Security Boulevard

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Funny Numbers’ appeared first on Security Boulevard.

Visualize web and API coverage, validate attack paths, and confirm every executed action with screenshots and logs in Escape

The post How to Visualize Web & API Coverage with Screenshots and Validate Attack Paths in Escape appeared first on Security Boulevard.

Nicholas Moore, a 24-year-old Tennessee man, pleaded guilty to using stolen credentials of authorized users to hack into computer systems of the Supreme Court, VA, and AmeriCorps, obtaining sensitive information and then posting it online to his Instagram account.

The post Hacker Pleads Guilty to Access Supreme Court, AmeriCorps, VA Systems appeared first on Security Boulevard.

Session 9B: DNN Attack Surfaces

Authors, Creators & Presenters: Yanzuo Chen (The Hong Kong University of Science and Technology), Yuanyuan Yuan (The Hong Kong University of Science and Technology), Zhibo Liu (The Hong Kong University of Science and Technology), Sihang Hu (Huawei Technologies), Tianxiang Li (Huawei Technologies), Shuai Wang (The Hong Kong University of Science and Technology)

PAPER
BitShield: Defending Against Bit-Flip Attacks on DNN Executables

Recent research has demonstrated the severity and prevalence of bit-flip attacks (BFAs; e.g., with Rowhammer techniques) on deep neural networks (DNNs). BFAs can manipulate DNN prediction and completely deplete DNN intelligence, and can be launched against both DNNs running on deep learning (DL) frameworks like PyTorch, as well as those compiled into standalone executables by DL compilers. While BFA defenses have been proposed for models on DL frameworks, we find them incapable of protecting DNN executables due to the new attack vectors on these executables. This paper proposes the first defense against BFA for DNN executables. We first present a motivating study to demonstrate the fragility and unique attack surfaces of DNN executables. Specifically, attackers can flip bits in the section to alter the computation logic of DNN executables and consequently manipulate DNN predictions; previous defenses guarding model weights can also be easily evaded when implemented in DNN executables. Subsequently, we propose BitShield, a full-fledged defense that detects BFAs targeting both data and sections in DNN executables. We novelly model BFA on DNN executables as a process to corrupt their semantics, and base BitShield on semantic integrity checks. Moreover, by deliberately fusing code checksum routines into a DNN's semantics, we make BitShield highly resilient against BFAs targeting itself. BitShield is integrated in a popular DL compiler (Amazon TVM) and is compatible with all existing compilation and optimization passes. Unlike prior defenses, BitShield is designed to protect more vulnerable full-precision DNNs and does not assume specific attack methods, exhibiting high generality. BitShield also proactively detects ongoing BFA attempts instead of passively hardening DNNs. Evaluations show that BitShield provides strong protection against BFAs (average mitigation rate 97.51%) with low performance overhead (2.47% on average) even when faced with fully white-box, powerful attackers.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – BitShield: Defending Against Bit-Flip Attacks On DNN Executables appeared first on Security Boulevard.

As businesses continue their digital transformation journeys, they are exposed to an ever-expanding attack surface. With the proliferation of cloud environments, remote work, and the increasing use of IoT devices, the complexity of cybersecurity threats has intensified. In this fast-evolving landscape, traditional security tools—based on signatures and static rule-based methods—are no longer sufficient. Organizations need

The post Real-time Threat Intelligence: Empowering Proactive Cybersecurity with Seceon appeared first on Seceon Inc.

The post Real-time Threat Intelligence: Empowering Proactive Cybersecurity with Seceon appeared first on Security Boulevard.

Every startup ecosystem has two founder types investors will not back. Both show up all the time. Both believe they will win. Neither will. They...Read More

The post Why Most Startup Founders Fail and How ISHIR Texas Venture Studio Helps the Right Ones Win appeared first on ISHIR | Custom AI Software Development Dallas Fort-Worth Texas.

The post Why Most Startup Founders Fail and How ISHIR Texas Venture Studio Helps the Right Ones Win appeared first on Security Boulevard.

Discover how AI-driven email automation will reshape customer journeys in 2026 with personalized campaigns, smarter timing, scalability, and better engagement.

The post 4 Ways Email Automation Will Reshape Customer Journeys in 2026 appeared first on Security Boulevard.

Learn the benefits, risks, and smart next steps of outsourcing IT support to improve efficiency, reduce costs, and scale securely.

The post Outsourcing IT Support: Benefits, Risks, and Smart Next Steps appeared first on Security Boulevard.

In this episode, we explore Amazon Ring’s newly introduced Familiar Faces feature that utilizes AI for facial recognition. We discuss the convenience of identifying familiar people at your doorstep, the privacy concerns it raises, and the legal implications surrounding biometric data. Learn about how this feature works, potential inaccuracies, and privacy laws in certain U.S. […]

The post Ring’s Facial Recognition Feature: Convenience or Privacy Nightmare? appeared first on Shared Security Podcast.

The post Ring’s Facial Recognition Feature: Convenience or Privacy Nightmare? appeared first on Security Boulevard.

Two similar terms — completely different outcomes Security teams often hear “entity resolution” and “identity verification” used as if they mean the same thing. They don’t — and that confusion can lead teams to invest in tools that solve the wrong problem. A simple way to separate them: Verification is a checkpoint.Entity resolution is a …

The post Entity Resolution vs. Identity Verification: What Security Teams Actually Need appeared first on Security Boulevard.

