦]
The post How do secrets rotations drive innovations in security? appeared first on Entro.
The post How do secrets rotations drive innovations in security? appeared first on Security Boulevard.
Are Non-Human Identities Key to an Optimal Cybersecurity Budget? Have you ever pondered over the hidden costs of cybersecurity that might be draining your resources without your knowledge? Non-Human Identities (NHIs) and Secrets Security Management are essential components of a cost-effective cybersecurity strategy, especially when organizations increasingly operate in cloud environments. Understanding Non-Human Identities (NHIs) [β¦]
The post How can effective NHIs fit your cybersecurity budget? appeared first on Entro.
The post How can effective NHIs fit your cybersecurity budget? appeared first on Security Boulevard.
Are Non-Human Identities the Key to Strengthening Agentic AI Security? Where increasingly dominated by Agentic AI, organizations are pivoting toward more advanced security paradigms to protect their digital. Non-Human Identities (NHI) and Secrets Security Management have emerged with pivotal elements to fortify this quest for heightened cybersecurity. But why should this trend be generating excitement [β¦]
The post What aspects of Agentic AI security should get you excited? appeared first on Entro.
The post What aspects of Agentic AI security should get you excited? appeared first on Security Boulevard.
How Can Organizations Safeguard Non-Human Identities in the Cloud? Are your organizationβs machine identities as secure as they should be? With digital evolves, the protection of Non-Human Identities (NHIs) becomes crucial for maintaining robust cybersecurity postures. NHIs represent machine identities like encrypted passwords, tokens, and keys, which are pivotal in ensuring effective cloud security control. [β¦]
The post What are the best practices for ensuring NHIs are protected? appeared first on Entro.
The post What are the best practices for ensuring NHIs are protected? appeared first on Security Boulevard.
Turn XDR volume into revenue. Morpheus investigates 100% of alerts and triages 95% in under 2 minutes, letting MSSPs scale without adding headcount.
The post The Autonomous MSSP: How to Turn XDR Volume into a Competitive Advantage appeared first on D3 Security.
The post The Autonomous MSSP: How to Turn XDR Volume into a Competitive Advantage appeared first on Security Boulevard.
I have no context for this videoβitβs from Redditβbut one of the commenters adds some context:
Hey everyone, squid biologist here! Wanted to add some stuff you might find interesting.
With so many people carrying around cameras, weβre getting more videos of giant squid at the surface than in previous decades. Weβre also starting to notice a pattern, that around this time of year (peaking in January) we see a bunch of giant squid around Japan. We donβt know why this is happening. Maybe they gather around there to mate or something? who knows! but since so many people have cameras, those one-off monster-story encounters are now caught on video, like this one (which, btw, rips. This squid looks so healthy, itβs awesome)...
The post Friday Squid Blogging: Giant Squid Eating a Diamondback Squid appeared first on Security Boulevard.
Session 5D: Side Channels 1
Authors, Creators & Presenters: Lukas Maar (Graz University of Technology), Jonas Juffinger (Graz University of Technology), Thomas Steinbauer (Graz University of Technology), Daniel Gruss (Graz University of Technology), Stefan Mangard (Graz University of Technology)
PAPER
KernelSnitch: Side Channel-Attacks On Kernel Data Structures
The sharing of hardware elements, such as caches, is known to introduce microarchitectural side-channel leakage. One approach to eliminate this leakage is to not share hardware elements across security domains. However, even under the assumption of leakage-free hardware, it is unclear whether other critical system components, like the operating system, introduce software-caused side-channel leakage. In this paper, we present a novel generic software side-channel attack, KernelSnitch, targeting kernel data structures such as hash tables and trees. These structures are commonly used to store both kernel and user information, e.g., metadata for userspace locks. KernelSnitch exploits that these data structures are variable in size, ranging from an empty state to a theoretically arbitrary amount of elements. Accessing these structures requires a variable amount of time depending on the number of elements, i.e., the occupancy level. This variance constitutes a timing side channel, observable from user space by an unprivileged, isolated attacker. While the timing differences are very low compared to the syscall runtime, we demonstrate and evaluate methods to amplify these timing differences reliably. In three case studies, we show that KernelSnitch allows unprivileged and isolated attackers to leak sensitive information from the kernel and activities in other processes. First, we demonstrate covert channels with transmission rates up to 580 kbit/s. Second, we perform a kernel heap pointer leak in less than 65 s by exploiting the specific indexing that Linux is using in hash tables. Third, we demonstrate a website fingerprinting attack, achieving an F1 score of more than 89 %, showing that activity in other user programs can be observed using KernelSnitch. Finally, we discuss mitigations for our hardware-agnostic attacks.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenterβs superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 β KernelSnitch: Side Channel-Attacks On Kernel Data Structures appeared first on Security Boulevard.
Regulators made their move in 2025.
Disclosure deadlines arrived. AI rules took shape. Liability rose up the chain of command. But for security teams on the ground, the distance between policy and practice only grew wider.
Part two of a β¦ (moreβ¦)
The post LW ROUNDTABLE Part 2: Mandates surge, guardrails lag β intel from the messy middle first appeared on The Last Watchdog.
The post LW ROUNDTABLE Part 2: Mandates surge, guardrails lag β intel from the messy middle appeared first on Security Boulevard.
MCP is transforming AI agent connectivity, but authentication is the critical gap. Learn about Shadow IT risks, enterprise requirements, and solutions.
The post What Tech Leaders Need to Know About MCP Authentication in 2025 appeared first on Security Boulevard.
In a nod to the evolving threat landscape that comes with cloud computing and AI and the growing supply chain threats, Microsoft is broadening its bug bounty program to reward researchers who uncover threats to its users that come from third-party code, like commercial and open source software,
The post Microsoft Expands its Bug Bounty Program to Include Third-Party Code appeared first on Security Boulevard.
Israeli cybersecurity firms raised $4.4B in 2025 as funding rounds jumped 46%. Record seed and Series A activity signals a maturing, globally dominant cyber ecosystem.
The post Funding of Israeli Cybersecurity Soars to Record LevelsΒ appeared first on Security Boulevard.
OpenAI warns that frontier AI models could escalate cyber threats, including zero-day exploits. Defense-in-depth, monitoring, and AI security by design are now essential.
The post As Capabilities Advance Quickly OpenAI Warns of High Cybersecurity Risk of Future AI ModelsΒ Β appeared first on Security Boulevard.
CVE-2025-55183, CVE-2025-55184, and CVE-2025-67779 require immediate attention
The post Three New React Vulnerabilities Surface on the Heels of React2Shell appeared first on Security Boulevard.
The NCSC warns prompt injection is fundamentally different from SQL injection. Organizations must shift from prevention to impact reduction and defense-in-depth for LLM security.
The post Prompt Injection Canβt Be Fully Mitigated, NCSC Says Reduce Impact InsteadΒ appeared first on Security Boulevard.
To transform cyber risk into economic advantage,Β leaders must treat cyber as a board-level business riskΒ andΒ rehearse cross-border incidents with partnersΒ toΒ build trust.Β
The post Cyber Risk is Business Risk: Embedding Resilience into Corporate StrategyΒ appeared first on Security Boulevard.
As they work to fend off the rapidly expanding number of attempts by threat actors to exploit the dangerous React2Shell vulnerability, security teams are learning of two new flaws in React Server Components that could lead to denial-of-service attacks or the exposure of source code.
The post React Fixes Two New RSC Flaws as Security Teams Deal with React2Shell appeared first on Security Boulevard.
The promise of personal AI assistants rests on a dangerous assumption: that we can trust systems we havenβt made trustworthy. We canβt. And todayβs versions are failing us in predictable ways: pushing us to do things against our own best interests, gaslighting us with doubt about things we are or that we know, and being unable to distinguish between who we are and who we have been. They struggle with incomplete, inaccurate, and partial context: with no standard way to move toward accuracy, no mechanism to correct sources of error, and no accountability when wrong information leads to bad decisions...
The post Building Trustworthy AI Agents appeared first on Security Boulevard.
For years, compliance has been one of the most resource-intensive responsibilities for cybersecurity teams. Despite growing investments in tools, the day-to-day reality of compliance is still dominated by manual, duplicative tasks. Teams chase down screenshots, review spreadsheets, and cross-check logs, often spending weeks gathering information before an assessment or audit.