Learn how to design secure OAuth scopes and consent flows for enterprise applications. A complete guide for CTOs on API authorization and CIAM.

The post OAuth Scopes & Consent: Complete Guide to Secure API Authorization appeared first on Security Boulevard.

Learn how to setup an OAuth2 Identity Provider for enterprise SSO. Detailed guide on implementation, security, and CIAM best practices for engineering leaders.

The post OAuth2 Identity Provider Setup: Complete Implementation Guide appeared first on Security Boulevard.

Learn how to integrate Quantum-Safe HSMs with Model Context Protocol (MCP) to secure AI infrastructure against Shor's algorithm and context injection.

The post Hardware Security Module Integration for Quantum-Safe Model Contexts appeared first on Security Boulevard.

Learn the essentials of CIAM for modern software development. Explore passwordless authentication, mfa, and how to scale user management securely.

The post Understanding CIAM: Essential Information You Need to Know appeared first on Security Boulevard.

ICE protests surveillance yet uses tech to track citizens' devices, possibly violating privacy laws and the Fourth Amendment, revealed through ICE's data tools.

The post Who’s Stalking Whom? ICE Uses Social Media and Phone Surveillance System to Track Protesters appeared first on Security Boulevard.

Session 9B: DNN Attack Surfaces

Authors, Creators & Presenters: Yanzuo Chen (The Hong Kong University of Science and Technology), Zhibo Liu (The Hong Kong University of Science and Technology), Yuanyuan Yuan (The Hong Kong University of Science and Technology), Sihang Hu (Huawei Technologies), Tianxiang Li (Huawei Technologies), Shuai Wang (The Hong Kong University of Science and Technology)

PAPER
Compiled Models, Built-In Exploits: Uncovering Pervasive Bit-Flip Attack Surfaces in DNN Executables

Recent research has shown that bit-flip attacks (BFAs) can manipulate deep neural networks (DNNs) via DRAM Rowhammer exploitations. For high-level DNN models running on deep learning (DL) frameworks like PyTorch, extensive BFAs have been conducted to flip bits in model weights and shown effective. Defenses have also been proposed to guard model weights. Nevertheless, DNNs are increasingly compiled into DNN executables by DL compilers to leverage hardware primitives. These executables manifest new and distinct computation paradigms; we find existing research failing to accurately capture and expose the attack surface of BFAs on DNN executables. To this end, we launch the first systematic study of BFAs on DNN executables and reveal new attack surfaces neglected or underestimated in previous work. Specifically, prior BFAs in DL frameworks are limited to attacking model weights and assume a strong whitebox attacker with full knowledge of victim model weights, which is unrealistic as weights are often confidential. In contrast, we find that BFAs on DNN executables can achieve high effectiveness by exploiting the model structure (usually stored in the executable code), which only requires knowing the (often public) model structure. Importantly, such structure-based BFAs are pervasive, transferable, and more severe (e.g., single-bit flips lead to successful attacks) in DNN executables; they also slip past existing defenses. To realistically demonstrate the new attack surfaces, we assume a weak and more realistic attacker with no knowledge of victim model weights. We design an automated tool to identify vulnerable bits in victim executables with high confidence (70% compared to the baseline 2%). Launching this tool on DDR4 DRAM, we show that only 1.4 flips on average are needed to fully downgrade the accuracy of victim executables, including quantized models which could require 23× more flips previously, to random guesses. We comprehensively evaluate 16 DNN executables, covering three large-scale DNN models trained on three commonly-used datasets compiled by the two most popular DL compilers. Our finding calls for incorporating security mechanisms in future DNN compilation toolchains.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – Compiled Models, Built-In Exploits appeared first on Security Boulevard.

As Hollywood imagines our future, are brain and human microchip implants nearing a “ChatGPT moment” in 2026? Medical progress collides with privacy fears and state bans.

The post Will 2026 See a ‘ChatGPT Moment’ for Microchip Implants? appeared first on Security Boulevard.

What is ISO 9001? ISO 9001 is recognized globally as the standard for Quality Management Systems (QMS). Its full name is ISO 9001:2015, indicating the most recent revision published in 2015 by the International Organization for Standardization (ISO). This framework is relevant to any organization, regardless of its size, industry, or the products and services […]

The post ISO 9001: appeared first on Centraleyes.

The post ISO 9001: appeared first on Security Boulevard.

What Are Non-Human Identities and Secrets Security Management? How does one navigate the intricate web of cybersecurity if non-human identities are participating in networks as much as humans? The proliferation of these machine identities, known as Non-Human Identities (NHIs), has added layers of complexity to cybersecurity management, especially in cloud environments where the stakes are […]

The post How smart are AI systems in managing cloud compliance appeared first on Entro.

The post How smart are AI systems in managing cloud compliance appeared first on Security Boulevard.

The Role of AI in Enhancing Dynamic Secrets Management Have you ever wondered how artificial intelligence is transforming cybersecurity, particularly in the management of Non-Human Identities (NHI) and secrets security? The role of AI in fortifying security frameworks cannot be underestimated. As a tool, AI is paving the way for more dynamic and efficient secrets […]

The post How does AI support dynamic secrets management appeared first on Entro.

The post How does AI support dynamic secrets management appeared first on Security Boulevard.