The post 3 Compliance Processes to Automate in 2026 appeared first on Security Boulevard.
Understand what PII is, why email puts it at risk, and how your business can strengthen security to better protect sensitive information.
The post PII in email: Explanation, risks, & protection appeared first on Security Boulevard.
Discover how AI strengthens cybersecurity by detecting anomalies, stopping zero-day and fileless attacks, and enhancing human analysts through automation.
The post AI Threat Detection: How Machines Spot What Humans Miss appeared first on Security Boulevard.
Security incidents donβt fail because of a lack of tools; they fail because of a lack of insight. In an environment where every minute of downtime equals revenue loss, customer impact, and regulatory risk, root cause analysis has become a decisive factor in how effectively organizations execute incident response and stabilize operations. The difference between [β¦]
The post How Root Cause Analysis Improves Incident Response and Reduces Downtime? appeared first on Kratikal Blogs.
The post How Root Cause Analysis Improves Incident Response and Reduces Downtime? appeared first on Security Boulevard.
As the clock ticks down to the full enforcement of Hong Kongβs Protection of Critical Infrastructures (Computer Systems) Ordinance on January 1, 2026, designated operators of Critical Infrastructures (CI) and Critical Computer Systems (CCS) must act decisively. This landmark law mandates robust cybersecurity measures for Critical Computer Systems (CCS) to prevent disruptions, with non-compliance risking [β¦]
The post Hong Kongβs New Critical Infrastructure Ordinance will be effective by 1 January 2026 β What CIOs Need to Know appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..
The post Hong Kongβs New Critical Infrastructure Ordinance will be effective by 1 January 2026 β What CIOs Need to Know appeared first on Security Boulevard.
Discover the latest changes in online account management, focusing on Enterprise SSO, CIAM, and enhanced security. Learn how these updates streamline login processes and improve user experience.
The post Learn about changes to your online account management appeared first on Security Boulevard.
Explore behavioral analysis techniques for securing AI models against post-quantum threats. Learn how to identify anomalies and protect your AI infrastructure with quantum-resistant cryptography.
The post Behavioral Analysis of AI Models Under Post-Quantum Threat Scenarios. appeared first on Security Boulevard.
Explore if facial recognition meets the criteria to be classified as a passkey. Understand the security, usability, and standards implications for passwordless authentication.
The post Is Facial Recognition Classified as a Passkey? appeared first on Security Boulevard.
CARY, N.C., Dec. 11, 2025, CyberNewswire β With 90% of organizations facing critical skills gaps (ISC2) and AI reshaping job roles across cybersecurity, cloud, and IT operations, enterprises are rapidly reallocating L&D budgets toward hands-on training that delivers measurable, real-world β¦ (moreβ¦)
The post News alert: INE sees surge in Q4 budget shifts as enterprises embrace hands-on training for AI roles first appeared on The Last Watchdog.
The post News alert: INE sees surge in Q4 budget shifts as enterprises embrace hands-on training for AI roles appeared first on Security Boulevard.
How Does NHIDR Influence Your Cybersecurity Strategy? What role do Non-Human Identity and Secrets Security Management (NHIDR) play in safeguarding your organizationβs digital assets? The management of NHIsβmachine identities created through encrypted passwords, tokens, and keysβhas become pivotal. For organizations operating in the cloud, leveraging NHIDR can significantly enhance security frameworks by addressing the often-overlooked [β¦]
The post How does staying ahead with NHIDR impact your business? appeared first on Entro.
The post How does staying ahead with NHIDR impact your business? appeared first on Security Boulevard.
Are You Managing Non-Human Identities Effectively in Your Cloud Environment? One question that often lingers in professionals is whether their current strategies for managing Non-Human Identities (NHIs) provide adequate security. These NHIs are crucial machine identities that consist of secretsβencrypted passwords, tokens, or keysβand the permissions granted to them by destination servers. When organizations increasingly [β¦]
The post How can cloud compliance make you feel relieved? appeared first on Entro.
The post How can cloud compliance make you feel relieved? appeared first on Security Boulevard.
How Secure Are Your Non-Human Identities? Are your cybersecurity needs truly satisfied by your current approach to Non-Human Identities (NHIs) and Secrets Security Management? With more organizations migrate to cloud platforms, the challenge of securing machine identities is more significant than ever. NHIs, or machine identities, are pivotal in safeguarding sensitive data and ensuring seamless [β¦]
The post Are your cybersecurity needs satisfied with current NHIs? appeared first on Entro.
The post Are your cybersecurity needs satisfied with current NHIs? appeared first on Security Boulevard.
How Can Organizations Securely Manage Non-Human Identities in Cloud Environments? Have you ever wondered how the rapid growth in machine identities impacts data security across various industries? With technology continues to advance, the proliferation of Non-Human Identities (NHIs) challenges even the most seasoned IT professionals. These machine identities have become an integral part of our [β¦]
The post Can secrets vaulting bring calm to your data security panic? appeared first on Entro.
The post Can secrets vaulting bring calm to your data security panic? appeared first on Security Boulevard.
Continuously improve your SOC through the analysis of security metrics.Β Introduction Metrics are quantifiable measures and assessment results. They empower organizations to describe and measure controls and processes, and make rational decisions driven by data for improved performance. They provide knowledge regarding how well an organization is performing and can help uncover insufficient performance [...]
The post Utilizing Metrics for a Healthy SOC appeared first on Hurricane Labs.
The post Utilizing Metrics for a Healthy SOC appeared first on Security Boulevard.
Session 5C: Federated Learning 1
Authors, Creators & Presenters: Duanyi Yao (Hong Kong University of Science and Technology), Songze Li (Southeast University), Xueluan Gong (Wuhan University), Sizai Hou (Hong Kong University of Science and Technology), Gaoning Pan (Hangzhou Dianzi University)
PAPER
URVFL: Undetectable Data Reconstruction Attack on Vertical Federated Learning
Vertical Federated Learning (VFL) is a collaborative learning paradigm designed for scenarios where multiple clients share disjoint features of the same set of data samples. Albeit a wide range of applications, VFL is faced with privacy leakage from data reconstruction attacks. These attacks generally fall into two categories: honest-but-curious (HBC), where adversaries steal data while adhering to the protocol; and malicious attacks, where adversaries breach the training protocol for significant data leakage. While most research has focused on HBC scenarios, the exploration of malicious attacks remains limited. Launching effective malicious attacks in VFL presents unique challenges: 1) Firstly, given the distributed nature of clients' data features and models, each client rigorously guards its privacy and prohibits direct querying, complicating any attempts to steal data; 2) Existing malicious attacks alter the underlying VFL training task, and are hence easily detected by comparing the received gradients with the ones received in honest training. To overcome these challenges, we develop URVFL, a novel attack strategy that evades current detection mechanisms. The key idea is to integrate a discriminator with auxiliary classifier that takes a full advantage of the label information and generates malicious gradients to the victim clients: on one hand, label information helps to better characterize embeddings of samples from distinct classes, yielding an improved reconstruction performance; on the other hand, computing malicious gradients with label information better mimics the honest training, making the malicious gradients indistinguishable from the honest ones, and the attack much more stealthy. Our comprehensive experiments demonstrate that URVFL significantly outperforms existing attacks, and successfully circumvents SOTA detection methods for malicious attacks. Additional ablation studies and evaluations on defenses further underscore the robustness and effectiveness of URVFL
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenterβs superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 β URVFL: Undetectable Data Reconstruction Attack On Vertical Federated Learning appeared first on Security Boulevard.
The convergence of physical and digital security is driving a shift toward software-driven, open-architecture edge computing. Access control has typically been treated as a physical domain problem β managing who can open which doors, using specialized systems largely isolated from broader enterprise IT. However, the boundary between physical and digital security is increasingly blurring. With..
The post Rethinking Security as Access Control Moves to the Edge appeared first on Security Boulevard.
OT oversight is an expensive industrial paradox. Itβs hard to believe that an area can be simultaneously underappreciated, underfunded, and under increasing attack. And yet, with ransomware hackers knowing that downtime equals disaster and companies not monitoring in kind, this is an open and glaring hole across many ecosystems. Even a glance at the numbers..
The post Hacks Up, Budgets Down: OT Oversight Must Be An IT Priority appeared first on Security Boulevard.
Login